Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.
d0d300fd8d9a1a485a0198c52e9773db7c532820faaea797e4c63aafac63fd7e
On Windows, the buffer for redirected logon context does not protect against spoofing resulting in arbitrary code execution in the LSA leading to local elevation of privilege.
e5fb08a6edcf0b1b0510543eebe8a2074c96f610873eefbc81fd441dc6b36c39
On CPUs without SELFSNOOP support, a Xen PV domain that has access to a PCI device (which grants the domain the ability to set arbitrary cache attributes on all its pages) can trick Xen into validating an L2 pagetable that contains a cacheline that is marked as clean in the cache but actually differs from main memory. After the pagetable has been validated, an attacker can flush the "clean" cacheline, such that on the next load, unvalidated data from main memory shows up in the pagetable.
0ca3bec4eaa9cefc4bd68628da583653303fb2bb08f1b14700118565ff032f9c
Red Hat Security Advisory 2022-5498-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include HTTP request smuggling, buffer overflow, bypass, code execution, cross site scripting, denial of service, heap overflow, information leakage, privilege escalation, remote shell upload, remote SQL injection, and traversal vulnerabilities.
c0789250da6e85f6ddbf1eff137427983e596902d3fa57015a6fd21b598eac60
Ubuntu Security Notice 5502-1 - Alex Chernyakhovsky discovered that OpenSSL incorrectly handled AES OCB mode when using the AES-NI assembly optimized implementation on 32-bit x86 platforms. A remote attacker could possibly use this issue to obtain sensitive information.
b7685024ea08064a48df0cc02c966bbdef3aaaac3fe59662c6702428963a6223
Ubuntu Security Notice 5503-1 - Demi Marie Obenour discovered that GnuPG incorrectly handled injection in the status message. A remote attacker could possibly use this issue to forge signatures.
0b69d827a44a79e269df3e86d3912b4f936dff6c6042fcd9d52ca24d9c84dfd5
EQS Integrity Line versions through 2022-07-01 suffer from cross site scripting and sensitive information disclosure vulnerabilities.
21a47b9fbd11e6b29f25b46678eefbe67cd2ecd6ec063d64543e0d2d12795718
Magnolia CMS versions 6.2.19 and below suffer from a persistent cross site scripting vulnerability.
289cfd7e8ab83c714ebf68612f0144514c8350c9893a24195c411ff0823a4ab5