NVIDIA DCGM runs on machines with NVIDIA GPUs to gather telemetry and GPU health data. nv-hostengine is a daemon that by default listens on the loopback interface, but can also listen on the network for requests coming in on port 5555 (remote mgmt). A native client named DCGMI allows users to make requests to the daemon to support a variety of functions. Malformed packets can cause the daemon (running as root or user account) to crash or potentially result in code execution. Versions less than 2.3.5 are affected.
2b77e249b980c3871a0f2ac4cb6decec29e1672c0858391ed0910b4b6867f9f3Red Hat Security Advisory 2022-1166-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.47.
4781d3645cbc8e39080e6ba70a5d46eed3154b00cf45a72aa851d87243f58b8dUbuntu Security Notice 5459-1 - Aurélien Aptel discovered that cifs-utils invoked a shell when requesting a password. In certain environments, a local attacker could possibly use this issue to escalate privileges. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that cifs-utils incorrectly used host credentials when mounting a krb5 CIFS file system from within a container. An attacker inside a container could possibly use this issue to obtain access to sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
2742ad8c53c8d4078d2663f3a6a291fda0c5b7a8aaddb41246e402f6bb7d11f1The Player application and the Recording Manager of Real Player versions 20.1.0.312 and 20.0.3.317 are prone to a remote DLL hijack (binary planting) issue because of an unsafe search for non-existent DLLs. To exploit the issue attackers would have to convince the target to open a media file from a WebDAV or SMB share. Update - It has been noted that as of April 17, 2023, version 22.0.2.306 is also affected by this issue.
cdec3264c1dfb6072227ec32f752253561a495967fe39b8f043c7c2b09f4d8afRed Hat Security Advisory 2022-4582-01 - The gzip packages contain the gzip data compression utility. gzip is used to compress regular files. It replaces them with files containing the .gz extension, while retaining ownership modes, access, and modification times.
84877d2a5f679446f55a9c0af90d0f47f7abb9166f85ecf7068eae932494ffd2Red Hat Security Advisory 2022-4592-01 - The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool.
1a8fda914f1ba8c637e0e1175acbbe46320983900a93001339e61a2015842d84IIPImage is distributed with a server that enables advanced, high-performance image manipulation for web-based streaming and viewing of high resolution images. The server component called iipsrv.fcgi processes requests from users and passes them to command handlers. Several crashes including an integer overflow were discovered by sending malformed requests to the server, allowing remote users without authentication to perform denial-of-service attacks or potentially crafted for remote code execution as the server's running user. Versions at least up to 1.1 may be affected.
469b8801bf0145e552808075cd1f841e7ae3b8e88fcdd656bd6e310c9da61211Red Hat Security Advisory 2022-4584-01 - The zlib packages provide a general-purpose lossless data compression library that is used by many different programs.
0ca7be63bc7dfee1664e95728016a8948a6e0cd28f7eb3aec4c0ebc12f0fe6deRed Hat Security Advisory 2022-1728-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
4d1ce9aa3a05fe4a0664fabdd0bca0f6688ee5555af36cc04157b2e0a15a6923Telesquare SDT-CW3B1 version 1.1.0 suffers from a command injection vulnerability.
a7a13abc7ddc96458bd5e13bac1569c00b2cd6494d8505f0f1a842bbdc267f3dIt was discovered that a race condition existed in the network scheduling subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. Various other issues were also addressed.
d764344ffd074691e5125e0c7ecb9972329d587b004cdad9acfe1fafabfb0253Red Hat Security Advisory 2022-1729-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
193acfb8fd4a848662512e967b82bcb4369a13a63c6386e7f82b7dc4abadb38dRed Hat Security Advisory 2022-4590-1 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.9.0 ESR. Issues addressed include a bypass vulnerability.
7d03737a1820f3fda0e1f92f7f1e70ecd0071e3480d13eadc0e84ce0193c21d3SolarView Compact version 6.00 suffers from a directory traversal vulnerability.
76fa7594e9d56713a54e10432aeac724bc02a1a6c903e3b19cb19936c489db0cRed Hat Security Advisory 2022-4588-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 6.0.105 and .NET Core Runtime 6.0.5. Issues addressed include a denial of service vulnerability.
e1971d19e1665c5518102e6ba41c086c25ba5a18576970a4ff15806c40e1cdefRed Hat Security Advisory 2022-4671-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a spoofing vulnerability.
1a7182c8803733e24a2f52a38dc6173bf272d5ad45772e1226fe7c4a018efefeContao version 4.13.2 suffers from a cross site scripting vulnerability.
cbeb52749747855a33060c38e2a10c586234817500d89d2df6b71170e15b85dbRed Hat Security Advisory 2022-1357-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.10.
4e4d7ceb3b56ff0b8fc58649892f8952cbdc01cec56f79428da5f4f3ed1d5329Red Hat Security Advisory 2022-2137-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
6e12e9b954be71803de8280fc582e6801e9f95bd2e766aa4364eaa868190f341Red Hat Security Advisory 2022-4589-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.9.0. Issues addressed include a bypass vulnerability.
f7449c533eb9b6f9a1d5c7aa7709c8c394e15845f28460d977ac0fc4e6946567Microweber CMS versions 1.2.15 and below suffer from an account takeover vulnerability.
da340f0ec0c7e46dc45436e251b5043c011efd12d2267699a2481f566153855eRed Hat Security Advisory 2022-0737-01 - This release of Red Hat build of Eclipse Vert.x 4.2.5 GA includes security updates. For more information, see the release notes listed in the References section.
0cca4ab2a246aa9e78ce1fd5ccbf4a51719e1522a959ac6707c944e5814984d8Red Hat Security Advisory 2022-4591-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes.
9443b15903cc760b9ad6b48ab093e178cca1f32c647cb545848b0223c0e8f7daRed Hat Security Advisory 2022-4587-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a traversal vulnerability.
81eaaacbd7c62647d2d67700ebf8ae77158590eb7124e0b2709c13bba28eaadbZyxel USG FLEX version 5.21 suffers from a command injection vulnerability.
d241a3c90061a120559caf280f0fe2fd049d9b836481bf51a1841e3861dfdf0a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed