RHEL 8 : kernel (RHSA-2022:4924)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:4924 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: buffer overflow in IPsec ESP...

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2022-1791)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows ...

Important: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

kernel: buffer overflow in IPsec ESP transformation code

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat...

Important: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

RHEL 8 : kpatch-patch (RHSA-2022:4809)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:4809 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fixe...

RHEL 8 : kernel-rt (RHSA-2022:4835)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:4835 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...

RHEL 8 : kernel (RHSA-2022:4829)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:4829 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: buffer overflow in IPsec ESP...

CVE-2021-28508

This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak IPsec sensitive data in clear text in CVP to...

Design/Logic Flaw

This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak IPsec sensitive data in clear text in CVP to...

CVE-2021-28508 TerminAttr streams IPsec sensitive data in clear text to other authorized users in CVP

This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak IPsec sensitive data in clear text in CVP to...

USN-5357-1: Linux kernel vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that the IPsec implementation in the Linux kernel did not properly allocate enough memory when performing ESP transformations, leading to a heap-based buffer...

Security Advisory 0077

Security Advisory 0077 . CSAF PDF Date: May 27th, 2022 Revision | Date | Changes ---|---|--- 1.1 | May 27th 2022 | Update the CVE impact of Octa 1.0 | May 25th 2022 | Initial release CVE-2021-28508 CVSSv3.1 Base Score: 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H CWE: CWE-255 Credentials...

CVE-2022-0910

A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware...

CVE-2022-0910

A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware...

Authentication flaw

A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware...

CVE-2022-0910

A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware...

CVE-2022-0910

CVE-2022-0910 describes an authentication-bypass flaw in Zyxel firewall products where an authenticated attacker can downgrade from two-factor to one-factor authentication when connecting to the IPsec VPN server. Affected are Zyxel USG/ZyWALL firmware 4.32–4.71, USG FLEX 4.50–5.21, ATP 4.32–5.21,...

Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2022-9366)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2022-9366 advisory. - esp: Fix possible buffer overflow in ESP transformation Steffen Klassert Orabug: 33997301 CVE-2022-27666 - netfilter: nftables: initialize registers in...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2022-9367)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9367 advisory. - esp: Fix possible buffer overflow in ESP transformation Steffen Klassert Orabug: 33997301 CVE-2022-27666 - netfilter: nftables: initialize registers in...