Jetson Nano, Jetson Nano 2GB Security Vulnerabilities

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-1130)

The remote host is missing an update for the Huawei...

Unbreakable Enterprise kernel security update

[5.4.17-2136.315.5] - Revert 'xfs: Lower CIL flush limit for large logs' (Sherry Yang) [Orabug: 34917369] - Revert 'xfs: Throttle commits on delayed background CIL push' (Sherry Yang) [Orabug: 34917369] - Revert 'xfs: fix use-after-free on CIL context on shutdown' (Sherry Yang) [Orabug:...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.315.5] - Revert 'xfs: fix use-after-free on CIL context on shutdown' (Sherry Yang) [Orabug: 34917369] [5.4.17-2136.315.4] - net/mlx5: Suppress error logging on UCTX creation (Marina) [Orabug: 34888473] - uek-rpm: Add ptp_kvm.ko to nano rpm (Somasundaram Krishnasamy) [Orabug:...

Unbreakable Enterprise kernel-container security update

[4.14.35-2047.521.4.el7] - tcp: Tunables for TCP delayed ack (min and max) timers (Venkat Venkatsubra) [Orabug: 34883100] [4.14.35-2047.521.3.el7] - Revert 'random: use expired timer rather than wq for mixing fast pool' (Saeed Mirzamohammadi) [Orabug: 34918228] [4.14.35-2047.521.2.el7] -...

EulerOS 2.0 SP9 : libxml2 (EulerOS-SA-2023-1106)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled,...

EulerOS 2.0 SP9 : libxml2 (EulerOS-SA-2023-1130)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled,...

EulerOS 2.0 SP11 : libxml2 (EulerOS-SA-2023-1016)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled,...

CVE-2022-44877

login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter. Recent assessments: h00die-gr3y at January 14, 2023 6:25pm UTC reported: This vulnerability is all...

EulerOS 2.0 SP11 : libxml2 (EulerOS-SA-2023-1041)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled,...

CVE-2022-42269

NVIDIA Trusted OS contains a vulnerability in an SMC call handler, where failure to validate untrusted input may allow a highly privileged local attacker to cause information disclosure and compromise integrity. The scope of the impact can extend to other...

CVE-2022-42270

NVIDIA distributions of Linux contain a vulnerability in nvdla_emu_task_submit, where unvalidated input may allow a local attacker to cause stack-based buffer overflow in kernel code, which may lead to escalation of privileges, compromised integrity and confidentiality, and denial of...

My age+YubiKeys Password Management Solution

Password managers are in the news, and it's the holidays, so it's as good a time as ever to describe my password and secret management setup. It's very much not for everyone, but it's minimal, simple, and has some interesting security properties: even if my laptop were compromised, it would take...

Fedora 36 : libxml2 / xmlsec1 (2022-aeafd24818)

The remote Fedora 36 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2022-aeafd24818 advisory. An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled,...

OpenImageIO TIFF file string field information disclosure vulnerability

Talos Vulnerability Report TALOS-2022-1627 OpenImageIO TIFF file string field information disclosure vulnerability December 22, 2022 CVE Number CVE-2022-41977 SUMMARY An out of bounds read vulnerability exists in the way OpenImageIO version v2.3.19.0 processes string fields in TIFF image files. A.....

Huawei EulerOS: Security Advisory for yajl (EulerOS-SA-2022-2837)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for yajl (EulerOS-SA-2022-2863)

The remote host is missing an update for the Huawei...

EulerOS 2.0 SP10 : yajl (EulerOS-SA-2022-2837)

According to the versions of the yajl package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow...

macOS 12.x < 12.6.2 Multiple Vulnerabilities (HT213533)

The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.6.2. It is, therefore, affected by multiple vulnerabilities: The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1. An app may be able to...

macOS 11.x < 11.7.2 Multiple Vulnerabilities (HT213534)

The remote host is running a version of macOS / Mac OS X that is 11.x prior to 11.7.2. It is, therefore, affected by multiple vulnerabilities: This issue was addressed by enabling hardened runtime. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2....

