369 matches found
UBUNTU-CVE-2023-0615
A memory leak flaw and potential divide by zero and Integer overflow was found in the Linux kernel V4L2 and vivid test code functionality. This issue occurs when a user triggers ioctls, such as VIDIOCSDVTIMINGS ioctl. This could allow a local user to crash the system if vivid test code enabled...
CVE-2022-34479
A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. This bug only affects Thunderbird for Linux. Other operating systems are unaffected.. This vulnerability affects...
CVE-2022-34479
A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. This bug only affects Thunderbird for Linux. Other operating systems are unaffected.. This vulnerability affects...
CVE-2022-44689 Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability
...
KLA20122 Multiple vulnerabilities in Microsoft Open Source Software
Elevation of privilege vulnerability was found in Microsoft Open Source Software. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2022-44689 Related products Microsoft-Windows CVE list CVE-2022-44689 critical KB list Solution Install necessary updates fr...
KB5021234: Windows 11 Security Update (December 2022)
The remote Windows host is missing security update 5021234. It is, therefore, affected by multiple vulnerabilities - PowerShell Remote Code Execution Vulnerability CVE-2022-41076 - Windows Subsystem for Linux WSL2 Kernel Elevation of Privilege Vulnerability CVE-2022-44689 - A remote code executio...
KB5021233: Windows 10 Version 20H2 / 21H1 / 21H2 / 22H2 Security Update (December 2022)
The remote Windows host is missing security update 5021233. It is, therefore, affected by multiple vulnerabilities - PowerShell Remote Code Execution Vulnerability CVE-2022-41076 - Windows Subsystem for Linux WSL2 Kernel Elevation of Privilege Vulnerability CVE-2022-44689 - A remote code executio...
CVE-2022-38014
Windows Subsystem for Linux WSL2 Kernel Elevation of Privilege Vulnerability...
KLA20046 Multiple vulnerabilities in Microsoft Azure
Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Azure RTOS GUIX Studio can be exploited remotely to execut...
KLA20043 PE vulnerability in Microsoft Open Source Software
Elevation of privilege vulnerability was found in Microsoft Open Source Software. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2022-38014 Related products Microsoft-Windows CVE list CVE-2022-38014 high KB list Solution Install necessary updates from t...
Microsoft Windows Subsystem for Linux 竞争条件问题漏洞
Microsoft Windows Subsystem for Linux WSL is a Microsoft Windows Subsystem for Linux, a compatibility layer capable of running native Linux binary executables ELF format. A vulnerability exists in the Microsoft Windows Subsystem for Linux for competitive conditions issue. The following products a...
Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands may be vulnerable to arbitrary code execution [CVE-2022-25255]
Summary Qt for Linux is not used directly by IBM App Connect Enterprise Certified Container but it is included as an operating system package in the images. IBM App Connect Enterprise Certified Container operator and operands may be vulnerable to arbitrary code execution. This bulletin provides...
PT-2025-53125
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the Linux kernel related to the V4L2 fwnode data structure. Specifically, the V4L2 fwnode data is not freed during unbind operations, resulting in a memory leak...
USN-5682-1 linux-aws-5.4 vulnerabilities
It was discovered that the BPF verifier in the Linux kernel did not properly handle internal data structures. A local attacker could use this to expose sensitive information kernel memory. CVE-2021-4159 It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2...
OESA-2022-1966 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free.CVE-2022-40307 A flaw use after free in the Linux kernel video4linux driver wa...
MPlayer 资源管理错误漏洞
MPlayer is an open source multimedia player from the MPlayer team. A resource management error vulnerability exists in MPlayer v1.5, which stems from post-release reuse in the preinit function of libvo/vov4l2.c. An attacker could use this vulnerability to cause a Denial of Service DoS via a...
KLA12583 SUI vulnerability in Microsoft System Center
A tampering vulnerability was found in Microsoft System Center. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2022-33637 Related products Microsoft-Defender-for-Endpoint-for-Windows CVE list CVE-2022-33637 high KB list Solution Install necessary...
EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2022-1825)
According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1,...
A week in security (May 30 – June 5)
Last week on Malwarebytes Labs: Intuit phish says "We have put a temporary hold on your account" The Quad commits to strengthening cybersecurity in software, supply chains Double-whammy attack follows fake Covid alert with a bogus bank call Microsoft Office zero-day "Follina"—its not a bug, its a...
Implications of Windows Subsystem for Linux for Adversaries & Defenders (Part 2)
This post is the second of a multi-part blog series that explores and highlights the different risks that Windows Subsystem for Linux WSL poses to an enterprise IT environment. Here we examine different TTPs that abuse WSL and assess different methods to defend against such threats. ← Go to Part ...