Category Archives: Advisories

CVE-2021-25044

Read Time:12 Second

The Cryptocurrency Pricing list and Ticker WordPress plugin through 1.5 does not sanitise and escape the ccpw_setpage parameter before outputting it back in pages where its shortcode is embed, leading to a Reflected Cross-Site Scripting issue

Read More

USN-5667-1: Linux kernel vulnerabilities

Read Time:1 Minute, 8 Second

Selim Enes Karaduman discovered that a race condition existed in the
General notification queue implementation of the Linux kernel, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-1882)

Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan
and Ariel Sabba discovered that some Intel processors with Enhanced
Indirect Branch Restricted Speculation (eIBRS) did not properly handle RET
instructions after a VM exits. A local attacker could potentially use this
to expose sensitive information. (CVE-2022-26373)

Eric Biggers discovered that a use-after-free vulnerability existed in the
io_uring subsystem in the Linux kernel. A local attacker could possibly use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2022-3176)

It was discovered that the Netlink Transformation (XFRM) subsystem in the
Linux kernel contained a reference counting error. A local attacker could
use this to cause a denial of service (system crash). (CVE-2022-36879)

Jann Horn discovered that the KVM subsystem in the Linux kernel did not
properly handle TLB flush operations in some situations. A local attacker
in a guest VM could use this to cause a denial of service (guest crash) or
possibly execute arbitrary code in the guest kernel. (CVE-2022-39189)

Read More

USN-5665-1: PCRE vulnerabilities

Read Time:20 Second

It was discovered that PCRE incorrectly handled certain regular expressions.
A remote attacker could use this issue to cause applications using PCRE to
crash, resulting in a denial of service. (CVE-2017-6004)

It was discovered that PCRE incorrectly handled certain Unicode encoding. A
remote attacker could use this issue to cause applications using PCRE to
crash, resulting in a denial of service. (CVE-2017-7186)

Read More

CVE-2021-44171

Read Time:20 Second

A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.3 allows attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI commands.

Read More

dhcp-4.4.3-4.P1.fc38

Read Time:20 Second

FEDORA-2022-5c58ef733f

Packages in this update:

dhcp-4.4.3-4.P1.fc38

Update description:

Automatic update for dhcp-4.4.3-4.P1.fc38.

Changelog

* Wed Oct 5 2022 Martin Osvald <mosvald@redhat.com> – 12:4.4.3-4.P1
– New version 4.4.3-P1 (rhbz#2132240)
– Fix for CVE-2022-2928 (rhbz#2132429)
– Fix for CVE-2022-2929 (rhbz#2132430)

Read More

[SYSS-2022-046]: Verbatim Store ‘n’ Go Secure Portable SSD – Expected Behavior Violation (CWE-440) (CVE-2022-28386)

Read Time:18 Second

Posted by Matthias Deeg on Oct 08

Advisory ID: SYSS-2022-046
Product: Store ‘n’ Go Secure Portable SSD
Manufacturer: Verbatim
Affected Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Tested Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Vulnerability Type: Expected Behavior Violation (CWE-440)
Risk Level: Low
Solution Status: Open
Manufacturer Notification: 2022-06-29
Solution Date:…

Read More

[SYSS-2022-045]: Verbatim Store ‘n’ Go Secure Portable SSD – Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)

Read Time:18 Second

Posted by Matthias Deeg on Oct 08

Advisory ID: SYSS-2022-045
Product: Store ‘n’ Go Secure Portable SSD
Manufacturer: Verbatim
Affected Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Tested Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Vulnerability Type: Missing Immutable Root of Trust in Hardware
(CWE-1326)
Risk Level: Medium
Solution Status: Fixed
Manufacturer Notification:…

Read More

[SYSS-2022-044]: Verbatim Store ‘n’ Go Secure Portable SSD – Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)

Read Time:17 Second

Posted by Matthias Deeg on Oct 08

Advisory ID: SYSS-2022-044
Product: Store ‘n’ Go Secure Portable SSD
Manufacturer: Verbatim
Affected Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Tested Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Vulnerability Type: Use of a Cryptographic Primitive with a Risky
Implementation (CWE-1240)
Risk Level: Low
Solution Status:…

Read More