CarolinaCon Online 2 will be hosted April 29th to May 1st, 2022. The conference will be virtual and submitted talks will be live streamed.
fff7bbd7db49ebd9315d7d680ff911339bafb26146b0e7b53c22f7e97b628388Fetch Softworks Fetch FTP Client version 5.8 suffers from a remote CPU consumption denial of service vulnerability.
39661448198dd708a96b67957a59b551619e612105aace960d22e309d08ca49dRed Hat Security Advisory 2022-0317-03 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for portable Linux serves as a replacement for Red Hat build of OpenJDK 8 and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include deserialization and integer overflow vulnerabilities.
cc53e6cf6223ea8632f56d8c3fd92a4c94307152ba39cbbaf50f61949886abf0Red Hat Security Advisory 2022-0321-03 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for Windows serves as a replacement for the Red Hat build of OpenJDK 8 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include deserialization and integer overflow vulnerabilities.
f0fa5d4b126da0021b1a83b558d1dd672619ab456756b85c4f7eb64190c49c6eUbuntu Security Notice 5064-2 - USN-5064-1 fixed vulnerabilities in GNU cpio. This update provides the corresponding updates for Ubuntu 16.04 ESM. Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled certain pattern files. A remote attacker could use this issue to cause cpio to crash, resulting in a denial of service, or possibly execute arbitrary code.
dca19316cf7eca3e16b0999725db9e6e0898ebb5b48144f1e778715761f44a73Ubuntu Security Notice 5255-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
8d9f50ee756368237221df9d2473d2e4bd63249ac9535dc0b637761d5e147186Red Hat Security Advisory 2022-0304-02 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include deserialization and integer overflow vulnerabilities.
2fbab738d2fbb222ca91c0f107d3231ebc290da71d78f4ed6ceeb6b47d53c8e4Red Hat Security Advisory 2022-0305-02 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include deserialization and integer overflow vulnerabilities.
5ef830b76363e63cb210ad6430c78b70eb6b48046505b2ad0ce4186e704c1a6cRed Hat Security Advisory 2022-0306-02 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include deserialization and integer overflow vulnerabilities.
e49c5e8561512072041f10e5d1e1969706a6098a8abcbb9592f05d8fbdd31ef5Red Hat Security Advisory 2022-0308-10 - The OpenShift Container Storage solution provides persistent storage service for OpenShift Containers and OpenShift Infrastructure services.
4e60816333a7ea941ad58a15ac8a56079a3d3b548e5578d446d25484f27fe847Red Hat Security Advisory 2022-0312-02 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include deserialization and integer overflow vulnerabilities.
819701f865e2854a8fb9438edcafc576f16d64e054736ef57fad78bdfa07f6c2Red Hat Security Advisory 2022-0310-04 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR5.
953a8a9fad6f6b144269e37f9415d4642ed74c65588f41c62c37a40c44b8e46fRed Hat Security Advisory 2022-0318-06 - An update is now available for Red Hat Openshift distributed tracing 2.1.
95488ca2caa7c12ad10f5f7f0dc4422f0de507352639644a064fa20f4e8371c8Red Hat Security Advisory 2022-0307-03 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include deserialization and integer overflow vulnerabilities.
7ba4e2c4165f2f8345a1cbddee11dcf1dc9630434812b1a5d29ed117217aed0aUbuntu Security Notice 5254-1 - It was discovered that shadow incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or expose sensitive information. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that shadow incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information.
858b88ea3ec43f6082b7cd185a60cc2aa9521c63ecf08ddb13038428d330f54bZeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.
8d9a028ca9fec7ad4a9e48a763e296052384cf402ea4cd371577bff183c27451Ubuntu Security Notice 5247-1 - It was discovered that vim incorrectly handled parsing of filenames in its search functionality. If a user was tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service. This issue only affected Ubuntu 21.10. It was discovered that vim incorrectly handled memory when opening and searching the contents of certain files. If a user was tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.10.
0f31c723fcf492f4c599406b080fe0688ba5d8d947f3a76dd2aeb25ec43c83f6Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.
f427294ed674e37d34a1b756a2190de17937e046ef21abb3ae37bba018a760f1Gentoo Linux Security Advisory 202201-1 - A vulnerability in polkit could lead to local root privilege escalation. Versions less than 0.120-r2 are affected.
d11426713b556943aaabfa3a7507c7905257729200bd39fec54ff2e0f803eb1fSAP Enterprise Portal with ENGINEAPI versions 7.10, 7.30, 7.31, 7.40, and 7.50 suffers from an XSLT injection vulnerability.
da6ac9ab738f2080b02cc97608aef6a101c7d751b2f8886505ca291243379d5fRed Hat Security Advisory 2022-0181-05 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.54. Issues addressed include a code execution vulnerability.
73d36f9fbdaf2a788f122df40acc17a5801dd1fdfc2fd2a62a7fab55f3bdda30SAP CommonCryptoLib suffers from a null pointer dereference vulnerability. An unauthenticated attacker without specific knowledge of the system can send a specially crafted packet over a network which will trigger an internal error causing the system to crash and remain unavailable.
4e1a256c3f431f4168136d27f62d96f748180dc8bdcac0d78e7fd1c23eb39487SAP Enterprise Portal with EP-RUNTIME component versions 7.30, 7.31, 7.40, and 7.50 suffer from an open redirection vulnerability.
31e789c3fc612f938cd56d5fab9f4d359a5679a1c9bc3ae446b98afd67ad0c83Red Hat Security Advisory 2022-0303-02 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include a buffer overflow vulnerability.
102f97515e84e14f93a9cd7b93098bdf0b40749fe342b272ebee131d1de43286WordPress RegistrationMagic V plugin versions 5.0.1.5 and below suffer from a remote SQL injection vulnerability.
fc704ca5ead8ef607cb727b84f02e144261f21080490cda78592accedd147834
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed