UBUNTU-CVE-2022-49066

In the Linux kernel, the following vulnerability has been resolved: veth: Ensure eth header is in skb's linear part After feeding a decapsulated packet to a veth device with actmirred, skbheadlen may be 0. But vethxmit calls devforwardskb, which expects at least ETHHLEN byte of linear data as...

CVE-2022-49575 tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts.

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctltcpthinlineartimeouts. While reading sysctltcpthinlineartimeouts, it can be changed concurrently. Thus, we need to add READONCE to its reader...

CVE-2022-49066 veth: Ensure eth header is in skb's linear part

In the Linux kernel, the following vulnerability has been resolved: veth: Ensure eth header is in skb's linear part After feeding a decapsulated packet to a veth device with actmirred, skbheadlen may be 0. But vethxmit calls devforwardskb, which expects at least ETHHLEN byte of linear data as...

CVE-2022-49066

The CVE-2022-49066 issue affects the Linux kernel’s veth path. When a decapsulated packet is fed to a veth device with act_mirred, skb_headlen() may be 0, yet veth_xmit() forwards the skb to __dev_forward_skb() which unconditionally requires ETH_HLEN bytes of linear data. The root cause is the mi...

Important: Red Hat Security Advisory: OpenShift Virtualization 4.18.0 Images

Red Hat OpenShift Virtualization release 4.18.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which...

Important: Red Hat Security Advisory: RHODF-4.16-RHEL-9 security update

An updated images are now available for RHODF-4.16-RHEL-9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links...

Malicious code in clubhouse-to-linear-exporter (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 763c04a1400336e5c62621aba4027b81dfb2b2ba0b01ec823e0f4f62703e0eed Any computer that has this package install...

MAL-2025-1523 Malicious code in clubhouse-to-linear-exporter (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 763c04a1400336e5c62621aba4027b81dfb2b2ba0b01ec823e0f4f62703e0eed Any computer that has this package install...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.48 security and extras update

Red Hat OpenShift Container Platform release 4.14.48 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a security impact of...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.17.16 bug fix and security update

Red Hat OpenShift Container Platform release 4.17.16 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a security impact of...

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.4.14

Red Hat OpenShift Service Mesh Containers for 2.4.14 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift...

CVE-2024-9441

The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary OS commands via the loginid parameter when invoking the forgotpassword functionality over HTTP...

Important: Red Hat Security Advisory: RHSA: Submariner 0.19.2 - bug fix and enhancement update

Submariner 0.19 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.12 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVS...

Critical: Red Hat Security Advisory: ACS 4.6.2 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes RHACS. The updated image includes security and bug fixes. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which give...

FreeBSD : oauth2-proxy -- Non-linear parsing of case-insensitive content (258a58a9-6583-4808-986b-e785c27b0a18)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 258a58a9-6583-4808-986b-e785c27b0a18 advisory. Golang reports: This update include security fixes: Tenable has extracted the preceding description blo...

WordPress Linear plugin <= 2.8.1 - Cross-Site Request Forgery to Cache Reset vulnerability

Cross-Site Request Forgery to Cache Reset vulnerability discovered by Dhabaleshwar Das in WordPress Plugin Linear versions = 2.8.1...

CVE-2024-13709

The Linear plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on the 'linear-debug'. This makes it possible for unauthenticated attackers to reset the plugin's cache via a forged reques...

CVE-2024-13709 Linear <= 2.8.1 - Cross-Site Request Forgery to Cache Reset

The Linear plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on the 'linear-debug'. This makes it possible for unauthenticated attackers to reset the plugin's cache via a forged reques...

CVE-2024-13709 Linear <= 2.8.1 - Cross-Site Request Forgery to Cache Reset

The Linear plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on the 'linear-debug'. This makes it possible for unauthenticated attackers to reset the plugin's cache via a forged reques...

CVE-2024-13709

CVE-2024-13709 : The Linear WordPress plugin (versions up to 2.8.1) is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the ‘linear-debug’ feature. This can allow unauthenticated attackers to reset the plugin cache by tricking a site administrator into performing a forg...