Red Hat Security Advisory 2022-5163-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include a null pointer vulnerability.
9147dfc2af949bfe2afd70258be8203639ae20170deeec0d6fa658a764f8d826
Red Hat Security Advisory 2022-5152-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a cross site scripting vulnerability.
0ac0a1be111b0b9abfc2bcd94eeb4a72a6287a79b916bcce9c21e3b97cafdfdf
Red Hat Security Advisory 2022-4999-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.715. Issues addressed include a memory exhaustion vulnerability.
87381a92cabc250a866c5d6d89e677fbc839f6d9495f3a6fa42634b731772b04
Over the past year, Trail of Bits was engaged by the Defense Advanced Research Projects Agency (DARPA) to investigate the extent to which blockchains are truly decentralized. They focused primarily on the two most popular blockchains: Bitcoin and Ethereum. They also investigated proof-of-stake (PoS) blockchains and Byzantine fault tolerant consensus protocols in general. This report provides a high-level summary of results from the academic literature, as well as their novel research on software centrality and the topology of the Bitcoin consensus network.
7539c81d4b8e441403714a6c53dc14d36bda7acb1b5c0dadb8762f8d53177dd5
Ubuntu Security Notice 5489-1 - Alexander Bulekov discovered that QEMU incorrectly handled floppy disk emulation. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly leak sensitive information. It was discovered that QEMU incorrectly handled NVME controller emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS.
5e7afcf473dc350167fc86323143e719c2f4a10a84ed04040691851b4e79d4b6
Ubuntu Security Notice 5488-1 - Chancen and Daniel Fiala discovered that OpenSSL incorrectly handled the c_rehash script. A local attacker could possibly use this issue to execute arbitrary commands when c_rehash is run.
5a9ce5992671e1b5986783112d991cf1a7ac72fd0b20a0774485aa00e5df67c0
SAP Focused Run Simple Diagnostics Agent version 1.0 suffers from a directory traversal vulnerability.
21f7a32eca5fb5a3b8445fec64e7ee2ee32522fbdc628503458df594e9a7032b
SAP Focused Run Simple Diagnostics Agent version 1.0 suffers from an information disclosure vulnerability.
e6bbb17d10e51c2a6468f2275ea1b37f96888236eb62d3802793851e50ffdccd
The SAP Fiori launchpad suffers from a cross site scripting vulnerability. Various component versions are affected.
db47646a2f3d2bb8348e08cb11a244ee0d30ad7a58eb9df5ec57aa33b272ac5d
SAP Focused Run Simple Diagnostics Agent version 1.0 suffers from a missing authentication vulnerability.
5c8014f4a69c7fe9a551e4725cc39d20b7a332930fd0b9c44139ca795ce4f0e4
SAP Focused Run versions 2.00 and 3.00 suffer from a cross site scripting vulnerability.
2277fba0775e46b0814879b36b6340c560ce3825acdc9d2a5bff7b238e6c20e9
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
bf61b62aaa66c7c7639942a94de4c9ae8280c08f17d4eac2e44644d9fc8ace6f
Ubuntu Security Notice 5487-1 - It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a denial of service. It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker could possibly use this issue to cause a crash or expose sensitive information.
860ae55cf114ac7087a571ee5ee1f0fecc2575519481edd586ad7e933ae883ad
Red Hat Security Advisory 2022-5132-01 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes bug and security fixes.
bfca0ba942391c6a43c9f8d48bf4d26fb94e10f853c2bf23fb873d2cf0db5c07
OpenSSL Security Advisory 20220621 - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review.
a632f42aad9bc1de330d7aef358f76b215a0921218449031cf1f2077b68dff3a
SIEMENS-SINEMA Remote Connect versions 3.0.1.0-01.01.00.02 and below suffer from a cross site scripting vulnerability.
a3bce9850f8342f5aa74a6bc3820d1c8dfe51fd338fcf68fc68e9703dfacb807
Ubuntu Security Notice 5486-1 - It was discovered that some Intel processors did not implement sufficient control flow management. A local attacker could use this to cause a denial of service. Joseph Nuzman discovered that some Intel processors did not properly initialise shared resources. A local attacker could use this to obtain sensitive information. Mark Ermolov, Dmitry Sklyarov and Maxim Goryachy discovered that some Intel processors did not prevent test and debug logic from being activated at runtime. A local attacker could use this to escalate privileges.
7154bcd5aff205c57ae30b210e1bde57d7de007b20d635b85df4852970237c7e
Nexans FTTO GigaSwitch industrial/office switches HW version 5 suffer from having a hardcoded backdoor user and multiple outdated vulnerable software components.
811819aa67b6ad1bef552d7cc55544b3fd1c366dc092a396d3d23c2d49bd1e36
Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. Ziming Zhang discovered that the netfilter subsystem in the Linux kernel did not properly validate sets with multiple ranged fields. A local attacker could use this to cause a denial of service or execute arbitrary code.
da3d1ebf8a062796a4bf895e4a7b5810ebe229e969e2a6e2a191ecc53f90dbfe
When analyzing the USB flash drive Lepin EP-KP001, Matthias Deeg found out that it uses an insecure hardware design which allows an attacker to bypass the password-based user authentication.
aab63ef3bc7b1c7a28a491f23ff3e38331ea8654041288aca94a8bd6d5435366
Ubuntu Security Notice 5485-1 - It was discovered that some Intel processors did not completely perform cleanup actions on multi-core shared buffers. A local attacker could possibly use this to expose sensitive information. It was discovered that some Intel processors did not completely perform cleanup actions on microarchitectural fill buffers. A local attacker could possibly use this to expose sensitive information. It was discovered that some Intel processors did not properly perform cleanup during specific special register write operations. A local attacker could possibly use this to expose sensitive information.
712ea0fa8cca54c56dcdee1163b6c9f9af4877ee2b821344703659e1956a2b24
Red Hat Security Advisory 2022-4947-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.59. Issues addressed include cross site scripting and memory exhaustion vulnerabilities.
d1ce1176e259b983636a9265a4a9cdd09184aa0d9186c1f832c5cc5af990572c
Mitel 6800/6900 Series SIP Phones excluding 6970 and Mitel 6900 Series IP (MiNet) Phones have a flow to spawn a telnet backdoor on the device with a static root password enabled. Affected versions include Rel 5.1 SP8 (5.1.0.8016) and earlier, Rel 6.0 (6.0.0.368) to 6.1 HF4 (6.1.0.165), and MiNet 1.8.0.12 and earlier.
f64facd6fb1f0b3cf63d9849292f052e8efccb8ebd488f773fe95e1a28e11171
When analyzing the Verbatim Executive Fingerprint Secure SSD, Matthias Deeg found out that the content of the emulated CD-ROM drive containing the Windows and macOS client software can be manipulated. The content of this emulated CD-ROM drive is stored as ISO-9660 image in the "hidden" sectors of the USB drive that can only be accessed using special IOCTL commands, or when installing the drive in an external disk enclosure.
26ff4e832d69529801ce9581fa340d311be8da080d073cf03ef28644ddb30a51
Ubuntu Security Notice 5484-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. It was discovered that a race condition existed in the network scheduling subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
6ec0ae0395c19c7e5a1cccd288c838331c898658993f20553714a1b880f284f3