KubeVirt vulnerable to arbitrary file read on host

Impact Users with the permission to create VMIs can construct VMI specs which allow them to read arbitrary files on the host. There are three main attack vectors: 1. Some path fields on the VMI spec were not properly validated and allowed passing in relative paths which would have been mounted in...

CVE-2022-38007

Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability...

CVE-2022-38007

Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability...

CVE-2022-38007 Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability

...

CVE-2022-38007

CVE-2022-38007 affects Azure Guest Configuration and Azure Arc-enabled servers. The vulnerability enables local elevation of privilege by potentially replacing Microsoft-shipped code used by the Guest Configuration daemon (and related GC Arc Service/Extension daemons) and executing it with higher...

PT-2022-5825 · Microsoft · Azure Arc +1

Name of the Vulnerable Software and Affected Versions: Azure Guest Configuration and Azure Arc-enabled servers affected versions not specified Description: The issue is related to insufficient access controls in the Azure Guest Configuration component, which is part of the Azure Policy service an...

DEBIAN-CVE-2022-31152

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of event authorization rules which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including...

CVE-2022-31152 Synapse vulnerable to denial of service (DoS) due to incorrect application of event authorization rules

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of event authorization rules which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including...

DEBIAN-CVE-2022-38152

An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSLclear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct...

CVE-2022-1117

A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time regular expression may not correctly detect the runtime linker. The consequence is that the pattern detection for applications launched by the run time linker...

Ubuntu: Security Advisory (USN-72-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPENSUSE-SU-2022:10099-1 Security update for chromium

This update for chromium fixes the following issues: Chromium 104.0.5112.101 boo1202509: CVE-2022-2852: Use after free in FedCM CVE-2022-2854: Use after free in SwiftShader CVE-2022-2855: Use after free in ANGLE CVE-2022-2857: Use after free in Blink CVE-2022-2858: Use after free in Sign-In Flow...

thunderbird security update

91.13.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build 91.13.0-1 - Update to 91.13.0 build1...

EulerOS 2.0 SP8 : curl (EulerOS-SA-2022-2217)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections...

Improper access control

The KUKA SystemSoftware V/KSS in versions prior to 8.6.5 is prone to improper access control as an unauthorized attacker can directly read and write robot configurations when access control is not available or not enabled default...

Medium: kernel-livepatch-4.14.276-211.499

Issue Overview: No CVE associated with this advisory Affected Packages: kernel-livepatch-4.14.276-211.499 Issue Correction: Please ensure you have live patching enabled. Run yum update kernel-livepatch-4.14.276-211.499 or yum update --advisory ALAS2LIVEPATCH-2022-091 to update your system. New...

PT-2022-14855 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.7 through 15.0.4 GitLab CE/EE versions 15.1 through 15.1.3 GitLab CE/EE versions 15.2 through 15.2.0 Description: The issue is related to an improper access control check, allowing a malicious authenticated user to vi...

EulerOS 2.0 SP10 : curl (EulerOS-SA-2022-2153)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections...

EulerOS 2.0 SP10 : curl (EulerOS-SA-2022-2128)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections...

CVE-2022-21505

In the linux kernel, if IMA appraisal is used with the "imaappraise=log" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting "imaappraise=log" from the boot param when Secure Boot is enabled, but this does not cover case...