Ubuntu Security Notice 5374-1 - It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to expose sensitive information.
0d4f3575b87fe0c1a853cb7b11a12c9dc828bce0d0b34bf38a43c7aede12654cRed Hat Security Advisory 2022-1306-01 - A security update to Red Hat Integration Camel Extensions for Quarkus 2.2.1 is now available. Issues addressed include a remote code execution vulnerability.
c3c5d0930ccc1fe38ee5366563b5d922321b3645300f06dfcd16a55e0f841566The user profile service, identified as ProfSrv, is vulnerable to a local privilege elevation vulnerability in its CreateDirectoryJunction() function due to a lack of appropriate checks on the directory structure of the junctions it tries to link together. Attackers can leverage this vulnerability to plant a malicious DLL in a system directory and then trigger a UAC prompt to cause this DLL to be loaded and executed by ProfSrv as the NT AUTHORITY\SYSTEM user. Note that this bug was originally identified as CVE-2021-34484 and was subsequently patched a second time as CVE-2022-21919, however both patches were found to be insufficient. This bug is a patch bypass for CVE-2022-21919 and at the time of publishing, has not yet been patched, though plans are in place to patch it as CVE-2022-26904.
d30eae074af8b00dd694a057dd1c7a07694de0851d5e48da9ee462ed23d2a3ceUbuntu Security Notice 5373-2 - USN-5373-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that Django incorrectly handled certain certain column aliases in the QuerySet.annotate, aggregate, and extra methods. A remote attacker could possibly use this issue to perform an SQL injection attack.
2d0ada8dcc7b8cd95184a6cb883e28067fd48b7855c636b3d44e3bc4d67ac669haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.
b835fa02b52ee7d06276e028571cadcb14d08f5e5a4b5767adf81451f70561c7Red Hat Security Advisory 2022-1305-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.8.0. Issues addressed include denial of service, out of bounds write, and use-after-free vulnerabilities.
a391422e9bea70842e432e4e26b4c839e51f0526da5c0637398cbc285780b1c1This is a small document that provides a cheat sheet for use of Ansible during penetration testing and red teaming activities.
0c12a80286493aa8bd0c790357f229f5d0169bc51d3a6f38387aea2b27d0ce5dUbuntu Security Notice 5373-1 - It was discovered that Django incorrectly handled certain certain column aliases in the QuerySet.annotate, aggregate, and extra methods. A remote attacker could possibly use this issue to perform an SQL injection attack. It was discovered that Django incorrectly handled certain option names in the QuerySet.explain method. A remote attacker could possibly use this issue to perform an SQL injection attack. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 21.10.
83b3874a7e07bf1426c94457033cfdda1d9ad9d05c7d7c13567c8466dda3e2b5Red Hat Security Advisory 2022-1301-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.8.0. Issues addressed include denial of service, out of bounds write, and use-after-free vulnerabilities.
2fa591380f12d1c005495a0fdba76afc32625f3ba8d6e492de9f1632cec22956Razer Sila versions 2.0.441_api through 2.0.418 suffer from a command injection vulnerability.
8d4dce671307b0506af35d07cd539a18cb3de819355fd82c5a8446f004bff643Razer Sila versions 2.0.441_api through 2.0.418 suffer from a local file inclusion vulnerability.
6363e3e4801fa8c1578d66fb8a359d85cf16f7ebcee3a51f79ee9dadf54e6098Red Hat Security Advisory 2022-1303-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.8.0. Issues addressed include denial of service, out of bounds write, and use-after-free vulnerabilities.
fbcbe2a187ffb5d294d0f095e2d7ba9a3587a2765ce5cc5a4894871465a46d99Red Hat Security Advisory 2022-1302-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.8.0. Issues addressed include denial of service, out of bounds write, and use-after-free vulnerabilities.
839065cd2c1cd3d58db4a10f20c2f884f19d2e9514c687f85b804f663847868dWordPress Anti-Malware Security and Brute-Force Firewall plugin versions prior to 4.20.96 suffer from a cross site scripting vulnerability.
15deb4bb3fa3074a878f4ff2971d4437fe72194ad2e849ace53c61818887db29WordPress LayerSlider versions prior to 7.1.2 suffer from a persistent cross site scripting vulnerability.
233ee8cdcefede58dd027f8be9e66aa49dc17875ea99ad481954f410e434deb8Ubuntu Security Notice 5331-2 - USN-5331-1 fixed several vulnerabilities in tcpdump. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that tcpdump incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.
38b46a173218a86068577a31a1c94662185b8daf7a603f126f70a1f8cb5f6b6fRed Hat Security Advisory 2022-1296-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3 and includes bug fixes and enhancements. Issues addressed include code execution, denial of service, deserialization, and remote SQL injection vulnerabilities.
1de26c3c6ecdff823b58463236c3fe59d86abca7b36687d8db235b7714dca37dRed Hat Security Advisory 2022-1297-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3 and includes bug fixes and enhancements. Issues addressed include code execution, denial of service, deserialization, and remote SQL injection vulnerabilities.
58a7101151b88b40315fc79b2d43c72de0330ccf0217461528bae2197e6d2d95Telesquare TLR-2855KS6 suffers from an arbitrary file deletion vulnerability.
c4ecdd376217b87a01721109712a5b118e9f13a405929fe785250ecb485166b8Telesquare TLR-2855KS6 suffers from an arbitrary file creation vulnerability.
51830bffb637cef49bdb853322fff457da3ba1d9f08243e590d0df94378971faRed Hat Security Advisory 2022-1299-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3 and includes bug fixes and enhancements. Issues addressed include code execution, denial of service, deserialization, and remote SQL injection vulnerabilities.
38ef3cdf417ff2fa4436ce0f5afd1722d4b504dcfab834e960434daca0289dc1Red Hat Security Advisory 2022-1291-01 - Red Hat OpenShift Serverless Client kn 1.21.1 provides a CLI to interact with Red Hat OpenShift Serverless 1.21.1. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. Issues addressed include a code execution vulnerability.
9feef76368da978f68221f391059ead0c6b9074e5810adbb913303328d782a09Franklin Fueling Systems Colibri Controller Module version 1.8.19.8580 suffers from a local file inclusion vulnerability.
f45a40ee7fe8f2f856deb113c48a0f102823cf6b887757553709163f470b6fe5SAM SUNNY TRIPOWER version 5.0 suffers from an insecure direct object reference vulnerability.
ff1ca49edf9be89972d8549fdf9a5476f59811a6d9f46d080ce2d1f75b24dd15Red Hat Security Advisory 2022-1162-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.8.
8fabdc807fb62a2f0d6520e1707c9dcc4a3f0e6f01c55c6e9434731ebd5c6461
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed