Security
Headlines
HeadlinesLatestCVEs

Tag

#linux

Ubuntu Security Notice USN-6439-1

Ubuntu Security Notice 6439-1 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.

Packet Storm
Open in Source
#vulnerability#web#amazon#ubuntu#linux#dos#perl#aws#buffer_overflow
Ubuntu Security Notice USN-6443-1

Ubuntu Security Notice 6443-1 - Bien Pham discovered that the netfiler subsystem in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service or possibly execute arbitrary code. Kyle Zeng discovered that the networking stack implementation in the Linux kernel did not properly validate skb object size in certain conditions. An attacker could use this cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-6416-3

Ubuntu Security Notice 6416-3 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorised memory reads via a speculative side-channel attack. A local attacker could use this to expose sensitive information, including kernel memory.

Red Hat Security Advisory 2023-5931-01

Red Hat Security Advisory 2023-5931-01 - Updated Satellite 6.13 packages that fixes Important security bugs and several regular bugs are now available for Red Hat Satellite. Issues addressed include code execution and denial of service vulnerabilities.

Red Hat Security Advisory 2023-5930-01

Red Hat Security Advisory 2023-5930-01 - An update for varnish is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5929-01

Red Hat Security Advisory 2023-5929-01 - An update for tomcat is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

GHSA-cgf8-h3fp-h956: Pleaser privilege escalation vulnerability

please (aka pleaser) through 0.5.4 allows privilege escalation through the TIOCSTI and/or TIOCLINUX ioctl. (If both TIOCSTI and TIOCLINUX are disabled, this cannot be exploited.)

CVE-2023-46277: start new process in a new PTY (!69) · Merge requests · ed neville / please · GitLab

please (aka pleaser) through 0.5.4 allows privilege escalation through the TIOCSTI and/or TIOCLINUX ioctl. (If both TIOCSTI and TIOCLINUX are disabled, this cannot be exploited.)

CVE-2022-42150: cloud-lab/configs/common/seccomp-profiles-default.json at d19ff92713685a7fb84b423dea6a184b25c378c9 · tinyclub/cloud-lab

TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape.

Why Do We Need Real-World Context to Prioritize CVEs?

Without the proper context, organizations waste time mitigating software flaws that won't likely affect their systems.