Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the
Linux kernel did not properly restrict access to the cgroups v1
release_agent feature. A local attacker could use this to gain
administrative privileges. (CVE-2022-0492)
Brendan Dolan-Gavitt discovered that the Marvell WiFi-Ex USB device driver
in the Linux kernel did not properly handle some error conditions. A
physically proximate attacker could use this to cause a denial of service
(system crash). (CVE-2021-43976)
Wenqing Liu discovered that the f2fs file system implementation in the
Linux kernel did not properly validate inode types while performing garbage
collection. An attacker could use this to construct a malicious f2fs image
that, when mounted and operated on, could cause a denial of service (system
crash). (CVE-2021-44879)
Samuel Page discovered that the Transparent Inter-Process Communication
(TIPC) protocol implementation in the Linux kernel contained a stack-based
buffer overflow. A remote attacker could use this to cause a denial of
service (system crash) for systems that have a TIPC bearer configured.
(CVE-2022-0435)
Lyu Tao discovered that the NFS implementation in the Linux kernel did not
properly handle requests to open a directory on a regular file. A local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2022-24448)
It was discovered that the YAM AX.25 device driver in the Linux kernel did
not properly deallocate memory in some error conditions. A local privileged
attacker could use this to cause a denial of service (kernel memory
exhaustion). (CVE-2022-24959)
More Stories
golang-github-cncf-xds-0-0.10.20230912gite9ce688.fc39 golang-github-envoyproxy-control-plane-0.11.1-1.fc39 golang-github-nats-io-1.30.1-1.fc39 golang-github-nats-io-jwt-2-2.5.2-1.fc39 golang-github-nats-io-nkeys-0.4.5-2.fc39 golang-github-protobuf-1.5.3-3.fc39 golang-google-protobuf-1.31.0-4.fc39 nats-server-2.10.1-3.fc39
FEDORA-2023-6b89bc0305 Packages in this update: golang-github-cncf-xds-0-0.10.20230912gite9ce688.fc39 golang-github-envoyproxy-control-plane-0.11.1-1.fc39 golang-github-nats-io-1.30.1-1.fc39 golang-github-nats-io-jwt-2-2.5.2-1.fc39 golang-github-nats-io-nkeys-0.4.5-2.fc39 golang-github-protobuf-1.5.3-3.fc39 golang-google-protobuf-1.31.0-4.fc39 nats-server-2.10.1-3.fc39 Update description: Contains updates to address CVE-2022-{28357,41717}...
bind-9.18.19-1.fc39 bind-dyndb-ldap-11.10-21.fc39
FEDORA-2023-b4acb0f7c6 Packages in this update: bind-9.18.19-1.fc39 bind-dyndb-ldap-11.10-21.fc39 Update description: BIND 9.18.19 Security Fixes Previously, sending a specially crafted message over...
golang-github-nats-io-1.30.1-1.fc40 golang-github-protobuf-1.5.3-3.fc40 nats-server-2.10.1-3.fc40
FEDORA-2023-5f904f4dd4 Packages in this update: golang-github-nats-io-1.30.1-1.fc40 golang-github-protobuf-1.5.3-3.fc40 nats-server-2.10.1-3.fc40 Update description: Contains updates to address CVE-2022-{28357,41717} Read More
[tool] WatchGuard Firebox Web Update Unpacker
Posted by retset on Sep 25 A small utility for extracting file system images from "sysa-dl" update files. https://github.com/ret5et/Watchguard_WebUI_Unpacker Read...
CVE-2022-4244
A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and...
CVE-2022-4245
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that...