[SECURITY] Fedora 35 Update: golang-github-containernetworking-cni-1.1.1-4.fc35

Container Network Interface - networking for Linux containers...

CVE-2022-32290

CVE-2022-32290 affects Northern.tech Mender client versions 3.2.0–3.2.2. The issue is incorrect access control where the Mender Client exposes an HTTP proxy on a non-localhost TCP port across all network interfaces. This allows any device on the same network to connect to the proxy and forward AP...

Fedora: Security Advisory for golang-github-containernetworking-cni (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-github-containernetworking-cni-1.1.1-4.fc36

Container Network Interface - networking for Linux containers...

Fedora: Security Advisory for golang-github-containernetworking-cni (FEDORA-2022-725ac93b48)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for golang-github-containernetworking-cni (FEDORA-2022-1da581ac6d)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

The vulnerability of the DNS query handler in microprogramming-based network interface controllers of Cisco Adaptive Security Appliances (ASA) and Cisco Firepower Threat Defense (FTD) allows attackers to induce service failures.

The vulnerability of the DNS query handler in microprogramming-based network interface controllers of Cisco Adaptive Security Appliances ASA and Cisco Firepower Threat Defense FTD is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to...

Security Bulletin: SLOTH - Weak MD5 Signature Hash vulnerability may affect DS8000

Summary SLOTH - Weak MD5 Signature Hash vulnerability may affect DS8000 CVE-2015-7575 Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange...

CVE-2020-15238

Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depends on the system configuration. If Polkit-1 is disabled and for versions lower than 2.0.6, any...

The vulnerability of the implementation of the VPN Secure Sockets Layer (SSL) function in microprogramming-based network interface controllers of Cisco Adaptive Security Appliances (ASA) and Cisco Firepower Threat Defense (FTD) allows a attacker to cause service interruptions.

The vulnerability of the implementation of the VPN Secure Sockets Layer SSL function in microprogramming-based network interface controllers from Cisco Adaptive Security Appliances ASA and Cisco Firepower Threat Defense FTD is related to resource management errors. Exploiting this vulnerability c...

kernel: wifi: nl80211: fix integer overflow in nl80211_parse_mbssid_elems()

An integer overflow flaw was found in the Linux kernel's nl80211 wireless configuration interface in the MBSSID element parsing logic. A local user with CAPNETADMIN capability can trigger this issue by specifying 256 or more MBSSID elements through the nl80211 interface, causing the u8 counter...

Is Your Kubernetes Cluster Ready for Version 1.24?

Kubernetes rolled out Version 1.24 on May 3, 2022, as its first release of 2022. This version is packed with some notable improvements, as well as new and deprecated features. In this post, we will cover some of the more significant items on the list. The Dockershim removal The new release has...

SUSE-RU-2022:1384-1 Recommended update for Salt

This update fixes the following issues: salt: - Clear network interfaces cache on grains request bsc1196050 - Handle old qemu-img not supporting -U parameter bsc1195221 - Restrict 'state.orchestratesingle' to pass a pillar value if it exists bsc1194632 - Fix sparse disk errors on Python 2 virt...

SUSE SLES11 Security Update : dnsmasq (SUSE-SU-2022:14941-1)

The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:14941-1 advisory. - A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a...

The vulnerability of the client library for TFTP in FortiOS operating systems, the network interface for web applications FortiWeb, and the proxy server FortiProxy allows a perpetrator to execute arbitrary code.

The vulnerability of the client library for TFTP in FortiOS operating systems, the network interface for web applications FortiWeb, and the proxy server FortiProxy are related to buffer overflow attacks. Exploiting this vulnerability allows an attacker to execute arbitrary code using specially...

CVE-2022-26413

A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30ABFX.5C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface...

VMware 多款产品代码注入漏洞

Vmware Workspace One Access is a U.S.-based Vmware company that combines user identity with device and network information, among other factors, to make intelligent, conditional access decisions for Workspace One-delivered applications. vmware Workspace ONE Access and Identity Manager has a remot...

The vulnerability of NETGEAR Wi-Fi router microprogramming software, including models D6220, D7000, D7000v2, R6400v2, R6700v3, R7000, R7100LG, and XR300, arises from buffer overflow attacks, allowing attackers to execute arbitrary code.

The vulnerability of NETGEAR Wi-Fi router software models D6220, D7000, D7000v2, R6400v2, R6700v3, R7000, R7100LG, and XR300 lies in buffer overflow attacks on the network interface layer. Exploiting this vulnerability can allow attackers to execute arbitrary code...

QEMU 代码问题漏洞

QEMU is a suite of emulation processor software from the personal developer Fabrice Bellard of France. The software is fast and cross-platform, and a denial-of-service vulnerability exists in QEMU, which stems from the incorrect handling of certain values by the QEMU NIC emulator. An attacker...

CVE-2022-25375

An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDISMSGSET command. Attackers can obtain sensitive information from kernel memory...