SUSE-SU-2022:2177-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. bsc1200019 - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted...

PT-2022-3265 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based Description: The issue is related to synchronization errors when using a shared resource, which can allow an attacker to elevate their privileges. Recommendations: At the moment, there is no information about a...

The vulnerability of the Titan FTP Server NextGen installer allows a hacker to execute arbitrary commands with elevated privileges.

The vulnerability of the Titan FTP Server NextGen installer is related to errors during the installation of Microsoft SQL Express 2019. Exploiting this vulnerability allows an attacker to execute arbitrary commands with elevated privileges...

GHSA-XGGC-QPRG-X6MW Weave GitOps leaked cluster credentials into logs on connection errors

Impact A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive cluster configurations, aka KubeConfg, of registered Kubernetes clusters, including the service account tokens in plain text from Weave GitOps's pod logs on the management cluster...

The vulnerability of the Dynamic Voltage and Frequency Scaling (DVFS) technology implemented in Intel microprocessor software allows attackers to launch attacks through external channels and disclose sensitive information.

The vulnerability of the Dynamic Voltage and Frequency Scaling DVFS technology implemented in Intel microprocessor software is related to errors during the dynamic frequency adjustment process. Exploiting this vulnerability can allow a remote attacker to launch an attack through external channels...

The vulnerability of microprogrammed software in Intel SSD solid-state drives, related to resource release errors, allows a hacker to cause a service failure.

The vulnerability of Intel SSD microprogramming software is related to resource release errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the Doc.media.newPlayer method allows attackers to execute arbitrary code through Adobe Reader and Adobe Acrobat programs used for viewing and editing PDF files.

The vulnerability of the Doc.media.newPlayer method in PDF file viewing and editing software like Adobe Reader and Adobe Acrobat is related to resource management errors. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Yandex Browser Lite browser for Android allows a hacker to replace the value of the URL bar with a spoofing IDN.

The vulnerability of the Yandex Browser Lite browser for Android is related to errors in information representation by the user interface. Exploiting this vulnerability allows a malicious actor to remotely replace values in the address bar using IDN spoofing techniques...

The vulnerability of the Anti-Fishing function of the Yandex Browser allows a hacker to bypass existing security restrictions.

The vulnerability of the Anti-Fishing function of the Yandex Browser is related to security configuration errors. Exploiting this vulnerability can allow a remote attacker to bypass existing security restrictions...

The vulnerability of the Yandex Browser’s Safe WiFi technology, which allows a hacker to expose protected information.

The vulnerability of the Safe WiFi technology of the Yandex Browser is related to resource release errors. Exploiting this vulnerability can allow a remote attacker to disclose protected information...

The vulnerability of the Yandex Browser, related to errors in processing symbolic links, allows attackers to escalate their privileges.

The vulnerability of the Yandex Browser is related to errors in processing symbolic links when loading the installation file. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the DNS Server component of the Windows operating system, which allows a hacker to execute arbitrary code.

The vulnerability of the DNS Server component of the Windows operating system arises due to synchronization errors when using a shared resource. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the client device during the installation and preliminary configuration of new devices under Windows Autopilot of the Microsoft operating system allows attackers to perform spear-phishing attacks.

The vulnerability of the client software for installing and preliminarily configuring new devices under Windows Autopilot of the Microsoft operating system is related to information representation errors in the user interface. Exploiting this vulnerability allows a malicious actor to perform...

SUSE-SU-2022:2116-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 kernel was updated. The following security bugs were fixed: - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. bsc1199650 - CVE-2022-21123: Fixed a stale MMIO data...

OPENSUSE-SU-2022:10016-1 Security update for firejail

This update for firejail fixes the following issues: firejail was updated to version 0.9.70: - CVE-2022-31214 - root escalation in --join logic boo1199148 Reported by Matthias Gerstner, working exploit code was provided to our development team. In the same time frame, the problem was independentl...

Security update for firejail (important)

openSUSE Security Update: Security update for firejail Announcement ID: openSUSE-SU-2022:10016-1 Rating: important References: 1199148 Cross-References: CVE-2022-31214 CVSS scores: CVE-2022-31214 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-S...

OESA-2022-1712 python-bottle security update

Bottle is a fast, simple and lightweight WSGI micro web-framework for Python. It is distributed as a single file module and has no dependencies other than the Python Standard Library. Security Fixes: Bottle before 0.12.20 mishandles errors during early request binding.CVE-2022-31799...

The vulnerability of the Windows Hyper-V hardware virtualization system allows a perpetrator to gain unauthorized access to protected information or cause service failures.

The vulnerability of the Windows Hyper-V hardware virtualization system is related to errors in information processing. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information or cause service failures...

The vulnerability of Skype for Business Server in corporate communication servers lies in the lack of protection for service data, which allows attackers to carry out spoofing attacks.

The vulnerability of Skype for Business Server’s corporate communication servers is related to information representation errors in the user interface. Exploiting this vulnerability can allow attackers to perform spoofing attacks remotely...

The vulnerability of the Windows Hyper-V hardware virtualization system allows a perpetrator to gain unauthorized access to protected information or cause service failures.

The vulnerability of the Windows Hyper-V hardware virtualization system is related to errors in information processing. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information or cause service failures...