CVE-2022-3649 The function nilfs_new_inode in the BPF component was found to have a vulnerability. This can lead to use after free.

It was discovered that the security of VirtualBox is at risk due to a vulnerability. It was found that the version of VirtualBox on the Debian 8 and earlier operating system is vulnerable to a privilege escalation vulnerability. It has been classified as critical. It is possible to access the files of the virtual machine. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VRF-9019. It has been discovered that OpenSSH is vulnerable to a denial of service. It leads to memory exhaustion. Affected is the function ssh_packet_parse of the component ssh of the package openssh of the Linux kernel. The attack is possible via a malicious message. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is D-1420.
It has been found that Redis is vulnerable to a SQL injection. It is possible to execute arbitrary SQL code. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is CVE-2017-11157. A vulnerability was discovered in the OpenSSL library. It has been classified as critical. It is possible to cause denial of service. Affected is the function EVP_DecodeUpdate of the component OpenSSL of the package openssl of the Linux kernel. The attack is possible via a malicious message. It is possible to launch the attack remotely

Installation and configuration of VirtualBox

Install VirtualBox on Debian 8 and earlier.

Timeline

Published on: 10/21/2022 20:15:00 UTC
Last modified on: 11/01/2022 23:15:00 UTC

References