XVR 5x04, XVR 5x08, XVR 5x16, XVR 7x16, IPC-HDBW4XXX, IPC-HDBW5XXX Security Vulnerabilities

Oracle Linux 8 : ELSA-2022-9074-1: / thunderbird (ELSA-2022-90741)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-90741 advisory. Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 107 and...

Oracle Linux 7 : ELSA-2022-9079-1: / thunderbird (ELSA-2022-90791)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-90791 advisory. A use-after-free in WebGL extensions could have led to a potentially exploitable crash. (CVE-2022-46882) Mozilla: Quoting from an HTML email with...

Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5782-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5782-1 advisory. An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. (CVE-2022-46871) An attacker who...

Debian DSA-5301-1 : firefox-esr - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5301 advisory. An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages. This bug...

Oracle Linux 7 : ELSA-2022-9072-1: / firefox (ELSA-2022-90721)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-90721 advisory. A use-after-free in WebGL extensions could have led to a potentially exploitable crash. (CVE-2022-46882) A file with a long filename could have...

CVE-2022-46872

The Mozilla Foundation Security Advisory describes this flaw as: An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages. This bug only affects Firefox for Linux. Other operating systems are...

Reassessing cyberwarfare. Lessons learned in 2022

At this point, it has become cliché to say that nothing in 2022 turned out the way we expected. We left the COVID-19 crisis behind hoping for a long-awaited return to normality and were immediately plunged into the chaos and uncertainty of a twentieth-century-style military conflict that posed...

CVE-2022-4437

Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

CVE-2022-4437

Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

CVE-2022-4437

Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

CVE-2022-4437

Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

CVE-2022-4437

Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

Design/Logic Flaw

Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

CVE-2022-4437

Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Notes Author| Note ---|--- alexmurray | The Debian chromium source package is called chromium-browser in.....

Mozilla Firefox Security Advisory (MFSA2022-51) - Linux

This host is missing a security update for Mozilla...

SUSE SLES15 Security Update : MozillaFirefox (SUSE-SU-2022:4461-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4461-1 advisory. An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via...

Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2022-348-02)

The version of mozilla-thunderbird installed on the remote host is prior to 102.6.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-348-02 advisory. An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary ...

SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2022:4462-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4462-1 advisory. An attacker who compromised a content process could have partially escaped the sandbox to read...

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2022:4460-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4460-1 advisory. An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via...

CVE-2022-4437

Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...

FreeBSD : chromium -- multiple vulnerabilities (83eb9374-7b97-11ed-be8f-3065ec8fd3ec)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 83eb9374-7b97-11ed-be8f-3065ec8fd3ec advisory. Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-039)

The version of kernel installed on the remote host is prior to 5.4.224-128.414. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-039 advisory. 2024-05-23: CVE-2021-47103 was added to this advisory. A memory overflow vulnerability was found in the...

CVE-2022-46872

An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.This bug only affects Thunderbird for Linux. Other operating systems are unaffected.. This vulnerability affects Firefox < 108, Firefox ESR < 102.6...

Slackware Linux 15.0 mozilla-firefox Multiple Vulnerabilities (SSA:2022-348-01)

The version of mozilla-firefox installed on the remote host is prior to 102.6.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-348-01 advisory. An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary ...

Mozilla Firefox ESR < 102.6

The version of Firefox ESR installed on the remote Windows host is prior to 102.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-52 advisory. A missing check related to tex units could have led to a use-after-free and potentially exploitable crash. ...

Security Vulnerabilities fixed in Firefox 108 — Mozilla

An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.This bug only affects Firefox for Linux. Other...

Mozilla Firefox < 108.0

The version of Firefox installed on the remote Windows host is prior to 108.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-51 advisory. An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. ...

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 8 security fixes, including: [1383991] High CVE-2022-4436: Use after free in Blink Media. Reported by Anonymous on 2022-11-15 [1394692] High CVE-2022-4437: Use after free in Mojo IPC. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability.....

Mozilla Firefox ESR < 102.6

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 102.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-52 advisory. A missing check related to tex units could have led to a use-after-free and potentially exploitable...

