USN-5442-2: Linux kernel vulnerabilities

Read Time:36 Second

Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of
the Linux kernel did not properly perform reference counting in some
situations, leading to a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or execute
arbitrary code. (CVE-2022-29581)

Bing-Jhong Billy Jheng discovered that the io_uring subsystem in the Linux
kernel contained in integer overflow. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-1116)

Jann Horn discovered that the Linux kernel did not properly enforce seccomp
restrictions in some situations. A local attacker could use this to bypass
intended seccomp sandbox restrictions. (CVE-2022-30594)

Read More

CVE-2021-27778

Read Time:17 Second

HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages. An attacker could exploit this vulnerability to execute a malicious script to access any cookies, session tokens, or other sensitive information retained by the browser and used with that site.

Read More