AlmaLinux 8 : kernel-rt (ALSA-2023:3350)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:3350 advisory. - In the Linux kernel through 6.3.1, a use-after-free in Netfilter nftables when processing batch requests can be abused to perform arbitrary read and write...

Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6123-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6123-1 advisory. Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests,...

USN-6026-1 vim vulnerabilities

It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. This issue only affected Ubuntu 20.04 LTS. CVE-2021-4166 It was discovered that Vim was using freed memory when dealing...

SUSE CVE-2022-1943

A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udfwritefi. A local user could use this flaw to crash the system or potentially...

Insufficient Verification of Proofs generated by the immudb server in client SDK.

Impact In certain scenario a malicious immudb server can provide a falsified proof that will be accepted by the client SDK signing a falsified transaction replacing the genuine one. This situation can not be triggered by a genuine immudb server and requires the client to perform a specific list o...

kernel: ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix potential AB/BA lock with buffermutex and mmaplock syzbot caught a potential deadlock between the PCM runtime-buffermutex and the mm-mmaplock. It was brought by the recent fix to cover the racy read/write and other...

RHEL 8 : kernel (RHSA-2022:7279)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7279 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: a use-after-free in clsroute...

CVE-2022-40307

A race condition in the Linux kernel's EFI capsule loader driver was found in the way it handled write and flush operations on the device node of the EFI capsule. A local user could potentially use this flaw to crash the system...

RHEL 8 : kernel-rt (RHSA-2022:6437)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6437 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...

RHEL 8 : kernel (RHSA-2022:6460)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6460 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: Incomplete cleanup of multi-core share...

CVE-2022-36086 linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend`

linkedlistallocator is an allocator usable for nostd systems. Prior to version 0.10.2, the heap initialization methods were missing a minimum size check for the given heap size argument. This could lead to out-of-bound writes when a heap was initialized with a size smaller than 3 sizeof:: because...

OracleVM 3.4 : xen (OVMSA-2022-0023)

The remote OracleVM system is missing necessary patches to address security updates: - Incomplete cleanup of multi-core shared buffers for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2022-21123 - Incomplete cleanup of...

RHEL 7 : kernel (RHSA-2022:5937)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5937 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: Incomplete cleanup of multi-core share...

RHEL 7 : kernel-rt (RHSA-2022:5939)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5939 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...

Critical: exim

Issue Overview: Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory owned by a non-root user, a symlink or hard link attack allows overwriting critical root-owned files anywhere on the filesystem. CVE-2020-28007 Exim 4 before 4.94....

Amazon Linux 2 : golang (ALAS-2022-1811)

The version of golang installed on the remote host is prior to 1.16.15-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1811 advisory. An infinite loop vulnerability was found in golang. If an application defines a custom token parser initializing with...

USN-5486-1: Intel Microcode vulnerabilities

It was discovered that some Intel processors did not implement sufficient control flow management. A local attacker could use this to cause a denial of service. CVE-2021-0127 Joseph Nuzman discovered that some Intel processors did not properly initialise shared resources. A local attacker could u...

EulerOS 2.0 SP10 : golang (EulerOS-SA-2022-1506)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2...

EulerOS 2.0 SP9 : golang (EulerOS-SA-2022-1449)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header falsely designating that many files are present can cause ...

Design/Logic Flaw

An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati2dblt routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QE...