Security
Headlines
HeadlinesLatestCVEs

Tag

#linux

OpenCart 3.x Newsletter Custom Popup 4.0 SQL Injection

OpenCart 3.x Newsletter Custom Popup module version 4.0 suffers from a remote blind SQL injection vulnerability.

Packet Storm
#sql#vulnerability#linux#php#auth#firefox
RHSA-2022:6551: Red Hat Security Advisory: Red Hat Virtualization security update

An update for redhat-release-virtualization-host, redhat-virtualization-host, and redhat-virtualization-host-productimg is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1012: kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak * CVE-2022-2132: dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs * CVE-2022-...

CVE-2022-40775: SEGV error · Issue #758 · axiomatic-systems/Bento4

An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_StszAtom::WriteFields.

CVE-2022-40774: SEGV at AP4_StszAtom::GetSampleSize(unsigned int, unsigned int&) in binary mp42ts · Issue #757 · axiomatic-systems/Bento4

An issue was discovered in Bento4 through 1.6.0-639. There is a NULL pointer dereference in AP4_StszAtom::GetSampleSize.

CVE-2022-40768: git/torvalds/linux.git - Linux kernel source tree

drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.

Scanvus – my open source Vulnerability Scanner for Linux hosts and Docker images

Hello everyone! This video was recorded for the VMconf 22 Vulnerability Management conference, vmconf.pw. I will be talking about my open source project Scanvus. This project is already a year old and I use it almost every day. Alternative video link (for Russia): https://vk.com/video-149273431_456239100 Scanvus (Simple Credentialed Authenticated Network VUlnerability Scanner) is a vulnerability scanner for Linux. Currently for Ubuntu, Debian, CentOS, […]

GHSA-rc4r-wh2q-q6c4: Moby supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. This bug is fixed in Moby (Docker Engine) 20.10.18. Users should update to this version when it is available. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade, this problem can be worked around by not using the `"USER $USERNAME"` Dockerfile instruction. Instead by calling `ENTRYPOINT ["su", "-", "user"]` the supplementary groups will be set up properly. Thanks to Steven Murdoch for reporting this issue. ---- ### Impact If an attacker has d...

GHSA-jr8j-2jhp-m67v: nftables binding to an already bound chain

### Impact An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel. A denial of service can occur upon binding to an already bound chain. Affected by this vulnerability is the function nft_verdict_init of the file net/netfilter/nf_tables_api.c. The manipulation with an unknown input leads to a denial of service vulnerability. The program does not release or incorrectly releases a resource before it is made available for re-use. ### Patches The fix has been backported to [5.15.64](https://www.linuxkernelcves.com/cves/CVE-2022-39190) version of the upstream Linux kernel (5.15 is the upstream Kernel long term version Talos ships with). Talos >= v1.2.0 is shipped with Linux Kernel 5.15.64 fixing the above issue. ### Workarounds It's recommended to upgrade ### References - https://www.sesin.at/2022/09/02/cve-2022-39190-linux-kernel-up-to-5-19-5-nf_tables_api-c-nft_verdict_init-denial-of-service/ - https://nvd.nist.gov/vuln/detail/CVE-2022-39190 ### For more informa...

GHSA-34vw-m4rh-r36p: Talos vulnerable dependency due to race condition in Linux kernel's IP framework XFRM

### Impact A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. ### Patches The fix has been backported to [5.15.64](https://www.linuxkernelcves.com/cves/CVE-2022-3028) version of the upstream Linux kernel (5.15 is the upstream Kernel long term version Talos ships with). Talos >= v1.2.0 is shipped with Linux Kernel 5.15.64 fixing the above issue. Kubernetes workloads running in Talos are not affected since user namespaces are disabled in Talos kernel config. So an unprivileged user cannot obtain CAP_NET_ADMIN by unsharing. However untrusted workloads that run with privileged: true or having NET_ADMIN capability poses a risk. ### Workarounds Audit kubernetes workloads running in the cluster with ...

CVE-2022-36402: Invalid Bug ID

An integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).