Red Hat Security Advisory 2022-0520-01 - Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 8.3.0 replaces Data Grid 8.2.3 and includes bug fixes and enhancements. Issues addressed include HTTP request smuggling, code execution, denial of service, and deserialization vulnerabilities.
851e7d90129974b5aef9a1685ad0e47b2b5241fbd8c1cb7d5f745cf0ca63a06b
Ubuntu Security Notice 5284-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, obtain sensitive information, or execute arbitrary code. It was discovered that extensions of a particular type could auto-update themselves and bypass the prompt that requests permissions. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to bypass security restrictions.
d7fd2247717631be4147210e0cf211ef14bf116df25a6272b18eba23465edabd
This Metasploit module exploits a path traversal issue in Nagios XI before version 5.8.5. The path traversal allows a remote and authenticated administrator to upload a PHP web shell and execute code as www-data. The module achieves this by creating an autodiscovery job with an id field containing a path traversal to a writable and remotely accessible directory, and custom_ports field containing the web shell. A cron file will be created using the chosen path and file name, and the web shell is embedded in the file. After the web shell has been written to the victim, this module will then use the web shell to establish a Meterpreter session or a reverse shell. By default, the web shell is deleted by the module, and the autodiscovery job is removed as well.
056c02dbc5e575c5155e8c34f4766dcc9830256d1bc589d898d599d7f0e9dc4d
H3C SSL VPN suffers from a username enumeration vulnerability during the login sequence.
dfee4cf29211a5243ad88690480fda707d2c3e7a7d71e2ad687f07a80c49882e
Red Hat Security Advisory 2022-0514-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.6.0 ESR. Issues addressed include a bypass vulnerability.
bfee63368d86f38cdb7027ecbc936ab76558404aa981af9cc9da651f3eeba8ab
Red Hat Security Advisory 2022-0513-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.6.0 ESR. Issues addressed include a bypass vulnerability.
781070b741a4ecdcb634e687ce9bad7641aece2ad8039d83b4775668466b7993
Simple Bakery Shop Management System version 1.0 suffers from a remote SQL injection vulnerability.
5749606b95b21841d0505918ca9de1baca438dc4a47f924470d69614792d3669
Red Hat Security Advisory 2022-0511-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.6.0 ESR. Issues addressed include a bypass vulnerability.
b0508e0bab4bc89e2b45730aed201f99d13c61d4b233000730280ee49f121fc7
Slurp version 1.10.2 suffers from a format string vulnerability.
0c96e9b13a77d9304d469e6855e18fd2f688754dea358bb1daaa7eaaa9212d4f
Red Hat Security Advisory 2022-0510-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.6.0 ESR. Issues addressed include a bypass vulnerability.
1cfcf89b9152d198bfb32b57d9dbdcb99020ec4ae7f0fd8858637501a68f5ec5
Red Hat Security Advisory 2022-0512-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.6.0 ESR. Issues addressed include a bypass vulnerability.
38f8821e4cf2dfc48036d74b50c49e4ce55415a1c35817e3a40afb1a6c91e809
WordPress International SMS for Contact Form 7 Integration plugin version 1.2 suffers from a cross site request forgery vulnerability.
b50975f0704d7bf70b7511e322377ed3d6f8b2eb3ac192570c38870e35ced098