Rapid7 Vulnerability & Exploit Database

Oracle Linux: CVE-2022-46343: ELSA-2023-2257: tigervnc security and bug fix update (MODERATE) (Multiple Advisories)

Free InsightVM Trial No Credit Card Necessary

2024 Attack Intel Report Latest research by Rapid7 Labs

Back to Search

Oracle Linux: CVE-2022-46343: ELSA-2023-2257: tigervnc security and bug fix update (MODERATE) (Multiple Advisories)

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:C/A:C)

Published

12/14/2022

Created

01/13/2023

Added

01/10/2023

Modified

07/22/2024

Description

A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. A vulnerability was found in X.Org. This issue occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This flaw can lead to local privileges elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.

Solution(s)

oracle-linux-upgrade-avahi-compat-howl
oracle-linux-upgrade-qemu-block-gluster
oracle-linux-upgrade-tigervnc
oracle-linux-upgrade-tigervnc-icons
oracle-linux-upgrade-tigervnc-license
oracle-linux-upgrade-tigervnc-selinux
oracle-linux-upgrade-tigervnc-server
oracle-linux-upgrade-tigervnc-server-applet
oracle-linux-upgrade-tigervnc-server-minimal
oracle-linux-upgrade-tigervnc-server-module
oracle-linux-upgrade-xorg-x11-server-common
oracle-linux-upgrade-xorg-x11-server-devel
oracle-linux-upgrade-xorg-x11-server-source
oracle-linux-upgrade-xorg-x11-server-xdmx
oracle-linux-upgrade-xorg-x11-server-xephyr
oracle-linux-upgrade-xorg-x11-server-xnest
oracle-linux-upgrade-xorg-x11-server-xorg
oracle-linux-upgrade-xorg-x11-server-xvfb
oracle-linux-upgrade-xorg-x11-server-xwayland

References

https://attackerkb.com/topics/cve-2022-46343
CVE - 2022-46343
ELSA-2023-2257
ELSA-2023-2248
ELSA-2023-2249
ELSA-2023-2830
ELSA-2023-2805
ELSA-2023-0045
ELSA-2023-0046
ELSA-2023-2806

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Oracle Linux: CVE-2022-46343: ELSA-2023-2257: tigervnc security and bug fix update (MODERATE) (Multiple Advisories)

Oracle Linux: CVE-2022-46343: ELSA-2023-2257: tigervnc security and bug fix update (MODERATE) (Multiple Advisories)

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.