Red Hat Security Advisory 2022-1103-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
cd3da72f66a9d3620802f57598d3a1225d845ad596f9cc707e08f89d7fbccd8cRed Hat Security Advisory 2022-1108-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.12.1 serves as an update to Red Hat Process Automation Manager 7.12.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, denial of service, information leakage, and traversal vulnerabilities.
7c40dcdbc8c75f8be5ae4c4bf3f34c84f7661a55778b77830347d8a875b6c93eUbuntu Security Notice 5313-2 - USN-5313-1 fixed vulnerabilities and added features in OpenJDK. Unfortunately, that update introduced a regression in OpenJDK 11 that could impact interoperability with some popular HTTP/2 servers making it unable to connect to said servers. This update fixes the problem.
1911934539c51bd6df28232883917c98374d9f5b205fb3970482d87c13567eefRed Hat Security Advisory 2022-1021-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.26. Issues addressed include bypass and denial of service vulnerabilities.
9643b6c8c59dc1959b8e0bc08b83042bd3461d4a3cb4eeaeb911e54bccefe6f6Red Hat Security Advisory 2022-1091-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.
547e0428253fe19394e4d502af2ba7da74aa3bbac454474bed040a5c67725505Ubuntu Security Notice 5353-1 - It was discovered that the IPsec implementation in the Linux kernel did not properly allocate enough memory when performing ESP transformations, leading to a heap-based buffer overflow. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
406d29aa368301ce542b4f6f12fd32301120acf9aa904fef9458e3370d29fa8dRed Hat Security Advisory 2022-1083-01 - Red Hat Advanced Cluster Management for Kubernetes 2.3.8 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include an information leakage vulnerability.
9442197180deeb5f25977efd08ace4909b97f3f5729b4b0b9f276d27f078ba23Ubuntu Security Notice 5352-1 - It was discovered that Libtasn1 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service.
951cffd9e25ddf1ad22523ce2eefb8c889a1391d77e042330c60a977076e47a5Ubuntu Security Notice 5351-1 - Jan Schejbal discovered that Paramiko incorrectly handled permissions when writing private key files. A local attacker could possibly use this issue to gain access to private keys.
5ebff46b7927019366c4c26262bfda5d50351737a0a1eb80ff2a875a4907b62dWhen the filter_var function is used in conjunction with the flags FILTER_VALIDATE_DOMAIN and FILTER_FLAG_HOSTNAME, there is a vulnerability in PHP that allows the filter to be bypassed. A patch has been included by the researcher as the PHP security team seems to have ignored this concern.
adddea024dbdd005a547c113193969e21a6c422c65e5611f207efd46bf8ae635Message System version 1.0 suffers from a remote shell upload vulnerability.
8170a03bb95176827a82f89c1b133b2b0b7a218409494453ee6b43400a78b8a6Message System version 1.0 suffers from a local file inclusion vulnerability.
d75e21e8a6211018162bbb7942d070f7c8405b2ef826d1256c7f25275857c3f6Fingerprint Attendance version 1.0 allows for an arbitrary password reset of any user.
349d72455afa61c19576dd3b35d2b351fb9e9242b3dc49747aede103705ebd0bFingerprint Attendance version 1.0 suffers from a remote shell upload vulnerability.
452eb3ee24c8a991d97de78ec5746488245a9a38b450e35ee82a4b76c1b19e8fFingerprint Attendance version 1.0 suffers from a remote SQL injection vulnerability.
ea4634340bfbd35d88bc8b15ecde35139882faa21acf2cecdd186022fc7b480eSports Complex Booking System version 1.0 suffers from a local file inclusion vulnerability.
c37a2040e63761f072da506d3c0fb1c63067a2b28d02b4a6291592e84d8a1f0cDebian Linux Security Advisory 5085-2 - The update for expat released as DSA 5085-1 introduced regressions for applications using URI characters (':' in particular) for a namespace separator (while the HTML API docs of function XML_ParserCreateNS have been advising against their use). Updated expat packages are now available which relax the fix for CVE-2022-25236 with regard to RFC 3986 URI characters.
d518bc8536e0ddf3fe6cfe3ace97c1a0386a4b855e7af45f346007135b20089dDebian Linux Security Advisory 5088-1 - Brief introduction
dee4f00088252d6d121b41c7d234c8f930905a04f6badedea9f5687f59bcc44fDebian Linux Security Advisory 5089-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
80fd42e30a2a360173b0c33b13bd03451c01ce066a8f77350aaf7909db8af665Debian Linux Security Advisory 5090-1 - Two security issues have been found in the Mozilla Firefox web browser, which result in the execution of arbitrary code.
d8d2d7425e1b040e61e41ab3863893c2a0895769dbb7c36e395f9d423caa0525Debian Linux Security Advisory 5091-1 - Felix Wilhelm discovered that the containerd container runtime was susceptible to information disclosure via malformed container images.
e63a6746ffb3a0ebb5b67732d4e19941b8a93c8206828f44778f919a2ccbf65dDebian Linux Security Advisory 5092-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
f552af15f42a43d3bd0ed3cf4abd129ea2e3af33a492249e58c49290a8e65d87Debian Linux Security Advisory 5093-1 - It was discovered that SPIP, a website engine for publishing, would allow a malicious user to execute arbitrary code.
690d288b2f014e89a760c6985b3732a832e9c702b81c05ffd8ea9a3833f63264Debian Linux Security Advisory 5094-1 - Two security issues were discovered in Thunderbird, which could result in the execution of arbitrary code.
26aa5f5512f60f1821a87127469a08e66fd1148d2cf05de9f41b605530f3bf2eDebian Linux Security Advisory 5095-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
271e4b7d1b99d28febed5f00c4b01bf76715f4001e068e7da511f20bacd0d4ff
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed