#vmware

Ubuntu Security Notice 5924-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice 5917-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code.

Categories: Exploits and vulnerabilities Categories: News Tags: CVE-2022-21123 Tags: CVE-2022-21125 Tags: CVE-2022-21127 Tags: CVE-2022-21166 Tags: Intel Tags: VMs Tags: microcode Microsoft has released out of band updates for information disclosure vulnerabilities in Intel CPUs, but who needs them? (Read more...) The post Intel CPU vulnerabilities fixed. But should you update? appeared first on Malwarebytes Labs.

Ubuntu Security Notice 5915-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel did not properly handle VLAN headers in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

HPE OneView for VMware vCenter, in certain circumstances, may disclose the “HPE OneView” Username and Password.

Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows administrative users to perform a Stored Cross-Site Scripting (XSS) attack.

Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows unauthorized users to update EMS Subscriptions via unspecified vectors.

VMware Workspace ONE Content contains a passcode bypass vulnerability. A malicious actor, with access to a users rooted device, may be able to bypass the VMware Workspace ONE Content passcode.

Plus: Microsoft fixes several zero-day bugs, Google patches Chrome and Android, Mozilla rids Firefox of a full-screen vulnerability, and more.

In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.