MiracleLinux 7 : kernel-3.10.0-1160.95.1.el7 (AXSA:2023-6249:21)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6249:21 advisory. kernel: use-after-free caused by l2capreassemblesdu in net/bluetooth/l2capcore.c CVE-2022-3564 Tenable has extracted the preceding description block directly...

MiracleLinux 7 : kernel-3.10.0-957.12.1.el7 (AXSA:2019-3871:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3871:03 advisory. Kernel: KVM: potential use-after-free via kvmioctlcreatedevice CVE-2019-6974 Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the...

Advisory ROSA-SA-2024-2383

Software: kernel 3.10.0 OS: rosa-server79 packageevrstring: kernel-3.10.0-1160.105.1.el7 CVE-ID: CVE-2023-5178 BDU-ID: 2023-06750 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the nvmettcpfreecrypto function of the drivers/nvme/target/tcp.c file of the NVMe-oF/TCP subsystem of the NVMe-oF/TCP...

Advisory ROSA-SA-2023-2241

Software: kernel 3.10.0 OS: rosa-server79 packageevrstring: kernel-3.10.0-1160.83.1.el7 CVE-ID: CVE-2023-3397 BDU-ID: 2023-03779 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the JFS file system of the Linux operating system kernel is related to the reuse of previously freed memory due to...

Advisory ROSA-SA-2023-2113

Software: kernel 3.10.0-1160.83.1.el7 OS: rosa-server79 packageevrstring: kernel-3.10.0-1160.83.1.el7 CVE-ID: CVE-2023-0179 BDU-ID: 2023-00383 CVE-Crit: HIGH CVE-DESC: A vulnerability in the netfilter component of the Linux operating system kernel is related to a stack buffer overflow in nftables...

Advisory ROSA-SA-2023-2097

Software: kernel 3.10.0-1160.83.1.el7 OS: rosa-server79 packageevrstring: 3.10.0-1160.83.1.el7 CVE-ID: CVE-2022-2964 BDU-ID: 2022-05848 CVE-Crit: HIGH CVE-DESC: A vulnerability in the Linux operating system kernel driver for ASIX AX88179178A-based USB 2.0/3.0 Gigabit Ethernet devices is related t...

Advisory ROSA-SA-2022-2056

Software: kernel 3.10.0 OS: rosa-server79 packageevrstring: kernel-3.10.0-1160.83.1.el7 CVE-ID: CVE-2022-2078 BDU-ID: 2022-04090 CVE-Crit: Not Relevant CVE-DESC: A vulnerability in the nftsetdescconcatparse function of the Linux operating systems kernel is related to buffer copying without checki...

Kernel update: Virtuozzo ReadyKernel patch 121.5 for Virtuozzo Hybrid Server 7.5

The cumulative Virtuozzo ReadyKernel patch was updated with a stability fix. The patch applies to the kernel 3.10.0-1127.18.2.vz7.163.46 Virtuozzo Hybrid Server 7.5. Vulnerability id: VSTOR-39656 fusekiopcs: Potential kernel crash in fusemapresolve...

Product update: Virtuozzo 7.0 Update 13 (7.0.13-298)

The Update 13 for Virtuozzo 7.0 introduces new features and provides stability and usability bug fixes. It also introduces a new kernel 3.10.0-1062.12.1.vz7.131.10. Vulnerability id: PSBM-95072 'pstorage-target' files are left over after successful migrations of VMs on Virtuozzo Storage from...

Kernel security update: Virtuozzo ReadyKernel patch 98.0 for Virtuozzo 7.0 and Virtuozzo Infrastructure Platform 2.5, 3.0, 3.5

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to the kernels 3.10.0-862.9.1.vz7.63.3 Virtuozzo 7.0.8, 3.10.0-862.11.6.vz7.64.7 Virtuozzo 7.0.8 HF1, 3.10.0-862.20.2.vz7.73.24 Virtuozzo 7.0.9 and Virtuozzo Infrastructure Platform 2.5,...

Kernel security update: Virtuozzo ReadyKernel patch 88.0 for Virtuozzo 7.0.7

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to the kernel 3.10.0-693.17.1.vz7.43.10 Virtuozzo 7.0.7. NOTE: No more patches are planned for this kernel, support for which ends with this update. Vulnerability id: CVE-2019-11810...

Kernel update: Virtuozzo ReadyKernel patch 66.0 for Virtuozzo 7.0.4 to 7.0.8 HF1

The cumulative Virtuozzo ReadyKernel patch was updated with stability fixes. The patch applies to all supported Virtuozzo kernels. NOTE: No more patches are planned for kernel 3.10.0-514.16.1.vz7.30.10, support for which ends with this update. Vulnerability id: PSBM-89050 cleancache: missing...

Important kernel security update: CVE-2017-18344; Virtuozzo ReadyKernel patch 56.0 for Virtuozzo 7.0.8

The cumulative Virtuozzo ReadyKernel patch was updated with a security fix. The patch applies to kernel 3.10.0-862.9.1.vz7.63.3 7.0.8. Vulnerability id: CVE-2017-18344 The implementation of timercreate system call in the Linux kernel before 4.14.8 doesn't properly validate the sigevent::sigevnoti...

Product update: Virtuozzo 6.0 Update 12 Hotfix 27 (6.0.12-3708)

This hotfix provides stability and usability fixes. Vulnerability id: PSBM-80032 prlvzvncserverapp did not honor the --listen parameter that forced VNC server to listen on a specific IP address. Vulnerability id: PSBM-84831 Unable to install Virtuozzo 6 guest tools in a VM running Centos 7 with...

NethServer 7.3.1611 (Upload.json) CSRF Script Insertion Vulnerability

Description NethServer suffers from an authenticated stored XSS vulnerability. Input passed to the 'BackupConfigUploadDescription' POST parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser sessio...

NethServer 7.3.1611 - Cross-Site Request Forgery (Create User / Enable SSH Access) Vulnerability

Exploit for jsp platform in category web applications HTML Decoded PoC: history.pushState'', '', '/' input type="hidden"...

NethServer 7.3.1611 CSRF Create User / Enable SSH Access

HTML Decoded PoC: history.pushState'', '', '/' input type="hidden" name="...

NethServer 7.3.1611 - Cross-Site Request Forgery (Create User Enable SSH Access)

NethServer 7.3.1611 - Cross-Site Request Forgery Create User Enable SSH Access HTML Decoded PoC: history.pushState'', '', '/' input type="hidden" name="AccountUsercreategrou...

Kernel security update: CVE-2017-9077 and other; Virtuozzo ReadyKernel patch 22.0 for Virtuozzo 7.0.1

The cumulative Virtuozzo ReadyKernel patch updated with security fixes. The patch applies to Virtuozzo kernel 3.10.0-327.36.1.vz7.18.7 Virtuozzo 7.0.1. Vulnerability id: CVE-2017-9077 The tcpv6synrecvsock function in net/ipv6/tcpipv6.c in the Linux kernel mishandles inheritance, which allows loca...

Important kernel security update: Virtuozzo ReadyKernel patch 16.0 for kernels 3.10.0-327.18.2.vz7.15.2 (Virtuozzo 7.0.0), 3.10.0-327.36.1.vz7.18.7 (Virtuozzo 7.0.1), and 3.10.0-327.36.1.vz7.20.18 (Virtuozzo 7.0.3)

The cumulative Virtuozzo ReadyKernel patch updated with a security fix. The patch applies to Virtuozzo versions 7.0.0, 7.0.1, and 7.0.3. Vulnerability id: CVE-2017-7184 It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received...