what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 39 RSS Feed

CVE-2022-2990

Status Candidate

Overview

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

Related Files

Red Hat Security Advisory 2022-8973-01
Posted Dec 14, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8973-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, code execution, memory leak, out of bounds write, and privilege escalation vulnerabilities.

tags | advisory, overflow, kernel, vulnerability, code execution, memory leak
systems | linux, redhat
advisories | CVE-2022-1158, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-23816, CVE-2022-23825, CVE-2022-26373, CVE-2022-2639, CVE-2022-2959, CVE-2022-29900, CVE-2022-29901, CVE-2022-43945
SHA-256 | 8fedbbf10be56ed3244024efc11739ae41c56ec0cebbc5d2689f162776226891
Red Hat Security Advisory 2022-8974-01
Posted Dec 14, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8974-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, code execution, out of bounds write, and privilege escalation vulnerabilities.

tags | advisory, overflow, kernel, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-1158, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-23816, CVE-2022-23825, CVE-2022-26373, CVE-2022-2639, CVE-2022-2959, CVE-2022-29900, CVE-2022-29901, CVE-2022-43945
SHA-256 | 6d35672261df38aa85cd2ee464c60cd4122ef8f495ae23678e628e5bf760d2c8
Ubuntu Security Notice USN-5728-3
Posted Nov 30, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5728-3 - Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the memory address space accounting implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-20422, CVE-2022-2153, CVE-2022-2978, CVE-2022-29901, CVE-2022-3028, CVE-2022-3625, CVE-2022-3635, CVE-2022-39188, CVE-2022-40768, CVE-2022-41222, CVE-2022-42703, CVE-2022-42719
SHA-256 | ebafaab2d5db4b2842460331e69fe77801e170fb619cc3bd4e090cd8f02623de
Ubuntu Security Notice USN-5728-2
Posted Nov 21, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5728-2 - Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the memory address space accounting implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-20422, CVE-2022-2153, CVE-2022-2978, CVE-2022-29901, CVE-2022-3028, CVE-2022-3625, CVE-2022-3635, CVE-2022-39188, CVE-2022-40768, CVE-2022-41222, CVE-2022-42703, CVE-2022-42719
SHA-256 | c3624c07f86cdfd2b3713a4f62018465ad2c42db0469b2ff000d4ff889d73b83
Ubuntu Security Notice USN-5728-1
Posted Nov 17, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5728-1 - Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the memory address space accounting implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-20422, CVE-2022-2153, CVE-2022-2978, CVE-2022-29901, CVE-2022-3028, CVE-2022-3625, CVE-2022-3635, CVE-2022-39188, CVE-2022-40768, CVE-2022-41222, CVE-2022-42703, CVE-2022-42719
SHA-256 | d0a1c25c6eb1d9a7ff69a8217addefb3508ac783bad0f3c1762570c079322a29
Red Hat Security Advisory 2022-8431-01
Posted Nov 16, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8431-01 - The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-2989, CVE-2022-2990
SHA-256 | bde63b47a05fa71e76f75535ab11d13194617f32effd054fa1677bd6f9f48500
Red Hat Security Advisory 2022-8008-01
Posted Nov 16, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8008-01 - The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Issues addressed include denial of service and information leakage vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-20291, CVE-2021-33195, CVE-2021-33197, CVE-2021-33198, CVE-2022-27191, CVE-2022-2989, CVE-2022-2990
SHA-256 | f27bc3e529f8aa8ebd57f3027862054868818878916e80cbd4d078f8cadc588f
Red Hat Security Advisory 2022-7434-01
Posted Nov 10, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7434-01 - A Red Hat OpenShift security update has been provided for the Logging Subsystem.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-35525, CVE-2020-35527, CVE-2022-0494, CVE-2022-1353, CVE-2022-21618, CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628, CVE-2022-23816, CVE-2022-23825, CVE-2022-2509, CVE-2022-2588, CVE-2022-29900
SHA-256 | 8955b3daac257bb1e631eab88f1476668bf890ade5b3c2f9df79ac69caf7f1a7
Red Hat Security Advisory 2022-6882-01
Posted Nov 9, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6882-01 - Openshift Logging 5.3.13 security and bug fix release.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-35525, CVE-2020-35527, CVE-2022-0494, CVE-2022-1353, CVE-2022-21618, CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628, CVE-2022-23816, CVE-2022-23825, CVE-2022-2509, CVE-2022-2588, CVE-2022-29900
SHA-256 | 7e65b18002978caefe3c4db2dc816316d156cfdc8df48304228fbb8fa76dbb4f
Red Hat Security Advisory 2022-7457-01
Posted Nov 8, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7457-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include information leakage and memory exhaustion vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2021-36221, CVE-2021-41190, CVE-2022-1708, CVE-2022-27191, CVE-2022-29162, CVE-2022-2990
SHA-256 | 72c93ef5fad8294ebe3afa3b48f3853ab0bb3fb7dd60c2174498a5cadd63ae36
Red Hat Security Advisory 2022-7822-01
Posted Nov 8, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7822-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-2989, CVE-2022-2990
SHA-256 | 0f953845060b331fa03695eb343bb0b9cbb60d9d42b8a73f3bd5d9e8578a2f78
Red Hat Security Advisory 2022-7338-01
Posted Nov 3, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7338-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include code execution, privilege escalation, and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-23816, CVE-2022-23825, CVE-2022-2588, CVE-2022-26373, CVE-2022-29900, CVE-2022-29901
SHA-256 | 97a4f05892f5310eee304e4ddc0379cfce9b9f7cd23d75d375041238621f622e
Red Hat Security Advisory 2022-7337-01
Posted Nov 3, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7337-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include code execution, privilege escalation, and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-23816, CVE-2022-23825, CVE-2022-2588, CVE-2022-26373, CVE-2022-29900, CVE-2022-29901
SHA-256 | cecb4ff726f2e2ac5392c18e54da018333c6e9f6ac8100a7ea617dcc091c62bf
Red Hat Security Advisory 2022-7201-01
Posted Nov 2, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7201-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.12. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2020-35525, CVE-2020-35527, CVE-2022-0494, CVE-2022-1353, CVE-2022-23816, CVE-2022-23825, CVE-2022-2509, CVE-2022-2588, CVE-2022-26945, CVE-2022-29900, CVE-2022-29901, CVE-2022-30321, CVE-2022-30322, CVE-2022-30323
SHA-256 | 6d28e160aebd967897f3d87e1e5bfd567b29c6dba8e6d1fe4a5120cd1a1c659b
Red Hat Security Advisory 2022-7276-01
Posted Nov 2, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7276-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.8 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include denial of service, server-side request forgery, and remote SQL injection vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2020-35525, CVE-2020-35527, CVE-2022-0494, CVE-2022-1353, CVE-2022-2238, CVE-2022-23816, CVE-2022-23825, CVE-2022-2509, CVE-2022-25858, CVE-2022-2588, CVE-2022-29900, CVE-2022-29901, CVE-2022-31129, CVE-2022-34903
SHA-256 | 7ac9e1c7f562a5f00c685c3f4a883358404bdb691f54031e1c202dfc1880d591
Red Hat Security Advisory 2022-7134-01
Posted Oct 26, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7134-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include code execution, information leakage, privilege escalation, and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2022-0494, CVE-2022-1353, CVE-2022-23816, CVE-2022-23825, CVE-2022-2588, CVE-2022-29900, CVE-2022-29901
SHA-256 | 6a450fa6510675d96313a97083abb8cf1284fa5ccbb8758fe7a577703508c005
Red Hat Security Advisory 2022-7110-01
Posted Oct 25, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7110-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include code execution, information leakage, memory leak, privilege escalation, and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability, code execution, memory leak
systems | linux, redhat
advisories | CVE-2022-0494, CVE-2022-1353, CVE-2022-23816, CVE-2022-23825, CVE-2022-2588, CVE-2022-29900, CVE-2022-29901
SHA-256 | 7e26c2475110ff7340d7988275fa609b265fd44e6f52933eac803e2512ab54ab
Debian Security Advisory 5207-1
Posted Aug 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5207-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2022-2585, CVE-2022-2586, CVE-2022-2588, CVE-2022-26373, CVE-2022-29900, CVE-2022-29901, CVE-2022-36879, CVE-2022-36946
SHA-256 | a834fc5673ea42539aceee3099b521390b2bb10a60b230031ba7bb0a98087e77
Ubuntu Security Notice USN-5566-1
Posted Aug 11, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5566-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-1652, CVE-2022-1679, CVE-2022-2585, CVE-2022-2586, CVE-2022-2588, CVE-2022-28893, CVE-2022-29900, CVE-2022-29901, CVE-2022-34918
SHA-256 | 86abaa0c5ce8d1a30e303a39ce1a671f08409990567bd2c247492e7141a9725b
Ubuntu Security Notice USN-5565-1
Posted Aug 11, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5565-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-2585, CVE-2022-2586, CVE-2022-2588, CVE-2022-29900, CVE-2022-29901
SHA-256 | 484e185b1094f77c20937b1f6cdb7e94436b94b7ed29b91894907086a9eaadad
Ubuntu Security Notice USN-5564-1
Posted Aug 11, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5564-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-0500, CVE-2022-1652, CVE-2022-1679, CVE-2022-1734, CVE-2022-1789, CVE-2022-1974, CVE-2022-1975, CVE-2022-2585, CVE-2022-2586, CVE-2022-2588, CVE-2022-28893, CVE-2022-29900, CVE-2022-29901, CVE-2022-33981
SHA-256 | 1a35f7b41237a476900dc251a309728112baf4d626a8583783752c7b50a75005
Debian Security Advisory 5184-1
Posted Jul 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5184-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation. In addition this updates provides mitigations for the "Retbleed" speculative execution attack and the "MMIO stale data" vulnerabilities.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-23816, CVE-2022-23825, CVE-2022-26362, CVE-2022-26363, CVE-2022-26364, CVE-2022-29900
SHA-256 | a6ef7fc52f33a44647f11ad73447e266d15867256950bda60e55581335321822
Red Hat Security Advisory 2022-4590-1
Posted Jun 3, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4590-1 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.9.0 ESR. Issues addressed include a bypass vulnerability.

tags | advisory, web, bypass
systems | linux, redhat
advisories | CVE-2022-29909, CVE-2022-29911, CVE-2022-29912, CVE-2022-29914, CVE-2022-29916, CVE-2022-29917
SHA-256 | 7d03737a1820f3fda0e1f92f7f1e70ecd0071e3480d13eadc0e84ce0193c21d3
Red Hat Security Advisory 2022-4589-01
Posted Jun 3, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4589-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.9.0. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2022-1520, CVE-2022-29909, CVE-2022-29911, CVE-2022-29912, CVE-2022-29913, CVE-2022-29914, CVE-2022-29916, CVE-2022-29917
SHA-256 | f7449c533eb9b6f9a1d5c7aa7709c8c394e15845f28460d977ac0fc4e6946567
Debian Security Advisory 5129-1
Posted May 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5129-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.

tags | advisory, web, arbitrary, spoof, info disclosure
systems | linux, debian
advisories | CVE-2022-29909, CVE-2022-29911, CVE-2022-29912, CVE-2022-29914, CVE-2022-29916, CVE-2022-29917
SHA-256 | 6e82db6dff6f96ecfd161cadff7557dfe1491b1ae4e54374528ba5655397ec6e
Page 1 of 2
Back12Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    33 Files
  • 8
    Feb 8th
    34 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close