Ubuntu: Security Advisory (USN-5484-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-5465-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

LSN-0089-1: Kernel Live Patch Security Notice

Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or execute arbitrary code...

SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 0 for SLE 15 SP4) (SUSE-SU-2022:2482-1)

The remote SUSE Linux SLES12 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2482-1 advisory. - A race condition was found the Linux kernel in perfeventopen which can be exploited by an unprivileged user to gain root...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-032)

The version of kernel installed on the remote host is prior to 5.4.201-111.359. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-032 advisory. Due to the small table perturb size, a memory leak flaw was found in the Linux kernel's TCP source port...

SUSE SLES12 Security Update : kernel (Live Patch 24 for SLE 12 SP5) (SUSE-SU-2022:2438-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2438-1 advisory. - A race condition was found the Linux kernel in perfeventopen which can be exploited by an unprivileged user to gain root privileges. The bug...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-016)

The version of kernel installed on the remote host is prior to 5.10.126-117.518. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-016 advisory. Due to the small table perturb size, a memory leak flaw was found in the Linux kernel's TCP source port...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-030)

The version of kernel installed on the remote host is prior to 5.4.201-111.359. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-030 advisory. Due to the small table perturb size, a memory leak flaw was found in the Linux kernel's TCP source port...

SUSE SLES12 Security Update : kernel (Live Patch 23 for SLE 12 SP4) (SUSE-SU-2022:2444-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2444-1 advisory. - A race condition was found the Linux kernel in perfeventopen which can be exploited by an unprivileged user to gain root privileges. The bug...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: drm/plane: Move range check for formatcount earlier CVE-2021-47659 Due to the small table perturb size, a memory leak flaw was found in the Linux kernel's TCP source port generation algorithm in the net/ipv4/tcp.c...

Node.js 操作系统命令注入漏洞

Node.js is an open source, cross-platform JavaScript runtime environment. Node.js suffers from an operating system command injection vulnerability that stems from the inability of IsIPAddress to properly check for an invalid IP address. When an invalid IPv4 address is supplied, the browser will...

Node.js -- July 7th 2022 Security Releases

Node.js reports: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding MediumCVE-2022-32213 The llhttp parser in the http module does not correctly parse and validate Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS. HTTP Request Smuggling - Improper Delimiting of...

OESA-2022-1727 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hwparams. The hwfree ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw...

lldb bug fix and enhancement update

An update is available for lldb. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list LLDB is a next generation, high-performance debugger. It is built as a set of...

Oracle Linux 8 : kernel (ELSA-2022-9496)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9496 advisory. - debug: lockdown kgdb Orabug: 34270802 CVE-2022-21499 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...

Malicious code in advanced-wp-debugger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fef1ec84f4bb1ea8fbe94dcf92aaf76599a7124588be3dd18e000aff7b89c0e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in debugger-evil-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 60c944bf3379b2fdf578e9176fed770942b3a07f717997aa5ce5cdf8689fcbe7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Oracle Linux 7 : kernel (ELSA-2022-9495)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9495 advisory. 3.10.0-1160.66.1.0.2.el7 - debug: lock down kgdb Orabug: 34270798 CVE-2022-21499 Tenable has extracted the preceding description block directly from the Oracle...

Privilege Escalation

linux is vulnerable to privilege escalation. The vulnerability exists due to a lack of sanitization of access to the kernel debugger when booted in secure boot environments allowing an attacker to bypass UEFI Secure Boot restrictions...

CVE-2022-21499

A flaw was found in the kernel/debug/debugcore.c in the Linux kernel in lockdown mode. This flaw allows an attacker with local access to trigger the debugger, bypass lockdown and write anonymously. Mitigation Mitigation for this issue is either not available or the currently available options don...