Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.
Red Hat Security Advisory 2022-5214-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include buffer overflow, information leakage, privilege escalation, and use-after-free vulnerabilities.
Red Hat Security Advisory 2022-5224-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, information leakage, privilege escalation, and use-after-free vulnerabilities.
The No cON Name 2022 call for papers has been announced. It will be held in Barcelona, Spain, from November 24th through the 26th, 2022.
Red Hat Security Advisory 2022-5236-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include privilege escalation and use-after-free vulnerabilities.
AnyDesk version 7.0.9 suffers from an arbitrary file write vulnerability via a symlink attack.
Ubuntu Security Notice 5495-1 - Harry Sintonen discovered that curl incorrectly handled certain cookies. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions. An attacker could possibly use this issue to cause a denial of service. Harry Sintonen incorrectly handled certain file permissions. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS.
Red Hat Security Advisory 2022-5267-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, information leakage, privilege escalation, and use-after-free vulnerabilities.
The So Filter Shop By module for OpenCart version 3.x suffers from a remote blind SQL injection vulnerability.
Red Hat Security Advisory 2022-5235-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include buffer overflow and crlf injection vulnerabilities.
Zoo Management System version suffers from a persistent cross site scripting vulnerability.
Red Hat Security Advisory 2022-5201-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.5 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which apply security fixes and fix several bugs. Issues addressed include a traversal vulnerability.
Red Hat Security Advisory 2022-5153-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a cross site scripting vulnerability.
MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.
Ubuntu Security Notice 5494-1 - It was discovered that SpiderMonkey JavaScript Library incorrectly generated certain assembly code. An remote attacker could possibly use this issue to cause a crash or expose sensitive information. It was discovered that SpiderMonkey JavaScript Library incorrectly generated certain assembly code. An remote attacker could possibly use this issue to cause a crash.
Red Hat Security Advisory 2022-5189-01 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes bug and security fixes.
Ubuntu Security Notice 5493-1 - It was discovered that the 8 Devices USB2CAN interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service.
WordPress Simple Page Transition plugin version 1.4.1 suffers from a persistent cross site scripting vulnerability.
Mailhog version 1.0.1 suffers from a persistent cross site scripting vulnerability.
WordPress W-DALIL plugin version 2.0 suffers from a persistent cross site scripting vulnerability.
Red Hat Security Advisory 2022-5187-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a cross site scripting vulnerability.
WordPress Weblizar plugin version 8.9 suffers from a remote code execution vulnerability.
Coffee Shop Cashiering System version 1.0 suffers from a remote time-based SQL injection vulnerability.
Red Hat Security Advisory 2022-5188-01 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes bug and security fixes.
Library Management System with QR Code version 1.0 suffers from a remote SQL injection vulnerability.