Red Hat Security Advisory 2022-4730-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.9.1.
eb1cd6b6ac5ba40cdf81912a1e74125308c385a84929f75590dd8bd2f3d06bb4Red Hat Security Advisory 2022-4721-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a privilege escalation vulnerability.
f9883ad9e6150312c7d527e96bb91bb7ce44824d08863a8198dceed0db83ab06Ubuntu Security Notice 5439-1 - Gunnar Hjalmarsson discovered that AccountsService incorrectly dropped privileges. A local user could possibly use this issue to cause AccountsService to crash or stop responding, resulting in a denial of service.
1ba0fe6423f2322fb60ea715427b119088fa6ff3ecaa64132a2f82d29d96f2c1Ubuntu Security Notice 5440-1 - Alexander Lakhin discovered that PostgreSQL incorrectly handled the security restricted operation sandbox when a privileged user is maintaining another user's objects. An attacker having permission to create non-temp objects can use this issue to execute arbitrary commands as the superuser.
afb7ac8dfa18021533dd1fe40974a4cd36cb7516b0d83f7e79b332743aa4ed7dUbuntu Security Notice 5438-1 - It was discovered that HTMLDOC did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted HTML file, a remote attacker could possibly use this issue to cause HTMLDOC to crash, resulting in a denial of service, or possibly execute arbitrary code.
542453ced915ebb7602fcd08f1d0bbe3e3d2bc6543e84431afac96174abfa1a1Ubuntu Security Notice 5437-1 - Tobias Stoeckmann discovered that libXfixes incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.
28b2613b268b5b81a61688ca5923bfc41d7ddbec6de35cfcc7df9010f9b66488I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
525f2ad3267f130b81296b3dd24102fdcf2adf098d54272da4e1be4abd87df04Ubuntu Security Notice 5436-1 - Tobias Stoeckmann discovered that libXrender incorrectly handled certain responses. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.
a68c328472176a9f2ce8d1148dfe8b7097f7b70356d0bf7472a3922ab24f6102Online Fire Reporting System version 1.0 suffers from a remote SQL injection vulnerability.
b1c3fcc5f6290ffd9b90335d1c772770c479498cbb069b16a94b8cc5ac381565Red Hat Security Advisory 2022-4717-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a privilege escalation vulnerability.
2702dee3e48d7005b19141b7d3fdd594630111f42423104e4165fc167a60f8c0Ubuntu Security Notice 5434-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass permission prompts, obtain sensitive information, bypass security restrictions, cause user confusion, or execute arbitrary code. It was discovered that Thunderbird would show the wrong security status after viewing an attached message that is signed or encrypted. An attacker could potentially exploit this by tricking the user into trusting the authenticity of a message.
237c5eb4eb47add7437e7b310f6d5827e420d60072cbc15d8576433f3ae3affeUbuntu Security Notice 5435-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass permission prompts, obtain sensitive information, bypass security restrictions, cause user confusion, or execute arbitrary code. It was discovered that Thunderbird would show the wrong security status after viewing an attached message that is signed or encrypted. An attacker could potentially exploit this by tricking the user into trusting the authenticity of a message.
237c5eb4eb47add7437e7b310f6d5827e420d60072cbc15d8576433f3ae3affeDeliverance is a file descriptor fuzzer written in bash. It injects random data into file descriptors of pids associated with a process until the program crashes, then outputs the results of what caused the crash. It leaves behind files that were used as input for the last 2 minutes before the fault, useful for reproduction.
b2d5c61d25c3596775232700731b3c52f39be5ff2131841bfe8f930ed516e6e3Red Hat Security Advisory 2022-4722-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes.
6b4f58a2af0980c8b72c69fb6b72f48a811e77f61b19f7175bd3f6c8cac99b00Ubuntu Security Notice 5434-1 - It was discovered that the methods of an Array object could be corrupted as a result of prototype pollution by sending a message to the parent process. If a user were tricked into opening a specially crafted website, an attacker could exploit this to execute JavaScript in a privileged context.
5c1a6337e78a42d03169f0ba88e8c5ab3edef10a831fc2af55998839be62848fUbuntu Security Notice 5433-1 - It was discovered that Vim incorrectly handled parsing of filenames in its search functionality. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service. It was discovered that Vim incorrectly handled memory when opening and searching the contents of certain files. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges.
8b8300d57f240b901a3f654950e0c539f204e144869f668c8135608a5cde9f4fRed Hat Security Advisory 2022-4699-01 - The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven. Issues addressed include a code execution vulnerability.
3398978f8c32415ee9443ab2197b63a37808ca5ed5f997fae73573d5b75dff6dCLink Office version 2.0 anti-spam management console suffers from a remote SQL injection vulnerability.
9676058a709b31daa10982fa1a10ec1523f7cda27a0244b0cd46de826a9d9647This is a small tool written to help decrypt encrypted TP-Link backups.
6dfd1b159b4562812a1078e17fd4ac9732d0d63aa702172f555e54c1cfb902a8This report describes a vulnerability chain that enables a malicious user to compromise another user over Zoom chat. User interaction is not required for a successful attack. The only ability an attacker needs is to be able to send messages to the victim over Zoom chat over XMPP protocol. Initial vulnerability (labeled XMPP Stanza Smuggling) abuses parsing inconsistencies between XML parsers on Zoom's client and server in order to be able to "smuggle" arbitrary XMPP stanzas to the victim client. From there, by sending a specially crafted control stanza, the attacker can force the victim client to connect to a malicious server, thus turning this primitive into a man-in-the-middle attack. Finally, by intercepting/modifying client update requests/responses, the victim client downloads and executes a malicious update, resulting in arbitrary code execution. A client downgrade attack is utilized to bypass signature check on the update installer. This attack has been demonstrated against the latest (5.9.3) client running on Windows 64-bit, however some or all parts of the chain are likely applicable to other platforms.
c5835f3651ef4f351fdd27038787c6bd633712398f3562132cf3224e2a0a5e16Ubuntu Security Notice 5432-1 - It was discovered that libpng incorrectly handled memory when parsing certain PNG files. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possible execute arbitrary code. Zhengxiong Luo discovered that libpng incorrectly handled memory when parsing certain PNG files. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possible execute arbitrary code.
54ca6d5730b37e6ead16f7d5e371061160c7f46a81e138b8550d769c11bfd6eaiTop versions prior to 2.7.5 authenticated remote command execution exploit.
a0b99a6ffb1e72f424f072c032f45fd3c9811762bc3e6fd6ab9132aafab59e6cm1k1o's Blog versions 1.3 and below suffer from an authenticated remote code execution vulnerability.
2b47e9371ac01f9cd3b2a32ec2b181b1cd6add45c1a4c22f0a31ba5ce0bfacb1Blockchain FiatExchanger version 2.2.1 suffers from a remote blind SQL injection vulnerability.
bd6447df12937c57076ad4d0d5107320b3c62fd6546ee327bfacdb2dac5e077eBlockchain AltExchanger version 1.2.1 suffers from multiple remote SQL injection vulnerabilities.
768082d75640db5a3a48bae35e88f8cd7a20a4fd520ce42edba1191185d3d76e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed