DEBIAN-CVE-2022-33987

The got package before 12.1.0 also fixed in 11.8.5 for Node.js allows a redirect to a UNIX socket...

CVE-2022-33987

The got package before 12.1.0 also fixed in 11.8.5 for Node.js allows a redirect to a UNIX socket...

Design/Logic Flaw

The got package before 12.1.0 also fixed in 11.8.5 for Node.js allows a redirect to a UNIX socket...

UBUNTU-CVE-2022-33987

The got package before 12.1.0 also fixed in 11.8.5 for Node.js allows a redirect to a UNIX socket...

CVE-2022-33987

The got package before 12.1.0 also fixed in 11.8.5 for Node.js allows a redirect to a UNIX socket...

CVE-2022-33987

The got package before 12.1.0 also fixed in 11.8.5 for Node.js allows a redirect to a UNIX socket...

CVE-2022-33987

The got package before 12.1.0 also fixed in 11.8.5 for Node.js allows a redirect to a UNIX socket...

CVE-2022-33987

CVE-2022-33987 affects the Node.js got package. The vulnerability allows a redirect to a UNIX socket due to how redirects are handled. IBM/related advisories confirm the issue and that fixes are in got v12.1.0 and v11.8.5. Remediation: upgrade to 12.1.0+ (or 11.8.5+). Base scoring shown as MEDIUM...

CVE-2022-33987

The got package before 12.1.0 also fixed in 11.8.5 for Node.js allows a redirect to a UNIX socket...

PT-2022-21949

Name of the Vulnerable Software and Affected Versions got package versions prior to 12.1.0 got package versions prior to 11.8.5 Description The issue allows a redirect to a UNIX socket. This is related to the got package for Node.js. Recommendations For versions prior to 12.1.0, update to version...

Security update for caddy (moderate)

openSUSE Security Update: Security update for caddy Announcement ID: openSUSE-SU-2022:10007-1 Rating: moderate References: 1200279 Cross-References: CVE-2022-297182 Affected Products: openSUSE Backports SLE-15-SP4 An update that fixes one vulnerability is now available. Description: This update f...

[SECURITY] [DLA 3047-1] avahi security update

Debian LTS Advisory DLA-3047-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany June 07, 2022 https://wiki.debian.org/LTS Package : avahi Version : 0.6.32-2+deb9u1 CVE ID : CVE-2021-3468 CVE-2021-26720 Debian Bug : 984938 It was discovered that the Debian package o...

SUSE-SU-2022:1815-1 Security update for slurm_20_11

This update for slurm2011 fixes the following issues: - CVE-2022-29500: Fixed architectural flaw that could have been exploited to allow an unprivileged user to execute arbitrary processes as root bsc1199278. - CVE-2022-29501: Fixed a problem that an unprivileged user could have sent data to...

Incorrect Default Permissions

github.com/cilium/cilium has incorrect default permissions. A malicious users belonging to the group ID 1000 is able to access the cilium API via the Unix domain socket, allowing an unintended file system access...

CVE-2022-29178 Incorrect Default Permissions in Cilium

Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 100...

PT-2022-19432 · Cilium · Cilium

Name of the Vulnerable Software and Affected Versions: Cilium versions prior to 1.9.16 Cilium versions prior to 1.10.11 Cilium versions prior to 1.11.5 Description: Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. It...

SUSE-SU-2022:1666-1 Security update for slurm

This update for slurm fixes the following issues: - CVE-2022-29500: Fixed architectural flaw that could have been exploited to allow an unprivileged user to execute arbitrary processes as root bsc1199278. - CVE-2022-29501: Fixed a problem that an unprivileged user could have sent data to arbitrar...

kernel: fget: check that the fd still exists after getting a ref to it

A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close and fget simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on...

USN-5294-2 linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-azure-fde, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4 linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities

It was discovered that the Packet network protocol implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-22600 Szymon Heidrich discovered that the USB Gadget...

USN-5295-2 linux, linux-aws, linux-aws-5.13, linux-azure, linux-gcp, linux-kvm, linux-oracle, linux-oracle-5.13, linux-raspi vulnerabilities

It was discovered that the Packet network protocol implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-22600 Jann Horn discovered a race condition in the Un...