Security
Headlines
HeadlinesLatestCVEs

Tag

#linux

CVE-2022-32166: flow: Avoid unsafe comparison of minimasks. · cloudbase/ovs@2ed6505

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.

CVE
#vulnerability#linux
Red Hat Shares ― Edge computing: Security

The Red Hat Shares newsletter helps IT leaders navigate the complicated world of IT―the open source way.

CVE-2022-3303

A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition

CVE-2022-40878: Offensive Security’s Exploit Database Archive

In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution (RCE).

CVE-2022-40877: Offensive Security’s Exploit Database Archive

Exam Reviewer Management System 1.0 is vulnerable to SQL Injection via the ‘id’ parameter.

COVESA 2.18.8 NULL Pointer Dereference / Heap Buffer Over-Read

COVESA versions 2.18.8 and below suffer from heap buffer over-read and null pointer dereference vulnerabilities.

Red Hat Security Advisory 2022-6700-01

Red Hat Security Advisory 2022-6700-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2022-6701-01

Red Hat Security Advisory 2022-6701-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a bypass vulnerability.

Ubuntu Security Notice USN-5640-1

Ubuntu Security Notice 5640-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service.