ICL ScadaFlex II SCADA Controllers SC-1/SC-2 version 1.03.07 is vulnerable to unauthenticated file write/overwrite and deletion. This allows an attacker to execute critical file CRUD operations on the device that can potentially allow system access and impact availability.
692f4de735fbbad8010644968c54cdfe4e595dc3154860210526aa667a9f2e0cRed Hat Security Advisory 2022-0592-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
309b102eb4c93fc5c0e75351bfa6ae9f099da900cb14257534fb1df97107605fUbuntu Security Notice 5299-1 - Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation could reassemble mixed encrypted and plaintext fragments. A physically proximate attacker could possibly use this issue to inject packets or exfiltrate selected fragments. It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information.
d8a0dffe787d4a58d1bd2849d246c1906fbde64a802ac79bc4262f763d9501efBackdoor.Win32.Dsocks.10 malware suffers from a hardcoded cleartext password vulnerability.
817c1496596745657a375c08e83dae54e0fd2601f555a455ca7c0f238559f3a9Ubuntu Security Notice 5298-1 - It was discovered that the Packet network protocol implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. J
09c5b3fccd425392b5367e56e1a647931c3ab62c1011ad7cd2bfc5d674d117afI2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
aa53591e89eacc3491ab472dc4df998780fb6747eea3b97ecb7a9f81ff2c9a5eRed Hat Security Advisory 2022-0590-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
0938412c0f6a72492867ad9c15b093af2fe77335328f5d59beb7ae9e9c61656fAgirhnet version 1.0 suffers from a cross site scripting vulnerability.
30d0e2698d37303673cbbc65cd896bd2a88911638e7bbeca862a1ee323d4f620Ubuntu Security Notice 5294-2 - It was discovered that the Packet network protocol implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Szymon Heidrich discovered that the USB Gadget subsystem in the Linux kernel did not properly restrict the size of control requests for certain gadget types, leading to possible out of bounds reads or writes. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
5105eb29948fcb5529fd8e2dd4f4213888887afb870b9269ae382729e9917faeBackdoor.Win32.Agent.baol malware suffers from an insecure permissions vulnerability.
3625b4c134ff3abc67dfdcc8b3212b0e5aabe18d3f1bba013c3275c3a0025d56Red Hat Security Advisory 2022-0589-01 - This release of Red Hat build of Quarkus 2.2.5 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include code execution and deserialization vulnerabilities.
3833d4591eef0c8e294a68978de238414c1e043c112a2e78b5695c6e4ec918d9Ubuntu Security Notice 5297-1 - Szymon Heidrich discovered that the USB Gadget subsystem in the Linux kernel did not properly restrict the size of control requests for certain gadget types, leading to possible out of bounds reads or writes. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Jann Horn discovered a race condition in the Unix domain socket implementation in the Linux kernel that could result in a read-after-free. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
980f289a042ba936f0cb85b0ddd84821719c9ed533807a57016c9733fb2ff925WordPress 99robots Header Footer Code Manager plugin versions 1.1.16 and below suffer from a cross site scripting vulnerability.
989d395c3d66b15fe519bc0c80e99d2eaaa476e1800da8e837d7674b16acc7fdUbuntu Security Notice 5295-2 - It was discovered that the Packet network protocol implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Jann Horn discovered a race condition in the Unix domain socket implementation in the Linux kernel that could result in a read-after-free. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
6e16b06a5023be6ffa2a13a9d5e710e7e9884f26097c1fab4798cf891a79ce27Red Hat Security Advisory 2022-0587-01 - Service Telemetry Framework provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform deployment for storage, retrieval, and monitoring.
69221c995999000262f3ad72a35c8c08448f96eb18ceb584ed1bcd92adf93124Ubuntu Security Notice 5288-1 - It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
c40b61782ae2425638951702b57435a730c7811f86478d3e11ce4f4140f42d83Air Cargo Management System version 1.0 suffers from a remote SQL injection vulnerability.
46b6e5a62bd12c284306f85664415adc82feb0cacb4508ef61da23bd712cb9f7Red Hat Security Advisory 2022-0585-01 - Service Telemetry Framework provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform deployment for storage, retrieval, and monitoring.
e3736ed038216370a7604f5c59b16e7473f02dc6af7d9e7b2156673cde467d8bUbuntu Security Notice 5293-1 - Aaron Massey discovered that c3p0 could be made to crash when parsing certain input. An attacker able to modify the application's XML configuration file could cause a denial of service.
e3ad3c51b46aa66cdc3fda5d795ca77cecc6c99bc9d93be6b7d6bdb878753dceTrojan.Win32.Cosmu.abix malware suffers from an insecure permissions vulnerability.
59205eeb61b229c06ebcfdf924970b39bc5b177114f6ed95cc50c957ece1ca5a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed