Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-34439: DSA-2022-245: Dell EMC PowerScale OneFS Security Update for Multiple Security Updates

Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service and performance issue on that node.

CVE
#vulnerability#dos#intel#auth#dell

Vaikutus

Critical

Tiedot

Proprietary Code CVE(s)

Description

CVSS Base Score

CVSS Vector String

CVE-2022-34437

Dell PowerScale OneFS, versions 8.2.2-9.3.0, contain an OS command injection vulnerability. A privileged local malicious user could potentially exploit this vulnerability, leading to a full system compromise. This impacts compliance mode clusters.

6.7

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-34438

Dell PowerScale OneFS, versions 8.2.x-9.4.0.x, contain a privilege context switching error. A local authenticated malicious user with high privileges could potentially exploit this vulnerability, leading to full system compromise. This impacts compliance mode clusters.

6.7

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-34439

Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service and performance issue on that node.

5.3

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Third-Party Component

CVE(s)

CVSS Vector String

Intel Platform

CVE-2021-0148

Intel-SA-00535

CVE-2021-0092

Intel-SA-00527

CVE-2021-0093

CVE-2021-0099

CVE-2021-0103

CVE-2021-0107

CVE-2021-0111

CVE-2021-0114

CVE-2021-0115

CVE-2021-0116

CVE-2021-0117

CVE-2021-0118

CVE-2021-0124

CVE-2021-0125

CVE-2021-0127

CVE-2021-0060

CVE-2021-00147

CVE-2020-24511

Intel-SA-00463

CVE-2020-24512

CVE-2020-12357

Intel-SA-00464

CVE-2020-12358

CVE-2020-12360

CVE-2020-24486

CVE-2021-0144

Intel-SA-00525

CVE-2020-0591, CVE-2020-0592, CVE-2020-0593

Intel-SA-00358

CVE-2020-0587, CVE-2020-0588, CVE-2020-0590, CVE-2020-8764, CVE-2020-8738, CVE-2020-8739, CVE-2020-8740

Intel-SA-00390

CVE-2020-8705, CVE-2020-8755

Intel-SA-00391

CVE-2020-8696

Intel-SA-00381

Cyrus SASL

CVE-2022-24407

See NVD (http://nvd.nist.gov/) for individual scores for each CVE.

CVE-2019-19906

CVE-2013-4122

Proprietary Code CVE(s)

Description

CVSS Base Score

CVSS Vector String

CVE-2022-34437

Dell PowerScale OneFS, versions 8.2.2-9.3.0, contain an OS command injection vulnerability. A privileged local malicious user could potentially exploit this vulnerability, leading to a full system compromise. This impacts compliance mode clusters.

6.7

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-34438

Dell PowerScale OneFS, versions 8.2.x-9.4.0.x, contain a privilege context switching error. A local authenticated malicious user with high privileges could potentially exploit this vulnerability, leading to full system compromise. This impacts compliance mode clusters.

6.7

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2022-34439

Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service and performance issue on that node.

5.3

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Third-Party Component

CVE(s)

CVSS Vector String

Intel Platform

CVE-2021-0148

Intel-SA-00535

CVE-2021-0092

Intel-SA-00527

CVE-2021-0093

CVE-2021-0099

CVE-2021-0103

CVE-2021-0107

CVE-2021-0111

CVE-2021-0114

CVE-2021-0115

CVE-2021-0116

CVE-2021-0117

CVE-2021-0118

CVE-2021-0124

CVE-2021-0125

CVE-2021-0127

CVE-2021-0060

CVE-2021-00147

CVE-2020-24511

Intel-SA-00463

CVE-2020-24512

CVE-2020-12357

Intel-SA-00464

CVE-2020-12358

CVE-2020-12360

CVE-2020-24486

CVE-2021-0144

Intel-SA-00525

CVE-2020-0591, CVE-2020-0592, CVE-2020-0593

Intel-SA-00358

CVE-2020-0587, CVE-2020-0588, CVE-2020-0590, CVE-2020-8764, CVE-2020-8738, CVE-2020-8739, CVE-2020-8740

Intel-SA-00390

CVE-2020-8705, CVE-2020-8755

Intel-SA-00391

CVE-2020-8696

Intel-SA-00381

Cyrus SASL

CVE-2022-24407

See NVD (http://nvd.nist.gov/) for individual scores for each CVE.

CVE-2019-19906

CVE-2013-4122

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen

CVE(s) Addressed

Product

Affected Version(s)

Updated Version(s)

Link to Update

CVE-2021-0148

F600 with Intel P4510 2TB and 4TB ISE drives

PowerScale OneFS Versions:
9.4.0.x
9.3.0.x
9.2.1.x
9.2.0.x
9.1.0.x
9.0.0.x
Drive Support Package versions prior to 1.42.3

Download and install >= Drive Support Package 1.42.3.

PowerScale OneFS Downloads Area

CVE-2021-0092

A200, A2000, A300, A3000, F200, F600, F800, F810, F900, H400, H500, H5600, H600, H700, H7000, B100, P100

PowerScale OneFS Versions:
9.4.0.x
9.3.0.x
9.2.1.x
9.2.0.x
9.1.0.x
9.0.0.x
Node Firmware Package versions prior to 11.5.1

Download and install the latest Node Firmware Package version >= 11.5.1.

CVE-2021-0093

CVE-2021-0099

CVE-2021-0103

CVE-2021-0107

CVE-2021-0111

CVE-2021-0114

CVE-2021-0115

CVE-2021-0116

CVE-2021-0117

CVE-2021-0118

CVE-2021-0124

CVE-2021-0125

CVE-2021-0127

CVE-2021-0060

CVE-2021-00147

A200, A2000, A300, A3000, F800, F810, H400, H500, H5600, H600, H700, H7000

CVE-2020-24511

A300, A3000, H700, H7000

CVE-2020-12358

CVE-2020-12360

A200, A2000, A300, A3000, F800, F810, H400, H500, H5600, H600, H700, H7000

CVE-2020-24486

A300, A3000, H700, H7000

CVE-2021-0144

A200, A2000, A300, A3000, F800, F810, H400, H500, H5600, H600, H700, H7000

CVE-2020-0591

A2000, A200, H400, H500, H600, F800, F900, F200, F600, B100, and P100

CVE-2020-0592

CVE-2020-0593

A2000, A200, H400, F900, F200, F600, B100, and P100

CVE-2020-8738

CVE-2020-8739

CVE-2020-8740

CVE-2020-8764

CVE-2020-0587

F900, F200, F600, B100, and P100

CVE-2020-0588

CVE-2020-0590

CVE-2020-8705

CVE-2020-8755

CVE-2020-8696

CVE-2022-24407

PowerScale OneFS

9.1.0.0 through 9.1.0.21
9.2.1.0 through 9.2.1.15
9.3.0.0 through 9.3.0.7
9.4.0.0 through 9.4.0.5

Download and install the latest RUP.
>= 9.1.0.22
>= 9.2.1.16
>= 9.3.0.8
>= 9.4.0.6

CVE-2019-19906

CVE-2013-4122

Any other version

Upgrade your version of PowerScale OneFS.

CVE-2022-34437

PowerScale OneFS

9.1.0.0 through 9.1.0.21
9.2.1.0 through 9.2.1.15
9.3.0.0 through 9.3.0.7

Download and install the latest RUP.
>= 9.1.0.22
>= 9.2.1.16
>= 9.3.0.8

Any other version

Upgrade your version of PowerScale OneFS.

CVE-2022-34438

PowerScale OneFS

9.1.0.0 through 9.1.0.22
9.2.1.0 through 9.2.1.15
9.3.0.0 through 9.3.0.7
9.4.0.0 through 9.4.0.5

Download and install the latest RUP.
>= 9.1.0.23
>= 9.2.1.16
>= 9.3.0.8
>= 9.4.0.6

Any other version

Upgrade your version of PowerScale OneFS.

CVE-2022-34439

PowerScale OneFS

9.1.0.0 through 9.1.0.22
9.2.1.0 through 9.2.1.16
9.3.0.0 through 9.3.0.7
9.4.0.0 through 9.4.0.5

Download and install the latest RUP.
>= 9.1.0.23
>= 9.2.1.16
>= 9.3.0.8
>= 9.4.0.6

Any other version

Upgrade your version of PowerScale OneFS or apply the steps listed in the “Workaround and Mitigations” in the next table.

CVE(s) Addressed

Product

Affected Version(s)

Updated Version(s)

Link to Update

CVE-2021-0148

F600 with Intel P4510 2TB and 4TB ISE drives

PowerScale OneFS Versions:
9.4.0.x
9.3.0.x
9.2.1.x
9.2.0.x
9.1.0.x
9.0.0.x
Drive Support Package versions prior to 1.42.3

Download and install >= Drive Support Package 1.42.3.

PowerScale OneFS Downloads Area

CVE-2021-0092

A200, A2000, A300, A3000, F200, F600, F800, F810, F900, H400, H500, H5600, H600, H700, H7000, B100, P100

PowerScale OneFS Versions:
9.4.0.x
9.3.0.x
9.2.1.x
9.2.0.x
9.1.0.x
9.0.0.x
Node Firmware Package versions prior to 11.5.1

Download and install the latest Node Firmware Package version >= 11.5.1.

CVE-2021-0093

CVE-2021-0099

CVE-2021-0103

CVE-2021-0107

CVE-2021-0111

CVE-2021-0114

CVE-2021-0115

CVE-2021-0116

CVE-2021-0117

CVE-2021-0118

CVE-2021-0124

CVE-2021-0125

CVE-2021-0127

CVE-2021-0060

CVE-2021-00147

A200, A2000, A300, A3000, F800, F810, H400, H500, H5600, H600, H700, H7000

CVE-2020-24511

A300, A3000, H700, H7000

CVE-2020-12358

CVE-2020-12360

A200, A2000, A300, A3000, F800, F810, H400, H500, H5600, H600, H700, H7000

CVE-2020-24486

A300, A3000, H700, H7000

CVE-2021-0144

A200, A2000, A300, A3000, F800, F810, H400, H500, H5600, H600, H700, H7000

CVE-2020-0591

A2000, A200, H400, H500, H600, F800, F900, F200, F600, B100, and P100

CVE-2020-0592

CVE-2020-0593

A2000, A200, H400, F900, F200, F600, B100, and P100

CVE-2020-8738

CVE-2020-8739

CVE-2020-8740

CVE-2020-8764

CVE-2020-0587

F900, F200, F600, B100, and P100

CVE-2020-0588

CVE-2020-0590

CVE-2020-8705

CVE-2020-8755

CVE-2020-8696

CVE-2022-24407

PowerScale OneFS

9.1.0.0 through 9.1.0.21
9.2.1.0 through 9.2.1.15
9.3.0.0 through 9.3.0.7
9.4.0.0 through 9.4.0.5

Download and install the latest RUP.
>= 9.1.0.22
>= 9.2.1.16
>= 9.3.0.8
>= 9.4.0.6

CVE-2019-19906

CVE-2013-4122

Any other version

Upgrade your version of PowerScale OneFS.

CVE-2022-34437

PowerScale OneFS

9.1.0.0 through 9.1.0.21
9.2.1.0 through 9.2.1.15
9.3.0.0 through 9.3.0.7

Download and install the latest RUP.
>= 9.1.0.22
>= 9.2.1.16
>= 9.3.0.8

Any other version

Upgrade your version of PowerScale OneFS.

CVE-2022-34438

PowerScale OneFS

9.1.0.0 through 9.1.0.22
9.2.1.0 through 9.2.1.15
9.3.0.0 through 9.3.0.7
9.4.0.0 through 9.4.0.5

Download and install the latest RUP.
>= 9.1.0.23
>= 9.2.1.16
>= 9.3.0.8
>= 9.4.0.6

Any other version

Upgrade your version of PowerScale OneFS.

CVE-2022-34439

PowerScale OneFS

9.1.0.0 through 9.1.0.22
9.2.1.0 through 9.2.1.16
9.3.0.0 through 9.3.0.7
9.4.0.0 through 9.4.0.5

Download and install the latest RUP.
>= 9.1.0.23
>= 9.2.1.16
>= 9.3.0.8
>= 9.4.0.6

Any other version

Upgrade your version of PowerScale OneFS or apply the steps listed in the “Workaround and Mitigations” in the next table.

Keinoja ongelman kiertämiseen tai lieventämiseen

CVE

Workarounds

CVE-2022-34439

This vulnerability only applies to

  1. ethernet backend cluster and
  2. single (non-redundant) backend configuration
    Disable LBFO by issuing this command:

if $(isi cluster internal-networks view | grep -q “Failover Status: disabled” ) && $(isi cluster internal-networks view | grep -q “Fabric: Ethernet”); then echo; echo “Disabling service, please re-enable after upgrade to fixed version” ; isi services isi_lbfo_d disable ; else echo; echo “Not impacted” ; fi

After patch applied or upgrade to a version with the issue resolved, revert this mitigation with command:

#isi services isi_lbfo_d enable

Note: This is required prior to future configurations using redundant backend interfaces

Versiohistoria

Revision

Date

Description

1.0

2022-10-13

Initial Release

Asiaan liittyvät tiedot

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Isilon A200, Isilon A2000, Isilon F800, Isilon F810, Isilon H400, Isilon H500, Isilon H5600, Isilon H600, PowerScale Archive A300, PowerScale Archive A3000, PowerScale B100, PowerScale F200, PowerScale F600, PowerScale F900, PowerScale Hybrid H700Näytä lisää

14 lokak. 2022

Related news

Gentoo Linux Security Advisory 202402-22

Gentoo Linux Security Advisory 202402-22 - Multiple vulnerabilities have been discovered in intel-microcode, the worst of which can lead to privilege escalation. Versions greater than or equal to 20230214_p20230212 are affected.

CVE-2023-22130: Oracle Critical Patch Update Advisory - October 2023

Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

RHSA-2023:4053: Red Hat Security Advisory: OpenShift Container Platform 4.11.45 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.45 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21235: A flaw was found in the VCS package, caused by improper validation of user-supplied input. By using a specially-crafted argument, a remote attacker could execute arbitrary commands o...

CVE-2023-25509: NVIDIA Support

NVIDIA DGX-1 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, and escalation of privileges.

CVE-2023-28069: DSA-2022-258: Dell Streaming Data Platform Security Update for Multiple Third-Party Component Vulnerabilities

Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.

CVE-2022-34454: DSA-2022-271: Dell PowerScale OneFS Security Updates for Multiple Security Vulnerabilities

Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a heap-based buffer overflow. A local privileged malicious user could potentially exploit this vulnerability, leading to system takeover. This impacts compliance mode clusters.

CVE-2023-23692: DSA-2022-187: Dell Technologies PowerProtect Data Domain Security Update for Multiple Third-Party Component Vulnerabilities

Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection Vulnerability. An authenticated non admin attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.

CVE-2022-46756: DSA-2022-335: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities

Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.

CVE-2022-34456: DSA-2022-267: Dell EMC Metronode VS5 Security Update for Multiple Third-Party Component Vulnerabilities

Dell EMC Metro node, Version(s) prior to 7.1, contain a Code Injection Vulnerability. An authenticated nonprivileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application.

CVE-2022-34390: DSA-2022-269: Dell Client Platform BIOS Security Update for Alienware Area-51 R4/R5

Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVE-2022-34390: DSA-2022-269: Dell Client Platform BIOS Security Update for Alienware Area-51 R4/R5

Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVE-2022-34390: DSA-2022-269: Dell Client Platform BIOS Security Update for Alienware Area-51 R4/R5

Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVE-2022-34390: DSA-2022-269: Dell Client Platform BIOS Security Update for Alienware Area-51 R4/R5

Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVE-2022-34390: DSA-2022-269: Dell Client Platform BIOS Security Update for Alienware Area-51 R4/R5

Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVE-2022-34390: DSA-2022-269: Dell Client Platform BIOS Security Update for Alienware Area-51 R4/R5

Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVE-2022-34390: DSA-2022-269: Dell Client Platform BIOS Security Update for Alienware Area-51 R4/R5

Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVE-2022-34390: DSA-2022-269: Dell Client Platform BIOS Security Update for Alienware Area-51 R4/R5

Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVE-2022-34390: DSA-2022-269: Dell Client Platform BIOS Security Update for Alienware Area-51 R4/R5

Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVE-2022-34390: DSA-2022-269: Dell Client Platform BIOS Security Update for Alienware Area-51 R4/R5

Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVE-2022-34390: DSA-2022-269: Dell Client Platform BIOS Security Update for Alienware Area-51 R4/R5

Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVE-2022-34390: DSA-2022-269: Dell Client Platform BIOS Security Update for Alienware Area-51 R4/R5

Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVE-2022-34390: DSA-2022-269: Dell Client Platform BIOS Security Update for Alienware Area-51 R4/R5

Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVE-2022-34390: DSA-2022-269: Dell Client Platform BIOS Security Update for Alienware Area-51 R4/R5

Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Red Hat Security Advisory 2022-5070-01

Red Hat Security Advisory 2022-5070-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include denial of service, out of bounds read, and traversal vulnerabilities.

