Privilege Escalation

linux is vulnerable to privilege escalation. The vulnerability exists because of a race condition existed in the iouring subsystem which allows a local attacker to execute code on the affected systems with elevated privileges...

CVE-2022-42717

An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute...

GLSA-202208-07 : LibRaw: Stack buffer overread

The remote host is affected by the vulnerability described in GLSA-202208-07 LibRaw: Stack buffer overread - Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identifyprocessdngfields in identify.cpp. CVE-2020-24870 Note that Nessus has not tested for this issue but has instead relied...

Bpflock - eBPF Driven Security For Locking And Auditing Linux Machines

bpflock - eBPF driven security for locking and auditing Linux machines. Note: bpflock is currently in experimental stage , it may break, options and security semantics may change, some BPF programs will be updated to use Cilium ebpf library. 1. Introduction bpflock uses eBPF to strength Linux...

Oracle Linux 7 : containerd (ELSA-2021-15790)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-15790 advisory. - Address CVE-2021-32760 docker-cli - updated containerd minimum version to 1.4.8 to address CVE-2021-32760. docker-engine Tenable has extracted the preceding...

cri-o: Default inheritable capabilities for linux container should be empty

A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby Docker Engine where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs...

CVE-2022-33740

Summary: The CVE-2022-33740 issue concerns the Linux Block and Network PV device frontends leaking data to the backend. The root cause described in the sources is that memory regions are not zeroed before sharing with the backend, and the grant-table granularity (4K pages) means data from differe...

EulerOS 2.0 SP8 : docker-engine (EulerOS-SA-2022-1926)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In containerd an industry-standard container runtime before version 1.2.14 there is a credential leaking vulnerability. If a container...

Important Photon OS Security Update - PHSA-2022-0488

Updates of 'linux-aws', 'linux-esx', 'linux-secure', 'linux' packages of Photon OS have been released...

The vulnerability of the XFRM subsystem in the Linux operating system allows a hacker to gain access to confidential information or cause a service failure.

The vulnerability of the XFRM subsystem in the Linux operating system is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to access confidential information or cause service failures...

Microsoft Warns Rise in XorDdos Malware Targeting Linux Devices

A Linux botnet malware known as XorDdos has witnessed a 254% surge in activity over the last six months, according to latest research from Microsoft. The trojan, so named for carrying out denial-of-service attacks on Linux systems and its use of XOR-based encryption for communications with its...

[ASA-202205-3] thunderbird: multiple issues

Arch Linux Security Advisory ASA-202205-3 ========================================= Severity: High Date : 2022-05-16 CVE-ID : CVE-2022-1520 CVE-2022-29909 CVE-2022-29911 CVE-2022-29912 CVE-2022-29913 CVE-2022-29914 CVE-2022-29916 CVE-2022-29917 Package : thunderbird Type : multiple issues Remote ...

buildah: Default inheritable capabilities for linux container should be empty

A flaw was found in buildah, where containers were incorrectly started with non-empty default permissions. A bug was found in Moby Docker Engine where containers were incorrectly started with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs wi...

Benchmarking Linux Security – Latest Research Findings

How well do your Linux security practices stack up in today's challenging operating environment? Are you following the correct processes to keep systems up-to-date and protected against the latest threats? Now you can find out thanks to research independently conducted by the Ponemon Institute. T...

SUSE-SU-2022:1108-1 Security update for util-linux

This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. bsc1194642 - Prevent root owning of /var/lib/libuuid/clock.txt. bsc1194642 - Warn if uuidd lock state is not usable. bsc1194642...

Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. The following packages have been upgraded to a later upstream version: kernel 4.18.0. BZ2036888 Security Fixes: kernel: improper initialization of the "flags" member of the new pipebuffer CVE-2022-0847 kernel: U...

CVE-2021-44747

A Denial-of-Service DoS vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service of the...

Denial of service

A Denial-of-Service DoS vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service of the...

CVE-2021-44747 Denial-of-Service (DoS) Vulnerability

A Denial-of-Service DoS vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service of the...

CVE-2021-44747

CVE-2021-44747: A DoS vulnerability in F-Secure Linux Security targets the Fmlib component. The vulnerability can crash while scanning fuzzed files and can be triggered remotely, causing denial of service to the Anti-Virus engine. Affected outcome is a partial availability impact for the AV compo...