Mozilla Thunderbird < 102.6

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 102.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-53 advisory. A missing check related to tex units could have led to a use-after-free and potentially exploitable...

Google Chrome < 108.0.5359.124 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 108.0.5359.124. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_12_stable-channel-update-for-desktop_13 advisory. Use after free in Blink Media. (CVE-2022-4436) Use after free in Mojo...

Google Chrome < 108.0.5359.125 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 108.0.5359.125. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_12_stable-channel-update-for-desktop_13 advisory. Use after free in Blink Media. (CVE-2022-4436) Use after free in Mojo...

KLA20125 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: Use after free vulnerability in Blink Frames can be exploited to cause denial of service or...

Google Chrome < 108.0.5359.124 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 108.0.5359.124. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_12_stable-channel-update-for-desktop_13 advisory. Use after free in Blink Media. (CVE-2022-4436) Use after free in Mojo...

Mozilla Thunderbird < 102.6

The version of Thunderbird installed on the remote Windows host is prior to 102.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-53 advisory. A missing check related to tex units could have led to a use-after-free and potentially exploitable crash. ...

Mozilla Firefox < 108.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 108.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-51 advisory. An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. ...

Security Vulnerabilities fixed in Firefox ESR 102.6 — Mozilla

A missing check related to tex units could have led to a use-after-free and potentially exploitable crash. An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.This bug only affects Firefox for Linux....

Security Vulnerabilities fixed in Thunderbird 102.6 — Mozilla

A missing check related to tex units could have led to a use-after-free and potentially exploitable crash. An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.This bug only affects Thunderbird for Linux......

Stable Channel Update for Desktop

The Stable channel has been updated to 108.0.5359.124 for Mac and Linux and 108.0.5359.124/.125 for Windows, which will roll out over the coming days/weeks. A full list of changes in this build is available in the log. The Extended Stable channel has been updated to 108.0.5359.124 for Mac and...

Security Bulletin: Linux Kernel vulnerability may affect IBM Elastic Storage System (CVE-2021-3759)

Summary There is a vulnerability in the Linux kernel, used by IBM Elastic Storage System, which could allow a denial of service. Vulnerability Details ** CVEID: CVE-2021-3759 DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a memory overflow in the ipc function in the...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-023)

The version of kernel installed on the remote host is prior to 5.10.155-138.670. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-023 advisory. 2024-05-23: CVE-2021-47103 was added to this advisory. A memory overflow vulnerability was found in the...

Trojan.Win32.DarkNeuron.gen MVID-2022-0661 Named Pipe NULL DACL

...

Wipermania: An All You Can Wipe Buffet

Wipermania: An All You Can Wipe Buffet By Max Kersten · November 15, 2022 In early 2022, Ukrainian companies were struck by multiple destructive wipers, attacking various organizations across sectors. This raised questions about the usage and impact of “digital weapons” within the security...

Wipermania: An All You Can Wipe Buffet

Wipermania: An All You Can Wipe Buffet By Max Kersten · November 15, 2022 In early 2022, Ukrainian companies were struck by multiple destructive wipers, attacking various organizations across sectors. This raised questions about the usage and impact of “digital weapons” within the security...

ipc: mqueue: fix possible memory leak in init_mqueue_fs()

ipc: mqueue: fix possible memory leak in init_mqueue_fs() This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.3 by commit...

perl: Fix of CVE-2020-16156

CVE-2020-16156: recognize CANNOT_VERIFY signature verification...

WebKit HTMLSelectElement Use-After-Free Exploit

...

WebKit HTMLSelectElement Use-After-Free

...

kernel security, bug fix, and enhancement update

[5.14.0-70.30.1.0.1_0.OL9] - lockdown: also lock down previous kgdb use (Daniel Thompson) [Orabug: 34290418] {CVE-2022-21499} [5.14.0-70.30.1_0.OL9] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the.....

openSUSE 15 Security Update : EternalTerminal (openSUSE-SU-2022:10187-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10187-1 advisory. A privilege escalation to root exists in Eternal Terminal prior to version 6.2.0. This is due to the combination of a race condition,...