Apple Security Advisory 2022-07-20-2 - macOS Monterey 12.5 addresses bypass, code execution, information leakage, null pointer, out of bounds read, out of bounds write, and spoofing vulnerabilities.
30c718236aa0303e2a848ca5f0ff62300fca488eb543994c74cf586178d456d5Apple Security Advisory 2022-07-20-1 - iOS 15.6 and iPadOS 15.6 addresses buffer overflow, bypass, code execution, information leakage, null pointer, out of bounds read, out of bounds write, and spoofing vulnerabilities.
e78e010a4bea2ea77407fa1f36dd85e44d56dc1216952e6d8cdb14def80805a3Ubuntu Security Notice 5529-1 - It was discovered that the Atheros ath9k wireless device driver in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Yongkang Jia discovered that the KVM hypervisor implementation in the Linux kernel did not properly handle guest TLB mapping invalidation requests in some situations. An attacker in a guest VM could use this to cause a denial of service in the host OS.
900c9467490b73751623ae9022791a89235180da8de86cdb02eda9d2d8d16654Chrome has an issue where raw_ptr broke implicit scoped_refptr for receivers in base::Bind.
608734695dfbbf56d37a25c6b0e92ec571e720ac20c50496dd9608c3ee36b587Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) versions 1.31.460 and below suffer from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user via the name GET parameter in delsnap.pl Perl/CGI script which is used for deleting snapshots taken from the webcam.
d419b1daf53d0f565d05d6ba8ea75d7ee176ccb9140c55fa6180d7f9532dc155CodoForum version 5.1 suffers from a remote code execution vulnerability.
045098f70a6461ea548965fba279c18d47668837e82112dbf85f351b43ee5bafAIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.
e51bc7defd4393939e716c60405cf72a4aa1c727b6ccde44784fd235022e5017OctoBot WebInterface version 0.4.3 suffers from a remote code execution vulnerability.
e44b74ee9184e1f4fa497f4876744c69864ed4d789de8a18313422be9a4ad1c5Kite version 1.2021.610.0 suffers from an unquoted service path vulnerability.
f6c26ab826fa44ce94b3128d1027703b3451aafa787d124ff97ae6903c5c30b1Red Hat Security Advisory 2022-5673-01 - Red Hat OpenStack Platform 16.2 (Train) director operator containers, with several Important security fixes, are available for technology preview. Issues addressed include a code execution vulnerability.
e6a4b0b59b2757ea6ef380429f73c2819e182dbd4e1d06bf09b8c22eac8f952bDr. Fone version 4.0.8 suffers from an unquoted service path vulnerability.
a395c8c5023e9fa3ade5d03f2adda3d54bb86b40825eb131695b52008175f74aIOTransfer version 4.0 suffers from a remote code execution vulnerability.
c710e2da6c6ed4ef7a63d1d4f9778557d2652281b2fc26cee33fa39fd5d1ca51The Monroe Electronics / Digital Alert Systems OneNet SE DASDEC Emergency Alert System Appliance suffers from cross site scripting and html injection vulnerabilities.
82f6d98418853066b6a98235aa9b2f3a0913d729dcbf7cc7b1e70d395b6a8badUbuntu Security Notice 5528-1 - It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, or possibly execute arbitrary code.
e4399fee1fafb757db2cc7084bced0d8077ec2ee656c7d3e483d74589880986aUbuntu Security Notice 5525-1 - It was discovered that Apache XML Security for Java incorrectly passed a configuration property when creating specific key elements. This allows an attacker to abuse an XPath Transform to extract sensitive information.
5a7567c51fc5535217fe76db85a30037524b5faac7d584fbe7e0d988cc43929bUbuntu Security Notice 5527-1 - It was discovered that Checkmk incorrectly handled authentication. An attacker could possibly use this issue to cause a race condition leading to information disclosure. It was discovered that Checkmk incorrectly handled certain inputs. An attacker could use these cross-site scripting issues to inject arbitrary html or javascript code to obtain sensitive information including user information, session cookies and valid credentials.
45daf753e998edd792b4728e6f35f35c6493b1e6cc974ee1082da7f33c59b2dcUbuntu Security Notice 5526-1 - Aapo Oksman discovered that PyJWT incorrectly handled signatures constructed from SSH public keys. A remote attacker could use this to forge a JWT signature.
9f4662cb5a95ee03ce93366d52dac96d27a5c0d5e8a2c08609919e3ec43b155fEmporium eCommerce Online Shopping CMS version 1.2 suffers from a remote SQL injection vulnerability.
fb0f85b86fd9b86364521ebf50d5426b97f071383915691f325e4d51fddad0afGNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.
38b13b578e2490a99222757c64727deb97939fdf797107f986287c2944ee7541Ubuntu Security Notice 5524-1 - It was discovered that HarfBuzz incorrectly handled certain glyph sizes. A remote attacker could use this issue to cause HarfBuzz to crash, resulting in a denial of service.
4c4fae4fa3c048260e235464283b6c18557a2219f5b8da6dbb3146bb711e7c94Ubuntu Security Notice 5523-1 - It was discovered that LibTIFF was not properly performing checks to guarantee that allocated memory space existed, which could lead to a NULL pointer dereference via a specially crafted file. An attacker could possibly use this issue to cause a denial of service. It was discovered that LibTIFF was not properly performing checks to avoid division calculations where the denominator value was zero, which could lead to an undefined behavior situation via a specially crafted file. An attacker could possibly use this issue to cause a denial of service.
5a59e47169abf47600d89ed49be7fdb00d3a42d34c3e046b30db89c940dc1beaUbuntu Security Notice 5520-2 - USN-5520-1 fixed a vulnerability in HTTP-Daemon. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that HTTP-Daemon incorrectly handled certain crafted requests. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.
79767ea7fd118b9553d3687e6f37d54e7205b3ff5a5efb43f2c04f4d87d3a8d0Ubuntu Security Notice 5522-1 - Several security issues were discovered in WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
0f0f438214ff796ec27381779ba61d110957c201c68b02d7b912474263bc9aa9Spryker Commerce OS with spryker/http module versions prior to 1.7.0 suffer from a remote command execution vulnerability due to a predictable value in use.
a6d63126b4d1bdaea5938a1d895d1687c6b584abb5b278f66f4f0e3915c97bdbThe 2nd International Workshop on Cyber Forensics and Threat Investigations Challenges will take place October 10th through the 11th, 2022.
a7c38095ed781f48c0c6ba286dca77cedb7ed92dc2f3f33ab055eb407d1baa10
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed