In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript allows the smokeping user to gain ownership of any file, allowing for the smokeping user to gain root privileges. There is a race condition involving /var/lib/smokeping and chown.
Category Archives: Advisories
CVE-2017-20147
In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript uses a PID file that is writable by the smokeping user. By writing arbitrary PIDs to that file, the smokeping user can cause a denial of service to arbitrary PIDs when the service is stopped.
CVE-2017-20148
In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on Gentoo, it is possible to achieve root privilege escalation from the logcheck user because of insecure recursive chown calls.
[R1] Nessus Network Monitor 6.1.0 Fixes Multiple Third-party Vulnerabilities
[R1] Nessus Network Monitor 6.1.0 Fixes Multiple Third-party Vulnerabilities
Arnie Cabral
Tue, 09/20/2022 – 13:14
Out of caution and in line with best practice, Tenable opted to upgrade the bundled components to address the potential impact of these issues. Nessus Network Monitor 6.1.0 updates OpenSSL to version 3.0.5 and moment.js to 2.29.4 to address the identified vulnerabilities.
CVE-2021-33076
Improper authentication in firmware for some Intel(R) SSD DC Products may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
CVE-2021-33079
Protection mechanism failure in firmware for some Intel(R) SSD DC Products may allow a privileged user to potentially enable information disclosure via local access.
CVE-2021-33081
Protection mechanism failure in firmware for some Intel(R) SSD DC Products may allow a privileged user to potentially enable information disclosure via local access.
gajim-1.5.1-1.fc36 python-nbxmpp-3.2.2-1.fc36
FEDORA-2022-b60ea83571
Packages in this update:
gajim-1.5.1-1.fc36
python-nbxmpp-3.2.2-1.fc36
Update description:
Update Gajim to 1.5.1 (and python-nbxmpp to 3.2.2)
gajim-1.5.1-1.fc37 python-nbxmpp-3.2.2-1.fc37
FEDORA-2022-bf1f350185
Packages in this update:
gajim-1.5.1-1.fc37
python-nbxmpp-3.2.2-1.fc37
Update description:
Update Gajim to 1.5.1 (and python-nbxmpp to 3.2.2)
snakeyaml-1.32-1.el9
FEDORA-EPEL-2022-c48c7429c0
Packages in this update:
snakeyaml-1.32-1.el9
Update description:
Security fix for CVE-2022-25857