Articles by KENNETH

USN-5629-1: Python vulnerability It was discovered that the Python http.server module incorrectly handled certain URIs. An attacker could potentially use this to redirect web traffic. Source: USN-5629-1: Python vulnerability

USN-5634-1: Linux kernel (OEM) vulnerability Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter subsystem in the Linux kernel did not properly handle rules that truncated packets below the packet header size. When such rules are in place, a remote attacker could possibly use this to cause a denial of service (system crash). Source: USN-5634-1: Linux kernel (OEM) vulnerability

USN-5633-1: Linux kernel vulnerabilities It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33655) Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel’s Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-2318) Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-26365) Roger Pau Monné discovered that the [ more… ]

USN-5632-1: OAuthLib vulnerability Sebastian Chnelik discovered that OAuthLib incorrectly handled certain redirect uris. A remote attacker could possibly use this issue to cause OAuthLib to crash, resulting in a denial of service. Source: USN-5632-1: OAuthLib vulnerability