Gentoo Linux Security Advisory 202311-11 - Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution. Versions greater than or equal to 5.15.10_p20230623 are affected.
a22a94578a7a21e61983f216e5af0590879d461fc663d27ad2e4fffa1e164182
If the vmwgfx driver fails to copy the fence_rep object to userland, it tries to recover by deallocating the (already populated) file descriptor. This is wrong, as the fd gets released via put_unused_fd() which shouldn't be used, as the fd table slot was already populated via the previous call to fd_install(). This leaves userland with a valid fd table entry pointing to a freed file object. The authors use this bug to overwrite a SUID binary with their payload and gain root. Linux kernel versions 4.14-rc1 - 5.17-rc1 are vulnerable. Successfully tested against Ubuntu 22.04.01 with kernel 5.13.12-051312-generic.
6360a81de99a383330c5955ece5414f2f3b254143f1a5b9246e669769aa929fc
This Metasploit module exploits an unauthenticated remote code execution vulnerability in Spring Cloud Gateway versions 3.0.0 through 3.0.6 and 3.1.0. The vulnerability can be exploited when the Gateway Actuator endpoint is enabled, exposed and unsecured. An unauthenticated attacker can use SpEL expressions to execute code and take control of the victim machine.
21645b3916729fad4fc93eb22039c634ac8ba5e477c97ca0844e7968d2668c3d
Gentoo Linux Security Advisory 202208-39 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.36.7 are affected.
59d81a817adab7fe4680ee2abb7b288ea4a1a235cd1834563017018541347c43
Gentoo Linux Security Advisory 202208-35 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 104.0.5112.101 are affected.
e7597aa0df8c711de96d624bc650d2003b1b78f793dce2a87a44bfd7d0c68250
Ubuntu Security Notice 5568-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
165d32716383b2213041fca19e93814768b839ec69d89fa522b80cc027eea341
Debian Linux Security Advisory 5180-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
04461ff1bdbd3130ce0b479f9dae9abbd1a2848c21dc5e8a4ee7d3e438897605
Apple Security Advisory Safari - Safari 15.6 addresses code execution and out of bounds write vulnerabilities.
171883a24de75be3ee6d67d414e1216dcde7370fd047029fae8b09f83f7e799b
Apple Security Advisory 2022-07-20-2 - macOS Monterey 12.5 addresses bypass, code execution, information leakage, null pointer, out of bounds read, out of bounds write, and spoofing vulnerabilities.
30c718236aa0303e2a848ca5f0ff62300fca488eb543994c74cf586178d456d5
Apple Security Advisory 2022-07-20-1 - iOS 15.6 and iPadOS 15.6 addresses buffer overflow, bypass, code execution, information leakage, null pointer, out of bounds read, out of bounds write, and spoofing vulnerabilities.
e78e010a4bea2ea77407fa1f36dd85e44d56dc1216952e6d8cdb14def80805a3
Red Hat Security Advisory 2022-1373-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
f57c5b22cef3163af1c33c2e82dbe6b00782a303fe5a5f924bc6584e6a35967b
Red Hat Security Advisory 2022-1324-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.
f3f9284cf1bc21bb7a95874ee074c18fe28b6177e869e7d37775b4f41b0f333e
Red Hat Security Advisory 2022-1263-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include buffer overflow, code execution, integer overflow, privilege escalation, and use-after-free vulnerabilities.
8099208ae1c6aef8c286b95bb11ce25104d7ea396a4083c6ef51ad9bcd09650a
Ubuntu Security Notice 5362-1 - Nick Gregory discovered that the Linux kernel incorrectly handled network offload functionality. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida discovered that hardware mitigations added by ARM to their processors to address Spectre-BTI were insufficient. A local attacker could potentially use this to expose sensitive information.
15aee9355fdfa4005c244c11432f609c7d439bd4c9e2bb1fc22da50bd8c0cbbd
Red Hat Security Advisory 2022-1107-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.
548b5969a215b63408fc1ce2bb76de0939dc126576a8bb0a74acf9244630ce2b
Red Hat Security Advisory 2022-1103-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
cd3da72f66a9d3620802f57598d3a1225d845ad596f9cc707e08f89d7fbccd8c
Debian Linux Security Advisory 5092-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
f552af15f42a43d3bd0ed3cf4abd129ea2e3af33a492249e58c49290a8e65d87
Red Hat Security Advisory 2022-0958-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
9beb6e392ff5610d64056a391fbce786ec02c468a9da9985a7ea90ed21f4bcb8
Red Hat Security Advisory 2022-0925-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
f949b1965a1e3b036d9406147fcdb7963214330cbd5427b2f99a92c543ca0fa7
Red Hat Security Advisory 2022-0841-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include denial of service, privilege escalation, and use-after-free vulnerabilities.
d8e691511ec95c6712d5b2ac8c7111abb2e3b0ca1e1e4ad849509a36d93009f7
Red Hat Security Advisory 2022-0849-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include denial of service, privilege escalation, and use-after-free vulnerabilities.
7d884788b05abd4a2b6a60bc812ed1a5f8309c33180d125e5ddcd7c5c0bcb9ea
Red Hat Security Advisory 2022-0851-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
20936ed56440d9255c743c01f214a0ea6ebb400369bd6f3ef8c893527cab6940
Red Hat Security Advisory 2022-0821-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include privilege escalation and use-after-free vulnerabilities.
8f41f8ad52dc356b0e7b8b759a7812d1ffd1da736c34eb2fee4b1469bb8bbcf0
Red Hat Security Advisory 2022-0823-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.
2dc0babe89e52b532d1bec806d8732281457a31f2c3a3371bcedc2acf82182e1
Red Hat Security Advisory 2022-0820-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.
a6b8233b9ffbe93e159b3cd0ab93db97120972df8603080b6689b78bba054393