Spring Cloud version 3.2.2 suffers from a remote command execution vulnerability.
d181f87e1828ab23231c1663a6b6c2406af8e9283ea467e7f313997dacb282edThis Metasploit module exploits CVE-2022-22960 which allows the user to overwrite the permissions of the certproxyService.sh script so that it can be modified by the horizon user. This allows a local attacker with the uid 1001 to escalate their privileges to root access.
c980fde4ce08516646fb2f75d7208c7f0bc88dcc1103403bca06bec378b78a76Gentoo Linux Security Advisory 202208-35 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 104.0.5112.101 are affected.
e7597aa0df8c711de96d624bc650d2003b1b78f793dce2a87a44bfd7d0c68250Debian Linux Security Advisory 5180-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
04461ff1bdbd3130ce0b479f9dae9abbd1a2848c21dc5e8a4ee7d3e438897605Red Hat Security Advisory 2022-5101-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.10.0 serves as a replacement for Red Hat AMQ Broker 7.9.4, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
891960734e7d0b04a094b7cc3327354f46fb865081875776be3a8e74d43869edSpring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions when running on JDK 9 or above and specifically packaged as a traditional WAR and deployed in a standalone Tomcat instance are vulnerable to remote code execution due to an unsafe data binding used to populate an object from request parameters to set a Tomcat specific ClassLoader. By crafting a request to the application and referencing the org.apache.catalina.valves.AccessLogValve class through the classLoader with parameters such as the following: class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp, an unauthenticated attacker can gain remote code execution.
4590ce696ecbca17f3c4027cb21a644324b71e6b9b2bc3d539bb3272e79bf2ebRed Hat Security Advisory 2022-1626-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.8.6 serves as a replacement for Red Hat AMQ Broker 7.8.5, and includes security and bug fixes, and enhancements.
cf23715c7a49b1b422a8dd3431c0faec96815dd29d9f97e6c4f6ca4a69adff20Red Hat Security Advisory 2022-1627-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.9.4 serves as a replacement for Red Hat AMQ Broker 7.9.3, and includes security and bug fixes, and enhancements.
e7a268e7f07128928c027246058e455341baf0e5b1887f67be9e6741f0490effRed Hat Security Advisory 2022-1379-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and business optimization for solving planning problems. It automates business decisions and makes that logic available to the entire business. This asynchronous security patch is an update to Red Hat Decision Manager 7. Issues addressed include a code execution vulnerability.
8742dc923803844fc89249f794ccf78fdacb0e77bfa1999ffc83e938c7bdad8aRed Hat Security Advisory 2022-1378-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This asynchronous security patch is an update to Red Hat Process Automation Manager 7. Issues addressed include a code execution vulnerability.
61c4d0a3c6914696757b1d47c3264a3dcba3bbcd41fbb6a93da20da46400d0b5Red Hat Security Advisory 2022-1360-01 - This release of Red Hat Fuse 7.10.2 serves as a replacement for Red Hat Fuse 7.10.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
8b802a8601feecd53c3be8f32936359e55d1332e1b8488cb9c96cc10a7ebf943Python exploit for CVE-2022-22965 that provides a prompt to the user in the style of an ssh session. The script is designed to be easy to understand and execute, with both readability and accessibility - depending on the user's choice. Designed for exploiting the vulnerability on tomcat servers. The fileDateFormat field on the server will be set and unset as part of the script which allows the exploit to be run multiple times. Cleanup may be required. It leverages a vulnerability found in the java spring framework before version 5.2, as well as in versions 5.3.0-17 an d 5.2.0-19 and running on a version of the Java Development Kit greater than or equal to 9.
e7ba2016200c7a9f35557d8d8cb81a7016d22df9517f54de7239d50738638502Red Hat Security Advisory 2022-1333-01 - A micro version update is now available for Red Hat Camel K that includes CVE fixes in the base images, which are documented in the Release Notes document linked in the References section.
84e3b3e03146ec3ba0a8f461d400dfce1432660b1bb8dd1e467123d498398499Red Hat Security Advisory 2022-1292-01 - This version of the OpenShift Serverless Operator, which is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, and 4.10, includes a security fix. For more information, see the documentation listed in the References section. Issues addressed include a code execution vulnerability.
af9c3ede75f6e92eac6576134c67a7192ade183a9daffb8552b6f816d77026cdRed Hat Security Advisory 2022-1306-01 - A security update to Red Hat Integration Camel Extensions for Quarkus 2.2.1 is now available. Issues addressed include a remote code execution vulnerability.
c3c5d0930ccc1fe38ee5366563b5d922321b3645300f06dfcd16a55e0f841566Red Hat Security Advisory 2022-1291-01 - Red Hat OpenShift Serverless Client kn 1.21.1 provides a CLI to interact with Red Hat OpenShift Serverless 1.21.1. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. Issues addressed include a code execution vulnerability.
9feef76368da978f68221f391059ead0c6b9074e5810adbb913303328d782a09Spring Cloud Function versions prior to 3.1.7 and 3.2.3 are vulnerable to remote code execution due to using an unsafe evaluation context with user-provided queries. By crafting a request to the application and setting the spring.cloud.function.routing-expression header, an unauthenticated attacker can gain remote code execution. Both patched and unpatched servers will respond with a 500 server error and a JSON encoded message.
191fd2ef6dcf8a98bc701657de72fbfe2250e9ec9091b7372a38ea1abcff6241
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed