Security
Headlines
HeadlinesLatestCVEs

Tag

#linux

CVE-2022-42329

Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).

CVE
#vulnerability#linux#dos
CVE-2022-44900: Fix sanity check for path traversal attack · miurahr/py7zr@1bb43f1

A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file.

Google Chrome Flaw Added to CISA Patch List

CISA gives agencies deadline to patch against Google Chrome bug being actively exploited in the wild.

CVE-2022-43867: Security Bulletin: A vulnerability in IBM Spectrum Scale could allow a local attacker to execute arbitrary commands (CVE-2022-43867)

IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacker to execute arbitrary commands in the container. IBM X-Force ID: 239437.

CVE-2022-33876: Fortiguard

Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to retrieve files with specific extension from the underlying Linux system via crafted HTTP requests.

CVE-2022-45326: Kwoksys 2.9.5 XXE

An XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks.

VMware vCenter vScalation Privilege Escalation

This Metasploit module exploits a privilege escalation in vSphere/vCenter due to improper permissions on the /usr/lib/vmware-vmon/java-wrapper-vmon file. It is possible for anyone in the cis group to write to the file, which will execute as root on vmware-vmon service restart or host reboot. This module was successfully tested against VMware VirtualCenter 6.5.0 build-7070488. Vulnerable versions should include vCenter 7.0 before U2c, vCenter 6.7 before U3o, and vCenter 6.5 before U3q.

Red Hat Security Advisory 2022-8799-01

Red Hat Security Advisory 2022-8799-01 - The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System.

Red Hat Security Advisory 2022-8806-01

Red Hat Security Advisory 2022-8806-01 - The USBGuard software framework provides system protection against intrusive USB devices by implementing basic whitelisting and blacklisting capabilities based on device attributes. To enforce a user-defined policy, USBGuard uses the Linux kernel USB device authorization feature.

Red Hat Security Advisory 2022-8809-01

Red Hat Security Advisory 2022-8809-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an out of bounds write vulnerability.