WordPress Elementor versions 3.6.0 through 3.6.2 suffer from a remote code execution vulnerability.
6eaed5370d47ef1831e0129aff2a7f1d6e7a9d7ab393c20f0bed1962b0cecff2Red Hat Security Advisory 2022-1373-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
f57c5b22cef3163af1c33c2e82dbe6b00782a303fe5a5f924bc6584e6a35967bUbuntu Security Notice 5378-4 - USN-5378-1 fixed a vulnerability in Gzip. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Cleemy Desu Wayo discovered that Gzip incorrectly handled certain filenames. If a user or automated system were tricked into performing zgrep operations with specially crafted filenames, a remote attacker could overwrite arbitrary files.
3d8ed5f8d8d58bef0e066a69f6a4a45a720333c3ec7430f8977c97f31eb7cafcUbuntu Security Notice 5378-3 - USN-5378-2 fixed a vulnerability in XZ Utils. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Cleemy Desu Wayo discovered that Gzip incorrectly handled certain filenames. If a user or automated system were tricked into performing zgrep operations with specially crafted filenames, a remote attacker could overwrite arbitrary files.
562b3c6c5e22e5ec8d75a8bae64ee251136ebdc4a763b5bf11fb05d151ee9f97Red Hat Security Advisory 2022-1361-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.
5818a5d64c87796caf994d40794b91e5dd4d080ba38ffb6ca57fd1aee083f9c4Red Hat Security Advisory 2022-1345-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 2.1.0 serves as a replacement for Red Hat AMQ Streams 2.0.1, and includes security and bug fixes, and enhancements. Issues addressed include HTTP request smuggling and integer overflow vulnerabilities.
ad7d0a5ea3bd59034ab1fa1bef28c21800f686847ce75f83e41e3e7a012f895fRed Hat Security Advisory 2022-1248-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.48. Issues addressed include a bypass vulnerability.
8faa35073c4259895c452a9fd34a62acf47daf1b345d86827aa7d20acbc26a58Red Hat Security Advisory 2022-1360-01 - This release of Red Hat Fuse 7.10.2 serves as a replacement for Red Hat Fuse 7.10.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
8b802a8601feecd53c3be8f32936359e55d1332e1b8488cb9c96cc10a7ebf943Red Hat Security Advisory 2022-1354-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
ebde07dce286b9dea0985f0dc954ffea909c665c9cd6016197d8bcb497e1f4f9Python exploit for CVE-2022-22965 that provides a prompt to the user in the style of an ssh session. The script is designed to be easy to understand and execute, with both readability and accessibility - depending on the user's choice. Designed for exploiting the vulnerability on tomcat servers. The fileDateFormat field on the server will be set and unset as part of the script which allows the exploit to be run multiple times. Cleanup may be required. It leverages a vulnerability found in the java spring framework before version 5.2, as well as in versions 5.3.0-17 an d 5.2.0-19 and running on a version of the Java Development Kit greater than or equal to 9.
e7ba2016200c7a9f35557d8d8cb81a7016d22df9517f54de7239d50738638502Verizon's 4G LTE Network Extender is utilizing a weak default admin password generation algorithm. The password is generated using the last 4 values from device's MAC address which is disclosed on the main webUI login page to an unauthenticated attacker. The values are then concatenated with the string LTEFemto resulting in something like LTEFemtoD080 as the default Admin password. Versions GA4.38 through 0.4.038.2131 are affected.
59ce4ad0a80db9115ae14b1ebb563c934a8d4e694bb93586a6f38b338e1ab98dUbuntu Security Notice 5378-1 - Cleemy Desu Wayo discovered that Gzip incorrectly handled certain filenames. If a user or automated system were tricked into performing zgrep operations with specially crafted filenames, a remote attacker could overwrite arbitrary files.
c06bc23fc0b9e5b321a705c29c11ab72912461f71c79ca116dd9b258c9180a2bUbuntu Security Notice 5378-2 - Cleemy Desu Wayo discovered that XZ Utils incorrectly handled certain filenames. If a user or automated system were tricked into performing xzgrep operations with specially crafted filenames, a remote attacker could overwrite arbitrary files.
0946bc9bbce122e9fe240c23d4c5e5ba7a5911e1931089b31138728386bf15b8Ubuntu Security Notice 5371-1 - It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to disclose sensitive information. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
520503052384dbfca1799e58e512e8af33349b154fa6e72f5d874d504e1ff1b2Ubuntu Security Notice 5377-1 - It was discovered that the network traffic control implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges.
7e8bb3e3236447d1446aec7cdf4a4e028e781bb1a791ee70ba7d1d4a0e3b9b7bRed Hat Security Advisory 2022-1179-01 - Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of Red Hat support for Spring Boot 2.5.10 serves as a replacement for Red Hat support for Spring Boot 2.4.9, and includes bug fixes and enhancements. For more information, see the release notes listed in the References section. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
85b8d4f687468f2d182c49d4c89778120f0a1b9edb98b4a99798cd35870ff9fdRed Hat Security Advisory 2022-1333-01 - A micro version update is now available for Red Hat Camel K that includes CVE fixes in the base images, which are documented in the Release Notes document linked in the References section.
84e3b3e03146ec3ba0a8f461d400dfce1432660b1bb8dd1e467123d498398499Ubuntu Security Notice 5376-1 - 俞晨东 discovered that Git incorrectly handled certain repository paths in platforms with multiple users support. An attacker could possibly use this issue to run arbitrary commands.
3b2b24b2e408dd5b955b1779628e7854a08ca7ba76b3490af417073560f489cdUbuntu Security Notice 5372-1 - Evgeny Kotkov discovered that Subversion servers did not properly follow path-based authorization rules in certain cases. An attacker could potentially use this issue to retrieve information about private paths. Thomas Wei
08104af0d1f1e2fa5f194fd298e0636966ca88e7c1580c0aaba11dbc4d9cc087
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed