In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript uses a PID file that is writable by the smokeping user. By writing arbitrary PIDs to that file, the smokeping user can cause a denial of service to arbitrary PIDs when the service is stopped.
In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on Gentoo, it is possible to achieve root privilege escalation from the logcheck user because of insecure recursive chown calls.
[R1] Nessus Network Monitor 6.1.0 Fixes Multiple Third-party Vulnerabilities
Arnie Cabral
Tue, 09/20/2022 – 13:14
Out of caution and in line with best practice, Tenable opted to upgrade the bundled components to address the potential impact of these issues. Nessus Network Monitor 6.1.0 updates OpenSSL to version 3.0.5 and moment.js to 2.29.4 to address the identified vulnerabilities.
Improper authentication in firmware for some Intel(R) SSD DC Products may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
Protection mechanism failure in firmware for some Intel(R) SSD DC Products may allow a privileged user to potentially enable information disclosure via local access.
Protection mechanism failure in firmware for some Intel(R) SSD DC Products may allow a privileged user to potentially enable information disclosure via local access.
gajim-1.5.1-1.fc36
python-nbxmpp-3.2.2-1.fc36
Update Gajim to 1.5.1 (and python-nbxmpp to 3.2.2)
gajim-1.5.1-1.fc37
python-nbxmpp-3.2.2-1.fc37
Update Gajim to 1.5.1 (and python-nbxmpp to 3.2.2)
snakeyaml-1.32-1.el9
Security fix for CVE-2022-25857
snakeyaml-1.32-1.el8
Security fix for CVE-2022-25857
