Gentoo Linux Security Advisory 202311-11 - Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution. Versions greater than or equal to 5.15.10_p20230623 are affected.
a22a94578a7a21e61983f216e5af0590879d461fc663d27ad2e4fffa1e164182If the vmwgfx driver fails to copy the fence_rep object to userland, it tries to recover by deallocating the (already populated) file descriptor. This is wrong, as the fd gets released via put_unused_fd() which shouldn't be used, as the fd table slot was already populated via the previous call to fd_install(). This leaves userland with a valid fd table entry pointing to a freed file object. The authors use this bug to overwrite a SUID binary with their payload and gain root. Linux kernel versions 4.14-rc1 - 5.17-rc1 are vulnerable. Successfully tested against Ubuntu 22.04.01 with kernel 5.13.12-051312-generic.
6360a81de99a383330c5955ece5414f2f3b254143f1a5b9246e669769aa929fcThis Metasploit module exploits an unauthenticated remote code execution vulnerability in Spring Cloud Gateway versions 3.0.0 through 3.0.6 and 3.1.0. The vulnerability can be exploited when the Gateway Actuator endpoint is enabled, exposed and unsecured. An unauthenticated attacker can use SpEL expressions to execute code and take control of the victim machine.
21645b3916729fad4fc93eb22039c634ac8ba5e477c97ca0844e7968d2668c3dGentoo Linux Security Advisory 202208-39 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.36.7 are affected.
59d81a817adab7fe4680ee2abb7b288ea4a1a235cd1834563017018541347c43Gentoo Linux Security Advisory 202208-35 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 104.0.5112.101 are affected.
e7597aa0df8c711de96d624bc650d2003b1b78f793dce2a87a44bfd7d0c68250Ubuntu Security Notice 5568-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
165d32716383b2213041fca19e93814768b839ec69d89fa522b80cc027eea341Debian Linux Security Advisory 5180-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
04461ff1bdbd3130ce0b479f9dae9abbd1a2848c21dc5e8a4ee7d3e438897605Apple Security Advisory Safari - Safari 15.6 addresses code execution and out of bounds write vulnerabilities.
171883a24de75be3ee6d67d414e1216dcde7370fd047029fae8b09f83f7e799bApple Security Advisory 2022-07-20-2 - macOS Monterey 12.5 addresses bypass, code execution, information leakage, null pointer, out of bounds read, out of bounds write, and spoofing vulnerabilities.
30c718236aa0303e2a848ca5f0ff62300fca488eb543994c74cf586178d456d5Apple Security Advisory 2022-07-20-1 - iOS 15.6 and iPadOS 15.6 addresses buffer overflow, bypass, code execution, information leakage, null pointer, out of bounds read, out of bounds write, and spoofing vulnerabilities.
e78e010a4bea2ea77407fa1f36dd85e44d56dc1216952e6d8cdb14def80805a3Red Hat Security Advisory 2022-1373-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
f57c5b22cef3163af1c33c2e82dbe6b00782a303fe5a5f924bc6584e6a35967bRed Hat Security Advisory 2022-1324-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.
f3f9284cf1bc21bb7a95874ee074c18fe28b6177e869e7d37775b4f41b0f333eRed Hat Security Advisory 2022-1263-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include buffer overflow, code execution, integer overflow, privilege escalation, and use-after-free vulnerabilities.
8099208ae1c6aef8c286b95bb11ce25104d7ea396a4083c6ef51ad9bcd09650aUbuntu Security Notice 5362-1 - Nick Gregory discovered that the Linux kernel incorrectly handled network offload functionality. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida discovered that hardware mitigations added by ARM to their processors to address Spectre-BTI were insufficient. A local attacker could potentially use this to expose sensitive information.
15aee9355fdfa4005c244c11432f609c7d439bd4c9e2bb1fc22da50bd8c0cbbdRed Hat Security Advisory 2022-1107-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.
548b5969a215b63408fc1ce2bb76de0939dc126576a8bb0a74acf9244630ce2bRed Hat Security Advisory 2022-1103-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
cd3da72f66a9d3620802f57598d3a1225d845ad596f9cc707e08f89d7fbccd8cDebian Linux Security Advisory 5092-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
f552af15f42a43d3bd0ed3cf4abd129ea2e3af33a492249e58c49290a8e65d87Red Hat Security Advisory 2022-0958-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
9beb6e392ff5610d64056a391fbce786ec02c468a9da9985a7ea90ed21f4bcb8Red Hat Security Advisory 2022-0925-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
f949b1965a1e3b036d9406147fcdb7963214330cbd5427b2f99a92c543ca0fa7Red Hat Security Advisory 2022-0841-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include denial of service, privilege escalation, and use-after-free vulnerabilities.
d8e691511ec95c6712d5b2ac8c7111abb2e3b0ca1e1e4ad849509a36d93009f7Red Hat Security Advisory 2022-0849-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include denial of service, privilege escalation, and use-after-free vulnerabilities.
7d884788b05abd4a2b6a60bc812ed1a5f8309c33180d125e5ddcd7c5c0bcb9eaRed Hat Security Advisory 2022-0851-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
20936ed56440d9255c743c01f214a0ea6ebb400369bd6f3ef8c893527cab6940Red Hat Security Advisory 2022-0821-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include privilege escalation and use-after-free vulnerabilities.
8f41f8ad52dc356b0e7b8b759a7812d1ffd1da736c34eb2fee4b1469bb8bbcf0Red Hat Security Advisory 2022-0823-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.
2dc0babe89e52b532d1bec806d8732281457a31f2c3a3371bcedc2acf82182e1Red Hat Security Advisory 2022-0820-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.
a6b8233b9ffbe93e159b3cd0ab93db97120972df8603080b6689b78bba054393
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed