Articles by KENNETH

USN-6066-1: OpenStack Heat vulnerability It was discovered that OpenStack Heat incorrectly handled certain hidden parameter values. A remote authenticated user could possibly use this issue to obtain sensitive data. Source: USN-6066-1: OpenStack Heat vulnerability

USN-6065-1: css-what vulnerabilities It was discovered that css-what incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2021-33587, CVE-2022-21222) Source: USN-6065-1: css-what vulnerabilities

USN-6064-1: SQL parse vulnerability It was discovered that SQL parse incorrectly handled certain regular expression. An attacker could possibly use this issue to cause a denial of service. Source: USN-6064-1: SQL parse vulnerability

USN-6063-1: Ceph vulnerabilities Mark Kirkwood discovered that Ceph incorrectly handled certain key lengths. An attacker could possibly use this issue to create non-random encryption keys. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-3979) It was discovered that Ceph incorrectly handled the volumes plugin. An attacker could possibly use this issue to obtain access to any share. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-0670) It was discovered that Ceph incorrectly handled crash dumps. A local attacker could possibly use this issue to escalate privileges to root. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-3650) It was discovered that Ceph incorrectly handled URL processing on RGW backends. An attacker could possibly use this issue to cause RGW to crash, leading to a denial of service. [ more… ]