Unbreakable Enterprise kernel security update

[5.4.17-2136.314.6.2] - proc: proc_skip_spaces() shouldn't think it is working on C strings (Linus Torvalds) [Orabug: 34883034] {CVE-2022-4378} - proc: avoid integer type confusion in get_proc_long (Linus Torvalds) [Orabug: 34883034] {CVE-2022-4378} [5.4.17-2136.314.6.1] - RDMA/uverbs: Move...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.314.6.2.el7] - proc: proc_skip_spaces() shouldn't think it is working on C strings (Linus Torvalds) [Orabug: 34883034] {CVE-2022-4378} - proc: avoid integer type confusion in get_proc_long (Linus Torvalds) [Orabug: 34883034] {CVE-2022-4378} [5.4.17-2136.314.6.1.el7] - RDMA/uverbs:...

Amazon Linux 2022 : libxml2 (ALAS2022-2022-258)

The version of libxml2 installed on the remote host is prior to 2.10.3-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-258 advisory. An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the ...

Amazon Linux 2022 : xmlsec1 (ALAS2022-2022-257)

The version of xmlsec1 installed on the remote host is prior to 1.2.33-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-257 advisory. An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the ...

Huawei EulerOS: Security Advisory for yajl (EulerOS-SA-2022-2812)

The remote host is missing an update for the Huawei...

EulerOS 2.0 SP8 : libxml2 (EulerOS-SA-2022-2800)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled,...

EulerOS 2.0 SP8 : yajl (EulerOS-SA-2022-2812)

According to the versions of the yajl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : libxml2 vulnerabilities (USN-5760-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5760-1 advisory. NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies...

Ubuntu 16.04 ESM : libxml2 vulnerabilities (USN-5760-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5760-2 advisory. An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several...

The Bug Report – November 2022 Edition

The Bug Report — November 2022 Edition By Trellix · December 07, 2022 This blog was written by Austin Emmitt Like granny always said, “never hack on an empty stomach.” Why am I here? This year I am thankful for some vivifying vulnerabilities and exceptional exploits! The world of enterprise...

The Bug Report – November 2022 Edition

The Bug Report — November 2022 Edition By Trellix · December 07, 2022 This blog was written by Austin Emmitt Like granny always said, “never hack on an empty stomach.” Why am I here? This year I am thankful for some vivifying vulnerabilities and exceptional exploits! The world of enterprise...

Security Bulletin: NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson TX1, Jetson TX2 Series (including Jetson TX2 NX), and Jetson Nano (including Jetson Nano 2GB) - November 2022

NVIDIA has released a software update for NVIDIA® Jetson AGX Xavier™ series, Jetson Xavier™ NX, Jetson TX1, Jetson TX2 series (including Jetson TX2 NX), and Jetson Nano™ devices (including Jetson Nano 2GB) in the NVIDIA JetPack™ software development kit (SDK). The update addresses security issues.....

CVE-2022-40303

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation...

CVE-2022-40303

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation...

CVE-2022-40303

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation...

CVE-2022-40303

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation...

CVE-2022-40303

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation...

Integer overflow

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation...

CVE-2022-40303

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault....

CVE-2022-40303

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation...

Oracle Linux 9 : yajl (ELSA-2022-8252)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-8252 advisory. yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads...

Oracle Linux 8 : yajl (ELSA-2022-7524)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-7524 advisory. yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads...

Huawei EulerOS: Security Advisory for yajl (EulerOS-SA-2022-2751)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for yajl (EulerOS-SA-2022-2786)

The remote host is missing an update for the Huawei...

EulerOS 2.0 SP9 : yajl (EulerOS-SA-2022-2786)

According to the versions of the yajl package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow...

EulerOS 2.0 SP9 : yajl (EulerOS-SA-2022-2751)

According to the versions of the yajl package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow...

AlmaLinux 8 : yajl (ALSA-2022:7524)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:7524 advisory. yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to...

macOS 13.x < 13.0.1 Multiple Vulnerabilities (HT213504)

The remote host is running a version of macOS / Mac OS X that is 13.x prior to 13.0.1. It is, therefore, affected by multiple vulnerabilities: An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several...

SUSE SLED15 / SLES15 Security Update : libxml2 (SUSE-SU-2022:3871-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3871-1 advisory. Possible cross-site scripting vulnerability in libxml after commit 960f0e2. (CVE-2016-3709) An issue was...

Debian DLA-3172-1 : libxml2 - LTS security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3172 advisory. An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer...

SUSE SLES12 Security Update : libxml2 (SUSE-SU-2022:3717-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3717-1 advisory. Possible cross-site scripting vulnerability in libxml after commit 960f0e2. (CVE-2016-3709) An issue was discovered in libxml2...