ALSA-2022:7318 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: posix cpu timer use-after-free may lead to local privilege escalation CVE-2022-2585 Unprivileged users may use PTRACESEIZE to set PTRACEOSUSPENDSECCOMP option CVE-2022-30594 For more details abou...

kernel: x86/speculation: Fill RSB on vmexit for IBRS

In the Linux kernel, the following vulnerability has been resolved: x86/speculation: Fill RSB on vmexit for IBRS Prevent RSB underflow/poisoning attacks with RSB. While at it, add a bunch of comments to attempt to document the current state of tribal knowledge about RSB attacks and what exactly i...

The vulnerability of the network firewall used for protecting web applications, Trustwave ModSecurity, arises from the execution of a loop with an unavailable exit condition. This allows attackers to trigger a service failure.

The vulnerability of the network firewall used for protecting web applications, Trustwave ModSecurity, is related to the execution of a loop with an unavailable exit condition. Exploiting this vulnerability allows a malicious actor to trigger a service failure through a specially crafted HTTP...

The vulnerability of the QEMU hardware emulation software, related to executing a loop with an unavailable exit condition, allows a hacker to trigger a service failure.

The vulnerability of the QEMU hardware emulation engine is related to the execution of a loop with an unavailable exit condition. Exploiting this vulnerability allows a perpetrator to trigger a service failure...

F5 Networks BIG-IP : GNU C Library vulnerability (K64119434)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.5.1. It is, therefore, affected by a vulnerability as referenced in the K64119434 advisory. In the GNU C Library aka glibc or libc6 before 2.28, parseregexp in posix/regcomp.c misparses alternatives, which allows...

Dataprobe iBoot-PDU 授权问题漏洞

PHP is a scripting language that executes on the server side.Dataprobe iBoot-PDU is a web-accessible managed PDU independently controlled socket from Dataprobe USA. The Dataprobe iBoot-PDU FW has an authorization issue vulnerability that stems from the fact that certain PHP pages only authenticat...

The vulnerability of the QEMU hardware emulation software, related to executing a loop with an unavailable exit condition, allows a hacker to trigger a service failure.

The vulnerability of the QEMU hardware emulation engine is related to the execution of a loop with an unavailable exit condition. Exploiting this vulnerability allows a perpetrator to trigger a service failure...

PT-2022-33996 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.140 Description: The issue is related to an error exit in the privcmd ioctl dm op function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions...

GSD-2022-1005433 xen/privcmd: fix error exit of privcmd_ioctl_dm_op()

xen/privcmd: fix error exit of privcmdioctldmop This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.64 by commit...

GSD-2022-1005024 xen/privcmd: fix error exit of privcmd_ioctl_dm_op()

xen/privcmd: fix error exit of privcmdioctldmop This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.6 by commit...

The vulnerability of the unzzip_cat_file function in the ZZIPlib compression library allows a hacker to trigger a service failure.

The vulnerability of the unzzipcatfile function in the ZZIPlib archive library is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability allows an attacker to cause a service failure...

The vulnerability of the client_work function in the Avahi service discovery system allows a perpetrator to induce a service failure.

The vulnerability of the clientwork function in the Avahi service discovery system in local networks is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability can allow an attacker to cause a service failure...

Malicious code in dep-loop-exit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b0ad48a7ef0c36b270f48536d4c55cc157e68784983d0ac098c548b45e1935ec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2022-37243 · Git +1 · Fluent-Bit

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-use-after-free error, which occurs when the program attempts to access memory that has already been freed. The crash state...

CVE-2022-36008

Frontier is Substrate's Ethereum compatibility layer. A security issue was discovered affecting parsing of the RPC result of the exit reason in case of EVM reversion. In release build, this would cause the exit reason being incorrectly parsed and returned by RPC. In debug build, this would cause ...

Code injection

Frontier is Substrate's Ethereum compatibility layer. A security issue was discovered affecting parsing of the RPC result of the exit reason in case of EVM reversion. In release build, this would cause the exit reason being incorrectly parsed and returned by RPC. In debug build, this would cause ...

CVE-2022-36008 Message length overflow in frontier

Frontier is Substrate's Ethereum compatibility layer. A security issue was discovered affecting parsing of the RPC result of the exit reason in case of EVM reversion. In release build, this would cause the exit reason being incorrectly parsed and returned by RPC. In debug build, this would cause ...

CVE-2022-36008 Message length overflow in frontier

Frontier is Substrate's Ethereum compatibility layer. A security issue was discovered affecting parsing of the RPC result of the exit reason in case of EVM reversion. In release build, this would cause the exit reason being incorrectly parsed and returned by RPC. In debug build, this would cause ...

Frontier 输入验证错误漏洞

Frontier is an EtherCompatible layer for Substrate. It is used to run unmodified Ethernet Dapps. Frontier suffers from an input validation error vulnerability that stems from the fact that it can affect the parsing of RPC results in the event of EVM recovery. In the release version, this causes t...

PT-2022-23107 · Frontier · Frontier

Name of the Vulnerable Software and Affected Versions: Frontier affected versions not specified Description: A security issue was discovered affecting the parsing of the RPC result of the exit reason in case of EVM reversion. This issue causes the exit reason to be incorrectly parsed and returned...