Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-032)

The version of kernel installed on the remote host is prior to 5.4.201-111.359. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-032 advisory. Due to the small table perturb size, a memory leak flaw was found in the Linux kernel's TCP source port...

SUSE SLES12 Security Update : kernel (Live Patch 24 for SLE 12 SP5) (SUSE-SU-2022:2438-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2438-1 advisory. - A race condition was found the Linux kernel in perfeventopen which can be exploited by an unprivileged user to gain root privileges. The bug...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-016)

The version of kernel installed on the remote host is prior to 5.10.126-117.518. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-016 advisory. Due to the small table perturb size, a memory leak flaw was found in the Linux kernel's TCP source port...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-030)

The version of kernel installed on the remote host is prior to 5.4.201-111.359. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-030 advisory. Due to the small table perturb size, a memory leak flaw was found in the Linux kernel's TCP source port...

SUSE SLES12 Security Update : kernel (Live Patch 23 for SLE 12 SP4) (SUSE-SU-2022:2444-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2444-1 advisory. - A race condition was found the Linux kernel in perfeventopen which can be exploited by an unprivileged user to gain root privileges. The bug...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: drm/plane: Move range check for formatcount earlier CVE-2021-47659 Due to the small table perturb size, a memory leak flaw was found in the Linux kernel's TCP source port generation algorithm in the net/ipv4/tcp.c...

Node.js 操作系统命令注入漏洞

Node.js is an open source, cross-platform JavaScript runtime environment. Node.js suffers from an operating system command injection vulnerability that stems from the inability of IsIPAddress to properly check for an invalid IP address. When an invalid IPv4 address is supplied, the browser will...

Node.js -- July 7th 2022 Security Releases

Node.js reports: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding MediumCVE-2022-32213 The llhttp parser in the http module does not correctly parse and validate Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS. HTTP Request Smuggling - Improper Delimiting of...

OESA-2022-1727 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hwparams. The hwfree ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw...

lldb bug fix and enhancement update

An update is available for lldb. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list LLDB is a next generation, high-performance debugger. It is built as a set of...

Oracle Linux 8 : kernel (ELSA-2022-9496)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9496 advisory. - debug: lockdown kgdb Orabug: 34270802 CVE-2022-21499 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...

Malicious code in advanced-wp-debugger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fef1ec84f4bb1ea8fbe94dcf92aaf76599a7124588be3dd18e000aff7b89c0e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in debugger-evil-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 60c944bf3379b2fdf578e9176fed770942b3a07f717997aa5ce5cdf8689fcbe7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Oracle Linux 7 : kernel (ELSA-2022-9495)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9495 advisory. 3.10.0-1160.66.1.0.2.el7 - debug: lock down kgdb Orabug: 34270798 CVE-2022-21499 Tenable has extracted the preceding description block directly from the Oracle...

Privilege Escalation

linux is vulnerable to privilege escalation. The vulnerability exists due to a lack of sanitization of access to the kernel debugger when booted in secure boot environments allowing an attacker to bypass UEFI Secure Boot restrictions...

CVE-2022-21499

A flaw was found in the kernel/debug/debugcore.c in the Linux kernel in lockdown mode. This flaw allows an attacker with local access to trigger the debugger, bypass lockdown and write anonymously. Mitigation Mitigation for this issue is either not available or the currently available options don...

CVE-2022-21499

KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7...

CVE-2022-21499

KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7...

CVE-2022-21499

KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7...

DEBIAN-CVE-2022-21499

KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7...