CVE-2022-4734
published 2022-12-27CVE-2022-4734: Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository usememos/memos prior to 0.9.1.
PriorityP418medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.77%
51.1th percentile
Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository usememos/memos prior to 0.9.1.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | usememos_memos | >= 0 < 0.9.1 | 0.9.1 |
| linux | linux_kernel | >= 5.16.0 < 6.0.16 | 6.0.16 |
| linux | linux_kernel | >= 6.1.0 < 6.1.2 | 6.1.2 |
| usememos | memos | < 0.9.1 | 0.9.1 |
| usememos | usememos_memos | >= unspecified < 0.9.1 | 0.9.1 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
vendor_redhat3.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
bpf: Prevent decl_tag from being referenced in func_proto arg
osv·2025-12-30
CVE-2022-50883 bpf: Prevent decl_tag from being referenced in func_proto arg
bpf: Prevent decl_tag from being referenced in func_proto arg
In the Linux kernel, the following vulnerability has been resolved:
bpf: Prevent decl_tag from being referenced in func_proto arg
Syzkaller managed to hit another decl_tag issue:
btf_func_proto_check kernel/bpf/btf.c:4506 [inline]
btf_check_all_types kernel/bpf/btf.c:4734 [inline]
btf_parse_type_sec+0x1175/0x1980 kernel/bpf/btf.c:4763
btf_parse kernel/bpf/btf.c:5042 [inline]
btf_new_fd+0x65a/0xb00 kernel/bpf/btf.c:6709
bpf_btf_load+0x6f/0x90 kernel/bpf/syscall.c:4342
__sys_bpf+0x50a/0x6c0 kernel/bpf/syscall.c:5034
__do_sys_bpf kernel/bpf/syscall.c:5093 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5091 [inline]
__x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5091
do_syscall_64+0x54/0x70 arch/x86/entry/common.c:48
This seems simil
OSV
usememos/memos may leak user information to an authenticated user in github.com/usememos/memos
osv·2024-08-21
CVE-2022-4734 usememos/memos may leak user information to an authenticated user in github.com/usememos/memos
usememos/memos may leak user information to an authenticated user in github.com/usememos/memos
usememos/memos may leak user information to an authenticated user in github.com/usememos/memos
GHSA
usememos/memos may leak user information to an authenticated user
ghsa·2022-12-27
CVE-2022-4734 [MEDIUM] CWE-200 usememos/memos may leak user information to an authenticated user
usememos/memos may leak user information to an authenticated user
usememos/memos 0.9.0 and prior has endpoint that leaks user information like names, email, role, and OpenID to an authenticated user. A patch is available at commit 05b41804e33a34102f1f75bb2d69195dda6a1210 on the `main` branch.
OSV
usememos/memos may leak user information to an authenticated user
osv·2022-12-27
CVE-2022-4734 [MEDIUM] usememos/memos may leak user information to an authenticated user
usememos/memos may leak user information to an authenticated user
usememos/memos 0.9.0 and prior has endpoint that leaks user information like names, email, role, and OpenID to an authenticated user. A patch is available at commit 05b41804e33a34102f1f75bb2d69195dda6a1210 on the `main` branch.
Red Hat
kernel: bpf: Prevent decl_tag from being referenced in func_proto arg
vendor_redhat·2025-12-30·CVSS 3.3
CVE-2022-50883 [LOW] CWE-1287 kernel: bpf: Prevent decl_tag from being referenced in func_proto arg
kernel: bpf: Prevent decl_tag from being referenced in func_proto arg
In the Linux kernel, the following vulnerability has been resolved:
bpf: Prevent decl_tag from being referenced in func_proto arg
Syzkaller managed to hit another decl_tag issue:
btf_func_proto_check kernel/bpf/btf.c:4506 [inline]
btf_check_all_types kernel/bpf/btf.c:4734 [inline]
btf_parse_type_sec+0x1175/0x1980 kernel/bpf/btf.c:4763
btf_parse kernel/bpf/btf.c:5042 [inline]
btf_new_fd+0x65a/0xb00 kernel/bpf/btf.c:6709
bpf_btf_load+0x6f/0x90 kernel/bpf/syscall.c:4342
__sys_bpf+0x50a/0x6c0 kernel/bpf/syscall.c:5034
__do_sys_bpf kernel/bpf/syscall.c:5093 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5091 [inline]
__x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5091
do_syscall_64+0x54/0x70 arch/x86/entry/common.c:48
This seems s
No detection rules found.
No public exploits indexed.
2022-12-27
Published