Red Hat Security Advisory 2022-7143-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, integer overflow, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.
bf2ee19802cc5c27a2aa9448e79d3d3c92beaa03423df3702ac3e20dc59fe7e8
Red Hat Security Advisory 2022-7144-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, integer overflow, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities.
5e09c50bbba41656cd9c5515ccf86fb9be862fbe6d5d82a630028a1a5bde28e5
Ubuntu Security Notice 5703-1 - Selim Enes Karaduman discovered that a race condition existed in the General notification queue implementation of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan and Ariel Sabba discovered that some Intel processors with Enhanced Indirect Branch Restricted Speculation did not properly handle RET instructions after a VM exits. A local attacker could potentially use this to expose sensitive information.
5b417b139db650f2b8fcd1898f6ce031817ce2b3bdc152c22adfa9c99b871850
Ubuntu Security Notice 5702-2 - USN-5702-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform incorrect memory operations, or crash.
a9ef99809fa6f3d4b4210466b534a091650ab38e6eb5b490d41b11d2d8763c83
Ubuntu Security Notice 5696-2 - USN-5696-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.7.40 in Ubuntu 16.04 ESM. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
f0b240f677def9a74ad52ea52984a78515c6bd5f4b284409f71cca2b9875c940
Debian Linux Security Advisory 5261-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
fb62e0b11083a392fd6e63e6a0bc7e3e8840647b6a0494c1df81ebfbcf672e62
Ubuntu Security Notice 5702-1 - Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform incorrect memory operations, or crash. Hiroki Kurosawa discovered that curl incorrectly handled parsing .netrc files. If an attacker were able to provide a specially crafted .netrc file, this issue could cause curl to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10.
abce9130e44a5745556c40692b098b2f27521fb7fe9f2336f2ae1e79874e5e67
Ubuntu Security Notice 5701-1 - Yeting Li discovered that Jinja2 incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service.
b25bb522095d41adeeb7e265b7beb757aaa83ebfb5731d537f261b33b81cf1b7
GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.
c2d877bd444b6b474a4140c01e576a8a707e272d5c9a2149a7f25c5de192d5da
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
b3b002f99d13bbf47f9ed3be7eb372cb0c2454bd0faea29a756819ce019ffdc2
This Metasploit module exploits a default Vagrant synced folder (shared folder) to append a Ruby payload to the Vagrant project Vagrantfile config file. By default, unless a Vagrant project explicitly disables shared folders, Vagrant mounts the project directory on the host as a writable vagrant directory on the guest virtual machine. This directory includes the project Vagrantfile configuration file. Ruby code within the Vagrantfile is loaded and executed when a user runs any vagrant command from the project directory on the host, leading to execution of Ruby code on the host.
4aa68ef0141c22e4e2be0cd50c642945c2afd7a94ea98ee68a6375e6bd398e81