Ubuntu Security Notice 5605-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
90229ee7d360ca1032c3774eb7541dd265334f14d1b68b0af1fdde07e84033cbSagemath version 9.0 suffers from overflow and denial of service vulnerabilities.
cd33738d86983c0d334c06354102833ee1f1e36d4ad569b092958d9f143920daRed Hat Security Advisory 2022-6407-01 - A minor version update is now available for Red Hat Camel K that includes CVE fixes in the base images, which are documented in the Release Notes document linked in the References section. Issues addressed include denial of service, information leakage, integer overflow, and resource exhaustion vulnerabilities.
cc86bb2ed063a9b8609ef6960b486d0a7bff3be7ef9e7f5716ccc3523480f3edXML signature verification in .NET 6 as implemented in System.Security.Cryptography.Xml.SignedXml is vulnerable to external entity injection attacks.
fb9e0a77092860baf50e4dd27de48b363926968c3606d0db1631fac8f83f0ff4On Windows, the Kerberos ticket renewal process can be used with CG to get an unencrypted TGT session key for a currently authenticated user leading to information disclosure.
1f9bd51e7f807ea1be820b38b4053f9b704e41211fd5779bce57f43bf497716aUbuntu Security Notice 5604-1 - It was discovered that LibTIFF incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. It was discovered that LibTIFF incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service.
985101ae6c88f4e12ea624e503543f0ddecca97062b1bda50ff4700636ff6271On Windows, the handling of cryptographic data comparison in the CG secure process does not use constant time algorithms resulting in information disclosure.
1eae27125e32160c8f3573cd0f12536dc12d59971e45282431a815f2a69f4009InTouch Access Anywhere Secure Gateway versions 2020 R2 and below suffer from a path traversal vulnerability.
c9873dff912c339fc99f6c1c0d26c32ecee59d977893de8864d051af5bba5038Red Hat Security Advisory 2022-6263-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.61. Issues addressed include denial of service and out of bounds read vulnerabilities.
f81d6d7743dfee9d3117b3d90921d3f45e47a85facb6f384cd437bf521688c88On Windows, the KerbIumGetNtlmSupplementalCredential CG API does not check the encryption key type leading to information disclosure of key material.
bfc4de1d074e4d56008f260f7b9c997af5b2161990204d92efb3480c889c7baaOn Windows, CG API KerbIumCreateApReqAuthenticator can be used to decrypt arbitrary encrypted Kerberos keys leading to information disclosure.
795dc1d7b2670d24abb7d74a9852a53667f29e9616266571270c30ddde0cf221Ubuntu Security Notice 5603-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
1d1f666adf73d2989de4744ce636092a060c9c71252883fc6fdf9fdffbedc3fdOnline Notice Board 2022 suffers from a remote SQL injection vulnerability.
933c3875a54089fc520191cb1f6a96c4760027618d879e98189221f649b8cc2aRed Hat Security Advisory 2022-6262-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.6.61. Issues addressed include a bypass vulnerability.
72548ddc1adb7743918cfe4de6f5c9572a4cdabfee46870057e2ef7ea8b5251embDrive Lite WiFi Flash Disk version 1.4.0 suffers from a cross site scripting vulnerability.
51023eaa6d3fa8c871e79d6e732f795bbd9070c25b2bde0918b7f7b75307aee1AirDisk version 7.5.5 suffers from a persistent cross site scripting vulnerability.
5c2171b386d4185c2d365152bd1f99a0e03692cfe0babd1487055e726dd594e8Windows Credential guard does not prevent using encrypted Kerberos keys to change a user's password leading to elevation of privilege.
963aa15cc46082f2880e53f09434bff0855b293f238fa1b7b59fcc34a5c7c568Windows CG APIs, which take encrypted keys, do not limit what encryption or checksum types can be used with those keys. This can result in using weak encryption algorithms which could be abused to either generate keystreams or brute force encryption keys.
a89b74c0dc18c8ac3c1161dc1b3af00aa0758ae52080749f23434cc90472d8b2Ubuntu Security Notice 5602-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. It was discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.
ce844e4f8d52119424aa42281985343f750bff17c8cdf3876b66566fda087ec6@Drive version 2.8 suffers from a local file inclusion vulnerability.
1c242342304c59d9a82db2eb45e80f971e783004a6b81e805655fb5adc09c690On Windows, the method for allocating a context when using the CG BCrypt APIs is insecure leading to use-after-free of secure memory resulting in elevation of privilege.
c22c4583f57e6b94c3c87d7e06f1807aec4eb6add28377b878080567d6bba7a8On Windows, a number of Kerberos CG APIs do not verify the ASN1 PDU type when decoding and encoding Kerberos ASN1 structures leading to type confusion and elevation of privilege.
af00e87e42028f79ab35606912cd654841bc7965655e5d68e202a8ef913306f4The Windows kernel suffers from multiple memory problems when handling incorrectly formatted security descriptors in registry hives.
293c30cffcbb94043ce3d944e538e450e3725f0cfaac4a97ac6e1fd8f5cb1152The Windows kernel suffers from an invalid read/write condition due to an unchecked Blink cell index in the root security descriptor.
f5ef4884111855adc3fd46bc812f23d93a2b2cd3ea5d058dca7ff112e15a1d10The Windows kernel suffers from a use-after-free vulnerability due to a refcount overflow in the registry hive security descriptors.
887d2c7083667658525f99cb11e9070e5fce0488ac2056ebd3b6c51b176ad7c3
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed