Security
Headlines
HeadlinesLatestCVEs

Tag

#linux

CVE-2022-1729: security - CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation

A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.

CVE
#vulnerability#web#mac#windows#linux#git#php#auth
CVE-2022-2739: Invalid Bug ID

The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain access to sensitive information stored in environment variables.

CVE-2022-2738: Red Hat Customer Portal - Access to 24x7 support and knowledge

The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code execution in Go applications that use the Go GPGME wrapper library, under certain conditions, during GPG signature verification.

CVE-2022-3078

An issue was discovered in the Linux kernel through 5.16-rc6. There is a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c.

CVE-2022-3061

Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by zero error.

CVE-2020-27784

A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free().

CVE-2022-28199: Security Bulletin: NVIDIA Data Plane Development Kit (MLNX_DPDK) - August 2022

NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality.

Red Hat Security Advisory 2022-6306-01

Red Hat Security Advisory 2022-6306-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. Issues addressed include buffer overflow and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-6314-01

Red Hat Security Advisory 2022-6314-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a privilege escalation vulnerability.

Red Hat Security Advisory 2022-6312-01

Red Hat Security Advisory 2022-6312-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a privilege escalation vulnerability.