Red Hat Security Advisory 2022-5924-01

Red Hat Security Advisory 2022-5924-01 - Service Telemetry Framework provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform deployment for storage, retrieval, and monitoring.

RHSA-2022:5924: Red Hat Security Advisory: Service Telemetry Framework 1.4 security update

An update is now available for Service Telemetry Framework 1.4 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

Red Hat Security Advisory 2022-5840-01

Red Hat Security Advisory 2022-5840-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.

RHSA-2022:5840: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.3 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.3 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1365: cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-29526: golang: syscall: faccessat checks wrong group

Ubuntu Security Notice USN-5535-1

Ubuntu Security Notice 5535-1 - Joseph Nuzman discovered that some Intel processors did not properly initialise shared resources. A local attacker could use this to obtain sensitive information. Mark Ermolov, Dmitry Sklyarov and Maxim Goryachy discovered that some Intel processors did not prevent test and debug logic from being activated at runtime. A local attacker could use this to escalate privileges.

CVE-2022-21586: Oracle Critical Patch Update Advisory - July 2022

Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Trade Finance accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N).

Red Hat Security Advisory 2022-5132-01

Red Hat Security Advisory 2022-5132-01 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes bug and security fixes.

Ubuntu Security Notice USN-5486-1

Ubuntu Security Notice 5486-1 - It was discovered that some Intel processors did not implement sufficient control flow management. A local attacker could use this to cause a denial of service. Joseph Nuzman discovered that some Intel processors did not properly initialise shared resources. A local attacker could use this to obtain sensitive information. Mark Ermolov, Dmitry Sklyarov and Maxim Goryachy discovered that some Intel processors did not prevent test and debug logic from being activated at runtime. A local attacker could use this to escalate privileges.

CVE-2022-29085: DSA-2022-021: Dell Unity, Dell UnityVSA, and Dell Unity XT Security Update for Multiple Vulnerabilities

Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

CVE-2022-29085: DSA-2022-021: Dell Unity, Dell UnityVSA, and Dell Unity XT Security Update for Multiple Vulnerabilities

Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

CVE-2022-29085: DSA-2022-021: Dell Unity, Dell UnityVSA, and Dell Unity XT Security Update for Multiple Vulnerabilities

Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

CVE-2022-29085: DSA-2022-021: Dell Unity, Dell UnityVSA, and Dell Unity XT Security Update for Multiple Vulnerabilities

Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

CVE-2022-26869: DSA-2022-014: Dell EMC PowerStore Family Security Update for Multiple Vulnerabilities

Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and arbitrary code execution.

Red Hat Security Advisory 2022-4668-01

Red Hat Security Advisory 2022-4668-01 - Red Hat OpenShift Virtualization release 4.10.1 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

CVE-2022-24407: security - Fwd: Cyrus-SASL 2.1.28 released [fixes CVE-2022-24407 & CVE-2019-19906]

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.

CVE-2020-8700: INTEL-SA-00463

Improper input validation in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

CVE-2020-8700: INTEL-SA-00463

Improper input validation in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

CVE-2020-8700: INTEL-SA-00463

Improper input validation in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

CVE-2020-8700: INTEL-SA-00463

Improper input validation in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

CVE-2020-8745: INTEL-SA-00391

Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

CVE-2020-0590: INTEL-SA-00358

Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2020-8738: INTEL-SA-00390

Improper conditions check in Intel BIOS platform sample code for some Intel(R) Processors before may allow a privileged user to potentially enable escalation of privilege via local access.

CVE-2020-8738: INTEL-SA-00390

Improper conditions check in Intel BIOS platform sample code for some Intel(R) Processors before may allow a privileged user to potentially enable escalation of privilege via local access.

CVE-2020-8738: INTEL-SA-00390

Improper conditions check in Intel BIOS platform sample code for some Intel(R) Processors before may allow a privileged user to potentially enable escalation of privilege via local access.

CVE-2020-0590: INTEL-SA-00358

Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2020-0590: INTEL-SA-00358

Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2020-0590: INTEL-SA-00358

Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2020-0590: INTEL-SA-00358

Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2020-8738: INTEL-SA-00390

Improper conditions check in Intel BIOS platform sample code for some Intel(R) Processors before may allow a privileged user to potentially enable escalation of privilege via local access.

CVE-2020-8745: INTEL-SA-00391

Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

CVE-2020-0590: INTEL-SA-00358

Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2020-9883: About the security content of macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2020-9918: About the security content of iOS 13.6 and iPadOS 13.6

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907