USN-5520-1: HTTP-Daemon vulnerability It was discovered that HTTP-Daemon incorrectly handled certain crafted requests. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. Source: USN-5520-1: HTTP-Daemon vulnerability
USN-5519-1: Python vulnerability It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. Source: USN-5519-1: Python vulnerability
USN-5512-1: Thunderbird vulnerabilities Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, spoof the UI, bypass CSP restrictions, or execute arbitrary code. (CVE-2022-2200, CVE-2022-31736, CVE-2022-31737, CVE-2022-31738, CVE-2022-31740, CVE-2022-31741, CVE-2022-31742, CVE-2022-31744, CVE-2022-31747, CVE-2022-34468, CVE-2022-34470, CVE-2022-34479, CVE-2022-34481, CVE-2022-34484) It was discovered that an unavailable PAC file caused OCSP requests to be blocked, resulting in incorrect error pages being displayed. (CVE-2022-34472) It was discovered that the Braille space character could be used to cause Thunderbird to display the wrong sender address for signed messages. An attacker could potentially exploit this to trick the user into believing a message had been sent from somebody they trusted. (CVE-2022-1834) It was discovered that Thunderbird would consider an email [ more… ]
USN-5518-1: Linux kernel vulnerabilities It was discovered that the eBPF implementation in the Linux kernel did not properly prevent writes to kernel objects in BPF_BTF_LOAD commands. A privileged local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-0500) It was discovered that the Marvell NFC device driver implementation in the Linux kernel did not properly perform memory cleanup operations in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system) or execute arbitrary code. (CVE-2022-1734) Yongkang Jia discovered that the KVM hypervisor implementation in the Linux kernel did not properly handle guest TLB mapping invalidation requests in some situations. An attacker in a guest VM could use this to cause a denial of service in the host OS (system crash). [ more… ]
USN-5517-1: Linux kernel (OEM) vulnerabilities It was discovered that the Atheros ath9k wireless device driver in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1679) It was discovered that the virtio RPMSG bus driver in the Linux kernel contained a double-free vulnerability in certain error conditions. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-34494) Source: USN-5517-1: Linux kernel (OEM) vulnerabilities
Copyright © 2024 | WordPress Theme by MH Themes
