Ubuntu Security Notice 5246-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, conduct spoofing attacks, bypass security restrictions, or execute arbitrary code.
bb2e4c8ab0377f822fe6dea499ddee9a3c91b266aa305adc3d5390e4e6812690Red Hat Security Advisory 2022-0227-04 - Openshift Logging Bug Fix Release. Issues addressed include code execution and denial of service vulnerabilities.
524b9d8e7fae076a0218fa8ec49657291b2e337cf931184a67eff95ddb42d52aRed Hat Security Advisory 2022-0225-02 - Openshift Logging Bug Fix Release. Issues addressed include a code execution vulnerability.
c44818445185b5b9eb10bd94b0028919fa20c198b843f36adc8b60109b6edd44Red Hat Security Advisory 2022-0226-04 - OpenShift Logging Bug Fix Release. Issues addressed include code execution and denial of service vulnerabilities.
f45a4daaac33bae7e1100a60c8fb55bb1cbe77c8aa5ef50743cb24022a7380feRed Hat Security Advisory 2022-0223-02 - A minor version update is now available for Red Hat Camel K that includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and denial of service vulnerabilities.
af1dffa6e0ac34a66deb47e28f78f747246b426fc1a6679d8adeeaeca095b063Red Hat Security Advisory 2022-0222-02 - This update of Red Hat Integration - Camel Extensions for Quarkus serves as a replacement for 2.2 GA. Issues addressed include code execution and denial of service vulnerabilities.
68d13130bc2f69e24bed215494e5bc7bc7e78f76f91132c976acd5299a52c762Red Hat Security Advisory 2022-0219-03 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 1.6.6 serves as a replacement for Red Hat AMQ Streams 1.6.5, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a denial of service vulnerability.
60756c5ef1b1782c60d1d4b878c5ed8efeaa87d5764bfde35a5046922ada189dBanco Guayaquil for iOS version 8.0.0 suffers from a script insertion vulnerability where a user can insert malicious code into their own name and could possibly be leveraged for attacks upstream. The security team for Banco Guayaquil contacted Packet Storm on 2022/02/08 to note that the issue has been addressed in new versions of the application.
67fd258d29a5a1f1144f15f1e4bbb69c7f2cb5738a374217e2ed9411f811c80eOnline Project Time Management version 1.0 suffers from a remote SQL injection vulnerability.
2593041b2f7cbe7b416b53e5fb5dc472c6a262eeb561f904b5d6d09429a54dacRed Hat Security Advisory 2022-0205-02 - Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 8.2.3 replaces Data Grid 8.2.2 and includes bug fixes and enhancements. Issues addressed include code execution and denial of service vulnerabilities.
cd250dbbc8b631f4ef49a56cd288bb1c2a6242ea87976dd61585e624dd348188The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.
40634f2e27a542b112d2e3b374ebbef7e56af18a3d8ae78da2462ab0b1e4e6b7This Metasploit module exploits a command injection vulnerability in Grandstream GXV3175 IP multimedia phones. The settimezone action does not validate input in the timezone parameter allowing injection of arbitrary commands. A buffer overflow in the phonecookie cookie parsing allows authentication to be bypassed by providing an alphanumeric cookie 93 characters in length. This module was tested successfully on Grandstream GXV3175v2 hardware revision V2.6A with firmware version 1.0.1.19.
d0fc19a40c910116b96508ffd011c4004a203947a4105f88adf98dfcb129e127VMware vCenter Server is affected by the Log4Shell vulnerability whereby a JNDI string can be sent to the server that will cause it to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the root user in the case of the Linux virtual appliance and SYSTEM on Windows. This Metasploit module will start an LDAP server that the target will need to connect to. This exploit uses the logon page vector.
a640959afe63b432e9f52c735f5ef2799a3bab57bd19790c2fcebb608d3e3a86Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.
cce3339a277e3dbab7f9c849a9cb657c9d4d0950fd8a9a1420fad6b45a2a1fa8Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.
240d9e56e6acb91ef4cf06a8a1c6c0f101c61d40cf48cccf139faef821d7040bAIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
c81505246f3ffc2e76036d43a77212ae82895b5881d9b9e25c1361b1a9b7a846William Liu and Jamie Hill-Daniel discovered that the file system context functionality in the Linux kernel contained an integer underflow vulnerability, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.
ebdd28169715872d3dae12d04faac30cc03a75e8432f2814b583409805684cf6Red Hat Security Advisory 2022-0083-03 - This release of Red Hat build of Eclipse Vert.x 4.1.8 GA includes security updates. For more information, see the release notes listed in the References section. Issues addressed include code execution and denial of service vulnerabilities.
24d4e3d0f6f554caca41028699284d0f12ccf8d2788aba8df711c0ae434e4e18Red Hat Security Advisory 2022-0216-06 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include code execution and denial of service vulnerabilities.
281f02999e731e669e2b47357df331e1d340b028336f73a01d9e81a5d0009985Ubuntu Security Notice 5243-1 - David Bouman discovered that AIDE incorrectly handled base64 operations. A local attacker could use this issue to cause AIDE to crash, resulting in a denial of service, or possibly execute arbitrary code.
bfebbb3ece1658aff738be79c7f134e2a0be247fb2c4bd9aaa0e4baeedb807b8Ubuntu Security Notice 5242-1 - It was discovered that Open vSwitch incorrectly handled certain fragmented packets. A remote attacker could possibly use this issue to cause Open vSwitch to consume resources, leading to a denial of service.
77f8da0e77c6ef919feee5799eb6b9efb97a2189371d1bd1cc64792259209d4dUbuntu Security Notice 5021-2 - USN-5021-1 fixed vulnerabilities in curl. This update provides the corresponding updates for Ubuntu 16.04 ESM. Harry Sintonen and Tomas Hoger discovered that curl incorrectly handled TELNET connections when the -t option was used on the command line. Uninitialized data possibly containing sensitive information could be sent to the remote server, contrary to expectations.
cede935a59164fab44bf9dcd2dc33490586a63319e73fe18ccbedba4041ff602Red Hat Security Advisory 2022-0203-03 - The releases of Red Hat Fuse 7.8.2, 7.9.1 and 7.10.1 serve as a patch to Red Hat Fuse on Karaf and Red Hat Fuse on Spring Boot and includes security fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and denial of service vulnerabilities.
f8f49c5ce9654d296d93186fe4a411f91a37373917ccb904ee88d4aee08b2dd8Red Hat Security Advisory 2022-0202-04 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
194b1fb3244796d500710e340e920f92f4abc83abbfaacd11163fd0cbe51025bRed Hat Security Advisory 2022-0191-03 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.9.2 images.
ff212f83b966f05194a3c89d8842a710d265243e5de79983a7c1b64df072bee3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed