This Metasploit module exploits an improper input validation issue in Atlassian Confluence, allowing arbitrary HTTP parameters to be translated into getter/setter sequences via the XWorks2 middleware and in turn allows for Java objects to be modified at run time. The exploit will create a new administrator user and upload a malicious plugins to get arbitrary code execution. All versions of Confluence between 8.0.0 through to 8.3.2, 8.4.0 through to 8.4.2, and 8.5.0 through to 8.5.1 are affected.
9243b392a2b5f9216cee221b4b8b37b7405bfb9cc8e0a614f33b37071a199e81Ubuntu Security Notice 6165-2 - USN-6165-1 fixed vulnerabilities in GLib. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that GLib incorrectly handled non-normal GVariants. An attacker could use this issue to cause GLib to crash, resulting in a denial of service, or perform other unknown attacks.
a7a375a543d90b6a356af341764dff8d2ae9910dd5da57f279eeb834ac7d06d7Gentoo Linux Security Advisory 202310-13 - A vulnerability has been discovered in Mailutils where escape sequences are processed in a context where this may lead to RCE. Versions greater than or equal to 3.12-r3 are affected.
8903d94d1be5f1246db9985f5c1c040e0fde1e1d19ad2e0c8379b38bd143406fUbuntu Security Notice 6435-1 - It was discovered that OpenSSL incorrectly handled excessively large Diffie-Hellman parameters. An attacker could possibly use this issue to cause a denial of service. Bernd Edlinger discovered that OpenSSL incorrectly handled excessively large Diffie-Hellman parameters. An attacker could possibly use this issue to cause a denial of service.
e4c02d0cf75df128a82009e6b74401d4b3f8c229dcc5899f73bc5f7c3bd1e952Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
b4eb604838ef99a8396bc8b7bb54cad11f2442cbd7cbb300e7f5aab19097bc4dRed Hat Security Advisory 2023-5888-01 - The Migration Toolkit for Containers 1.7.13 is now available. Issues addressed include a cross site scripting vulnerability.
2853bd8d5245613da95f23fd0a200bc0dc8a6c8091d12dcd4bf8a0f9f472b0ffRed Hat Security Advisory 2023-5869-01 - An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.
7aba2ac2b49daaa4f7ae949930e32a3b6404c9ba301a9ffd08e40cd253605788Red Hat Security Advisory 2023-5868-01 - An update for ghostscript is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a code execution vulnerability.
23bdec319f1c0b758f9830afbc5b3a9f0dc1d318dd52c63827099ae97c43a21fRed Hat Security Advisory 2023-5867-01 - An update for grafana is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.
a7f82df4fea56c9631d018586796680daa3516c095c284580366c7509fa5a821Red Hat Security Advisory 2023-5866-01 - An update for grafana is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a denial of service vulnerability.
f8bae008694ffd9bca451c743055b953c8d6372a436ee8ee83c97e706a82b44eRed Hat Security Advisory 2023-5865-01 - An update for grafana is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include a denial of service vulnerability.
d391245bfbbef3e9be5c67e8dfbce9fbdc780c4de94afbdc0c6e9cc48a91d4fdRed Hat Security Advisory 2023-5864-01 - An update for grafana is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.
867eb9a9359c517eb8442ea0158b8edd3bb9c5fd7958cac1f1db6c5bc79932e4Red Hat Security Advisory 2023-5863-01 - An update for grafana is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.
cc53b57adfd8ce7f4789d58a5af553199e9b292ef7ec53d346321936da9ca32eRed Hat Security Advisory 2023-5851-01 - Updated images are now available for Red Hat Advanced Cluster Security (RHACS). The updated image includes new features and bug fixes. Issues addressed include a denial of service vulnerability.
bca6155f3514ff11e1b46792e34f0781bdaa7d3d162d022f46dd205074cb236eRed Hat Security Advisory 2023-5850-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.
650835598afd6c11115a7e40d6a7be3795b42e03a8212940f265e57bf3110114Red Hat Security Advisory 2023-5849-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.
4cd8422245370ccb596477251bb031a87f869e2a9b3e9e7e885237856993e7e9Red Hat Security Advisory 2023-5761-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a deserialization vulnerability.
5b0b1c76513ee37ca638d5b3380fe03ec8b139e3bc0789552d47d411617e8747Red Hat Security Advisory 2023-5753-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
c00fc3f978bdd77fa39cf9891d2b31b4f19f05ed3734b318d27807bc1223082dRed Hat Security Advisory 2023-5752-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
41a3a5ac3b4766df7d059f6e9afba836dd7c38e905ed1e64c22ab176a23c2ca0Red Hat Security Advisory 2023-5751-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
e1d82231f7f0cfebaa2b40aa44b9e99d3b97535d52939f214e3744e9148befbaRed Hat Security Advisory 2023-5750-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
7225200f0c43dd43744883e292b3231cc26b385bae77f6116e564dee0c10eb65Red Hat Security Advisory 2023-5747-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
69a8a4b5d5cab24125e477865799bd1c7b881ed8d4862048a2536f271980854fRed Hat Security Advisory 2023-5746-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for Windows serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements.
a517ce2303ecee8d4cf11605d9914e32529e5d7574ff89c933c9de99827eafd0Red Hat Security Advisory 2023-5745-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. Issues addressed include an integer overflow vulnerability.
fc71e1722306a3804b4a8411629ad7e81ea16f4aaa97ea61ba505bd4190b8ecbRed Hat Security Advisory 2023-5744-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
6addf41f23b4c0780fe6d4a6beb6fe45bbee6d19cb834a0c7c7908698ea17ac1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed