Ubuntu Security Notice 5331-1 - It was discovered that tcpdump incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. It was discovered that tcpdump incorrectly handled certain captured data. An attacker could possibly use this issue to cause a denial of service.
1d5f8cad45dcdb42f66dccd02e8ff366a5939d04f5522deaf7673ae1a91d5ad3
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.
9731627a953810a577873c5bb602e83d5338288165babb0b69ad6cec1104b403
The Windows Print Spooler has a privilege escalation vulnerability that can be leveraged to achieve code execution as SYSTEM. The SpoolDirectory, a configuration setting that holds the path that a printer's spooled jobs are sent to, is writable for all users, and it can be configured via SetPrinterDataEx() provided the caller has the PRINTER_ACCESS_ADMINISTER permission. If the SpoolDirectory path does not exist, it will be created once the print spooler reinitializes. Calling SetPrinterDataEx() with the CopyFiles\ registry key will load the dll passed in as the pData argument, meaning that writing a dll to the SpoolDirectory location can be loaded by the print spooler. Using a directory junction and UNC path for the SpoolDirectory, the exploit writes a payload to C:\Windows\System32\spool\drivers\x64\4 and loads it by calling SetPrinterDataEx(), resulting in code execution as SYSTEM.
3e62199fe39127be4320ed28c4a8d52211edb9c506d1e42a0aba3faef33cb58c
Red Hat Security Advisory 2022-0810-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.4. Issues addressed include a code execution vulnerability.
ff8809034d98671fb3a02a895b832152cf7fea97fbdddc5fbea5810459a6a58b
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide. The 3.x series is the current major version of OpenSSL.
98e91ccead4d4756ae3c9cde5e09191a8e586d9f4d50838e7ec09d6411dfdb63
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
40dceb51a4f6a5275bde0e6bf20ef4b91bfc32ed57c0552e2e8e15463372b17a
Chrome suffers from an integer overflow vulnerability in HandleTable::AddDispatchersFromTransit that can lead to memory corruption.
0ef0d4da3c4dc9fb06483f95973add0c92d39c6c630ce2e22e5798641135e44a
Moodle version 3.11.5 suffers from an authenticated remote SQL injection vulnerability.
e3e0c7cc36660ea59837d1a1c82382ac6a351a5640124aceb9c996e84a54cefe
Ubuntu Security Notice 5329-1 - It was discovered that tar incorrectly handled certain files. An attacker could possibly use this issue to cause tar to crash, resulting in a denial of service.
d93524b4faa9c1873b080dc859dd24b00c0efd3f24655cd4fc09089b4c00fbb6
Red Hat Security Advisory 2022-0889-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Issues addressed include a double free vulnerability.
3849b3e6d4f40fa1a8150605f73e9e68c5089e715748df3c9a9ef051afc71bb0
Pluck CMS version 4.7.16 suffers from a remote shell upload execution vulnerability.
bf6f44f933518e9393899fb057325ea7d49f49869dd8df70566967d915f22733
Ubuntu Security Notice 5330-1 - It was discovered that LibreOffice incorrectly handled digital signatures. An attacker could possibly use this issue to create a specially crafted document that would display a validly signed indicator, contrary to expectations.
d94aeeeb61dfcd89177a7196875ad92b6f248086ce260ff4e8b41f78182cb078
Hikvision IP Camera has a backdoor where a magic string allows instant access regardless of authentication.
5f6dfb93637a2bf560169ca8d350af523d2b8bf97671349af8d90046510d15a5
Red Hat Security Advisory 2022-0896-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Issues addressed include a buffer overflow vulnerability.
94618bd1923ee16e9583843b26014c8d1ab90b9651bcd564e5b4ba54a6d69eef
Ubuntu Security Notice 5328-2 - USN-5328-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tavis Ormandy discovered that OpenSSL incorrectly parsed certain certificates. A remote attacker could possibly use this issue to cause OpenSSH to stop responding, resulting in a denial of service.
430ed6ae784aa19fce563ff6583b07a4b30cb7aa230b49f3afeae1479d4b25c0
Ubuntu Security Notice 5328-1 - Tavis Ormandy discovered that OpenSSL incorrectly parsed certain certificates. A remote attacker could possibly use this issue to cause OpenSSH to stop responding, resulting in a denial of service.
d8d4b07eeb8763e7b7a34ddc0d388de4237be41a497c26eb786337d40ef72343
Tiny File Manager version 2.4.6 suffers from an authenticated remote shell upload vulnerability.
8c1751eb9ff4c26941c447356d457c46a2da2db8622eeb60736d773e284eb0e5
Ubuntu Security Notice 5327-1 - Hiroyuki Yamamori discovered that rsh incorrectly handled certain filenames. If a user or automated system were tricked into connecting to a malicious rsh server, a remote attacker could possibly use this issue to modify directory permissions.
158487c92bb418865e2ce8a252f00f2674e325b914f065a30afb1cc8df724549
Apache APISIX version 2.12.1 suffers from a remote code execution vulnerability.
1a7e1d54f9dea840e2f5decd4c7806d1bf0fb96825738ea5b11723e9659f59b2
Red Hat Security Advisory 2022-0899-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. Issues addressed include a use-after-free vulnerability.
b351efd491d264387d82218d182c29372966a823604809e5ed09bb881d1055f5