The Cryptocurrency Pricing list and Ticker WordPress plugin through 1.5 does not sanitise and escape the ccpw_setpage parameter before outputting it back in pages where its shortcode is embed, leading to a Reflected Cross-Site Scripting issue
Category Archives: Advisories
USN-5667-1: Linux kernel vulnerabilities
Selim Enes Karaduman discovered that a race condition existed in the
General notification queue implementation of the Linux kernel, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-1882)
Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan
and Ariel Sabba discovered that some Intel processors with Enhanced
Indirect Branch Restricted Speculation (eIBRS) did not properly handle RET
instructions after a VM exits. A local attacker could potentially use this
to expose sensitive information. (CVE-2022-26373)
Eric Biggers discovered that a use-after-free vulnerability existed in the
io_uring subsystem in the Linux kernel. A local attacker could possibly use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2022-3176)
It was discovered that the Netlink Transformation (XFRM) subsystem in the
Linux kernel contained a reference counting error. A local attacker could
use this to cause a denial of service (system crash). (CVE-2022-36879)
Jann Horn discovered that the KVM subsystem in the Linux kernel did not
properly handle TLB flush operations in some situations. A local attacker
in a guest VM could use this to cause a denial of service (guest crash) or
possibly execute arbitrary code in the guest kernel. (CVE-2022-39189)
USN-5665-1: PCRE vulnerabilities
It was discovered that PCRE incorrectly handled certain regular expressions.
A remote attacker could use this issue to cause applications using PCRE to
crash, resulting in a denial of service. (CVE-2017-6004)
It was discovered that PCRE incorrectly handled certain Unicode encoding. A
remote attacker could use this issue to cause applications using PCRE to
crash, resulting in a denial of service. (CVE-2017-7186)
USN-5666-1: OpenSSH vulnerability
It was discovered that OpenSSH incorrectly handled certain helper programs.
An attacker could possibly use this issue to arbitrary code execution.
CVE-2021-44171
A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.3 allows attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI commands.
dhcp-4.4.3-4.P1.fc37
FEDORA-2022-9ca9a94e28
Packages in this update:
dhcp-4.4.3-4.P1.fc37
Update description:
New version 4.4.3-P1 (rhbz#2132240)
Fix for CVE-2022-2928 (rhbz#2132429)
Fix for CVE-2022-2929 (rhbz#2132430)
dhcp-4.4.3-4.P1.fc38
FEDORA-2022-5c58ef733f
Packages in this update:
dhcp-4.4.3-4.P1.fc38
Update description:
Automatic update for dhcp-4.4.3-4.P1.fc38.
Changelog
* Wed Oct 5 2022 Martin Osvald <mosvald@redhat.com> – 12:4.4.3-4.P1
– New version 4.4.3-P1 (rhbz#2132240)
– Fix for CVE-2022-2928 (rhbz#2132429)
– Fix for CVE-2022-2929 (rhbz#2132430)
[SYSS-2022-046]: Verbatim Store ‘n’ Go Secure Portable SSD – Expected Behavior Violation (CWE-440) (CVE-2022-28386)
Posted by Matthias Deeg on Oct 08
Advisory ID: SYSS-2022-046
Product: Store ‘n’ Go Secure Portable SSD
Manufacturer: Verbatim
Affected Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Tested Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Vulnerability Type: Expected Behavior Violation (CWE-440)
Risk Level: Low
Solution Status: Open
Manufacturer Notification: 2022-06-29
Solution Date:…
[SYSS-2022-045]: Verbatim Store ‘n’ Go Secure Portable SSD – Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)
Posted by Matthias Deeg on Oct 08
Advisory ID: SYSS-2022-045
Product: Store ‘n’ Go Secure Portable SSD
Manufacturer: Verbatim
Affected Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Tested Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Vulnerability Type: Missing Immutable Root of Trust in Hardware
(CWE-1326)
Risk Level: Medium
Solution Status: Fixed
Manufacturer Notification:…
[SYSS-2022-044]: Verbatim Store ‘n’ Go Secure Portable SSD – Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)
Posted by Matthias Deeg on Oct 08
Advisory ID: SYSS-2022-044
Product: Store ‘n’ Go Secure Portable SSD
Manufacturer: Verbatim
Affected Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Tested Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Vulnerability Type: Use of a Cryptographic Primitive with a Risky
Implementation (CWE-1240)
Risk Level: Low
Solution Status:…