Ubuntu Security Notice 5279-1 - It was discovered that util-linux incorrectly handled unmounting FUSE filesystems. A local attacker could possibly use this issue to unmount FUSE filesystems belonging to other users.
22c0e1c4e12a8c19fd2f2ddd21a472eb36bb20def1ef3c528f3099228f5cc589
Red Hat Security Advisory 2022-0496-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.102 and .NET Runtime 6.0.2. Issues addressed include a denial of service vulnerability.
6d749750c756a41c5b8814d2a354e14884a7e568e10d210022e3ffde1118acf2
Red Hat Security Advisory 2022-0495-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.211 and .NET Runtime 5.0.14. Issues addressed include a denial of service vulnerability.
3b8f5b5635b3a873540b35bc2650adb777d0ceb42e93c51554bccb0c23bba313
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions. This is the LTS release.
562a3350dcf66cb67c5825c67ff2c2904db1e30ec8e1d353adc14efba9abf43f
Red Hat Security Advisory 2022-0482-01 - Red Hat Ansible Tower provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Tower makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language. Issues addressed include a privilege escalation vulnerability.
28459881165934293900b4a0954054c6415064367de18c25933d5847235a8b75
Red Hat Security Advisory 2022-0475-01 - The ovirt-engine package provides the manager for virtualization environments. This manager enables admins to define hosts and networks, as well as to add storage, create VMs and manage user permissions. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.
6fcbe321b9c2c6ffc4458f721ac3d10377d705e783972cecdec78d04ebaaa6e6
Red Hat Security Advisory 2022-0477-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a traversal vulnerability.
c2f6f6959c2687261189ed0f694c49adcf1a1884ed06355be1e0c16913ce6cc8
Ubuntu Security Notice 5267-2 - USN-5267-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression that caused the kernel to freeze when accessing CIFS shares in some situations. This update fixes the problem.
1fa802d233f94d6e25c95108667119d85ca0d36cae93f6c46bb286febc0cf8da
This Metasploit module exploits a command injection vulnerability in Grandstream GXV31XX IP multimedia phones. The settimezone action does not validate input in the timezone parameter allowing injection of arbitrary commands. A buffer overflow in the phonecookie cookie parsing allows authentication to be bypassed by providing an alphanumeric cookie 93 characters in length. This module was tested successfully on Grandstream models: GXV3175v2 hardware revision V2.6A with firmware version 1.0.1.19; and GXV3140 hardware revision V0.4B with firmware version 1.0.1.27.
cc41409b8e7ba0962a39d75e4cae7e60ab281dbc2db437a377040c160691840b
Red Hat Security Advisory 2022-0476-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a traversal vulnerability.
929378052a3a411f8efbf9599d884f20c434cba232af8d52e55c49760a05849e
Red Hat Security Advisory 2022-0464-02 - Advanced Intrusion Detection Environment is a utility that creates a database of files on the system, and then uses that database to ensure file integrity and detect system intrusions. Issues addressed include a buffer overflow vulnerability.
36b9e07030c8bb693d556dcfde4489a6ee4054518bc93ccfaa1b4f60f2c73a8f
Backdoor.Win32.Freddy.2001 malware suffers from authentication bypass and remote command execution vulnerabilities.
ae40a2e3e2be6a88e4c00022156923fe7885829a0b79aa06eb09b0fa94406799
Red Hat Security Advisory 2022-0467-02 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 1.6.7 serves as a replacement for Red Hat AMQ Streams 1.6.6, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.
977e85296e25b25d4e8c2b15301901fd0c28bc8574a26eb0c97b25ac5633509c
Red Hat Security Advisory 2022-0469-02 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 2.0.1 serves as a replacement for Red Hat AMQ Streams 2.0.0, and includes security and bug fixes, and enhancements. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.
00345154fae98e662ddfde68110d764664c691cf424033174747002f70323749
Backdoor.Win32.Prexot.a malware suffers from a bypass vulnerability.
4e7996c6fc3ada4901b5349e57479b0fff816c333e5af8b32317bcf2e0dafa65
Red Hat Security Advisory 2022-0472-02 - Advanced Intrusion Detection Environment is a utility that creates a database of files on the system, and then uses that database to ensure file integrity and detect system intrusions. Issues addressed include a buffer overflow vulnerability.
62ec9be6c512b12130498c06bd9ff6904f9e846e5855db6cdab3f4a7b7de1f8c
Red Hat Security Advisory 2022-0474-01 - Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language. Issues addressed include a privilege escalation vulnerability.
bcc7f1b018296b35c4f80b89cf17117785974b75dd4439176cf6e69dd49e4651
Atom CMS version 2.0 suffers from a remote SQL injection vulnerability.
a71f1889d3e9ff80c812b4f44e1e3ff6b721dd921e6a40b91d96e46200fae3f0
Red Hat Security Advisory 2022-0473-02 - Advanced Intrusion Detection Environment is a utility that creates a database of files on the system, and then uses that database to ensure file integrity and detect system intrusions. Issues addressed include a buffer overflow vulnerability.
8a366f80e00a9b38f3a877defddf1e307764c855dbe516f1ce87a6760c2f1806
Backdoor.Win32.Wdoor.11 malware suffers from an unauthenticated remote command execution vulnerability.
c04727ec467a40ce38e56d44a3c0b5ea1f5b596807e5dad6c38d52b052473235
Red Hat Security Advisory 2022-0442-02 - Log4j is a tool to help the programmer output log statements to a variety of output targets. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.
92402314f90d5d9fb9a8cde6c9494de316a59c76772d810debd66dd50e46fab1
Red Hat Security Advisory 2022-0443-06 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a privilege escalation vulnerability.
ca9dc528ded1afdaa7e298cf15f4b25a18218f66e889607fe57a1570d7ab9296
Red Hat Security Advisory 2022-0444-03 - Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. This erratum releases a new image for Red Hat Single Sign-On 7.4.10 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service for on-premise or private cloud deployments, aligning with the standalone product release. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.
01d61577c054fdc6811e8c973157ed1965b0a35a1a548c43587e56e55dda446a
Backdoor.Win32.Prexot.a malware suffers from a man-in-the-middle vulnerability.
6c79019885b946e2c6e504b728dc129113dbb1c450534149961a7c177073b762
Red Hat Security Advisory 2022-0446-02 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.10 serves as a replacement for Red Hat Single Sign-On 7.4.9, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.
112783847f941c93219f4cc55e0e028a6ccfced5673c00180094cffce178ae04