USN-6342-1: Linux kernel vulnerabilities

Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. CVE-2023-20593 Zheng Zhang discovered that the device-mapper implementation in the Linux kernel...

Ubuntu: Security Advisory (USN-6340-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6340-1 linux, linux-aws, linux-aws-5.4, linux-gcp, linux-hwe-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4 vulnerabilities

Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service bluetooth communication. CVE-2023-2002 Zi Fan Tan discovered that the binder IPC...

Security Bulletin: Vulnerabilities found in jackson-mapper-asl which is shipped with IBM® Intelligent Operations Center(CVE-2019-10172, CVE-2019-10202)

Summary Multiple vulnerabilities have been identified in jackson-mapper-asl which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...

Security Bulletin: Vulnerabilities found in jackson-mapper-asl-1.9.13.jar which is shipped with IBM® Intelligent Operations Center(CVE-2019-10202, CVE-2019-10172)

Summary Multiple vulnerabilities have been identified in jackson-mapper-asl-1.9.13.jar which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerabilit...

USN-6327-1 linux-kvm vulnerabilities

Zheng Zhang discovered that the device-mapper implementation in the Linux kernel did not properly handle locking during tableclear operations. A local attacker could use this to cause a denial of service kernel deadlock. CVE-2023-2269 It was discovered that a use-after-free vulnerability existed ...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6311-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6311-1 advisory. William Zhao discovered that the Traffic Control TC subsystem in the Linux kernel did not properly handle network packet retransmission in...

USN-6311-1: Linux kernel vulnerabilities

William Zhao discovered that the Traffic Control TC subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service kernel deadlock. CVE-2022-4269 It was discovered that the NTFS file system...

USN-6309-1 linux, linux-aws, linux-lts-xenial vulnerabilities

Zheng Zhang discovered that the device-mapper implementation in the Linux kernel did not properly handle locking during tableclear operations. A local attacker could use this to cause a denial of service kernel deadlock. CVE-2023-2269 It was discovered that a use-after-free vulnerability existed ...

USN-6283-1: Linux kernel vulnerabilities

Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service bluetooth communication. CVE-2023-2002 Zheng Zhang discovered that the...

Denial Of Service (DoS)

pocketmine/pocketmine-mp is vulnerable to Denial Of Service DoS. The vulnerability exists in due to the netresearch/jsonmapper dependency due to improper mappings of JSON arrays and objects onto scalar model properties which allows an attacker to send malformed JWT JSON in the LoginPacket causing...

EulerOS Virtualization 3.0.6.6 : device-mapper-multipath (EulerOS-SA-2023-2420)

According to the versions of the device-mapper-multipath packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or...

Huawei EulerOS: Security Advisory for device-mapper-multipath (EulerOS-SA-2023-2420)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Denial Of Service (DoS)

johnzon-mapper is vulnerable to Denial Of Service DoS. The vulnerability exists because it does not validate JSON user input for large numbers, which allows an attacker to inject a large number which will then be parsed by BigDecimal, resulting in Denial of Service...

Security Bulletin: IBM Match 360 is vulnerable to CVE-2019-10202 and CVE-2019-10172 for jackson-mapper-asl

Summary Match 360 is vulnerable to the following CVEs: CVE-CVE-2019-10202 and CVE-2019-10172 Vulnerability Details CVEID:CVE-2019-10202 DESCRIPTION: Red Hat JBoss Enterprise Application Platform EAP could allow a remote attacker to execute arbitrary code on the system, caused by improper...

Security Bulletin: Multiple Vulnerabilities of Apache HttpClient and Jackson-mapper have affected IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines

Summary IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines is vulnerable to Apache HttpClient and jackson-mapper as described in 220912, CVE-2020-13956, CVE-2019-10202, CVE-2019-10172. The fix includes upgrading required libraries to latest version...

Security Bulletin: Multiple Vulnerabilities of Apache HttpClient and Jackson-mapper have affected IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines

Summary IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines is vulnerable to Apache HttpClient and jackson-mapper as described in 220912, CVE-2020-13956, CVE-2019-10202, CVE-2019-10172. The fix includes upgrading required libraries to latest version...

cloud.piranha:debug (>=22.3.0 <=22.10.0), com.github.rmannibucau.sirona:sirona-collector (>=0.6 <=0.8) +165 more potentially affected by CVE-2023-33008 via org.apache.johnzon:johnzon-mapper (>=0.1-incubating <=1.2.20)

org.apache.johnzon:johnzon-mapper MAVEN version =0.1-incubating, =22.3.0, =0.6, =0.6, =0.6, =0.6, =0.6, =0.0.1, =1.7.2.230613, =1.7.2.230622, =2.0.0.230801-beta - dev.onvoid.webrtc.demo:webrtc-java-demo-api =0.1.0 - dev.onvoid.webrtc.demo:webrtc-java-demo-javafx =0.1.0 -...

Important: kernel

Issue Overview: A flaw was found in the x86 KVM subsystem in kvmstealtimesetpreempted in arch/x86/kvm/x86.c in the Linux kernel. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVMVCPUPREEMPTED situations. CVE-2022-39189 In the Linux...

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.117 and fixes atleast the following security issues: In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs CVE-2022-48425. An out-of-bounds memory access flaw was found in...