Red Hat Security Advisory 2022-7874-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.53. Issues addressed include a code execution vulnerability.
85e6274c67ee28e8ecf094f45e514c4c3e9eeadc0ca46dce10845a5ae0bac975Red Hat Security Advisory 2022-7865-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.41. Issues addressed include a man-in-the-middle vulnerability.
6f1f37e153b326b2fd8d49dcf1ba5599e4d6106034999e2c31a809b0fa14f6f0Ubuntu Security Notice 5686-2 - USN-5686-1 fixed several vulnerabilities in Git. This update provides the corresponding fix for CVE-2022-39260 on Ubuntu 16.04 ESM. Kevin Backhouse discovered that Git incorrectly handled certain command strings. An attacker could possibly use this issue to cause a crash or arbitrary code execution.
7c55176af95c8d316fd0b090742e85481704c14d13826cce6e070cdc7d1c71f0Debian Linux Security Advisory 5285-1 - Multiple security vulnerabilities have been found in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for information disclosure or the execution of arbitrary code.
5954aa3a6292b16c124f88a5565b25ffb1de65f24ab2438dbac72d360d3842cdUbuntu Security Notice 5732-1 - It was discovered that Unbound incorrectly handled delegations with a large number of non-responsive nameservers. A remote attacker could possibly use this issue to cause Unbound to consume resources, leading to a denial of service.
d5a84972ef23fdec7088587f3b3731521f203ef1328c2d358dc3fd732874a924Debian Linux Security Advisory 5284-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.
38e1e821f6402a69957dafce0462e7fa54982b8d1a7e196da83411f864a07c98Red Hat Security Advisory 2022-8524-01 - Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 8.4.0 replaces Data Grid 8.3.1 and includes bug fixes and enhancements. Find out more about Data Grid 8.4.0 in the Release Notes[3]. Issues addressed include cross site scripting and denial of service vulnerabilities.
bf83175af6bd8f86227a3df154656e0d2511b3653027b8064dd712094546c645Red Hat Security Advisory 2022-8532-01 - Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments. Issues addressed include a HTTP request smuggling vulnerability.
f99ca7ea9ed243473d6fbea7af48141d48e50c717dd4fa1cb777903b4b37e19eUbuntu Security Notice 5638-2 - USN-5638-1 fixed a vulnerability in Expat. This update provides the corresponding updates for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Rhodri James discovered that Expat incorrectly handled memory when processing certain malformed XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
0d692189046a0e9373724b41008cffba2f050fa2dc5520bfce444df5a9c035b3Ubuntu Security Notice 5730-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
82f654d00686895db438b4366f58202c68cffce2c89495df58f2794e67d2ca38Ubuntu Security Notice 5731-1 - It was discovered that multipath-tools incorrectly handled symlinks. A local attacker could possibly use this issue, in combination with other issues, to escalate privileges. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. It was discovered that multipath-tools incorrectly handled access controls. A local attacker could possibly use this issue, in combination with other issues, to escalate privileges.
9624ae8fb4d6e0770272c04b66838bae629e7de815fff8a5dfa0edc820f31a3aPatrIoT provides a four-stage IoT vulnerability research methodology built on top of four key elements: logical attack surface decomposition, compilation of top 100 weaknesses, lightweight risk scoring, and step-by-step penetration testing guidelines. The proposed methodology is evaluated with multiple IoT products. The results indicate that PatrIoT allows cyber security practitioners without much experience to advance vulnerability research activities quickly and reduces the risk of critical IoT penetration testing steps being overlooked.
7ef04fa8b69b383da473db2f732cbb05957268406e540aab12aa566dc3408119In the function AppleAVDUserClient::decodeFrameFig, a location in the decoder's IOSurface input buffer is calculated, and then bzero is called on it. The size of this IOSurface's allocation is controllable by the userspace caller, so the calculated pointer can go out of bounds, leading to memory corruption. This issue could potentially allow an unprivileged local application to escalate its privileges to the kernel.
a9f971c8dcec3381b92b6bafb61fc99c1b1da326eec460ede2682c51580f3f3eIn AppleAVD.kext, pixel buffers are mapped by calling AppleAVDUserClient::_mapPixelBuffer, which eventually calls AppleAVD::allocateKernelMemoryInternal. If the buffer is an IOSurface, the function calls IOSurface::deviceLockSurface before allocating memory by calling prepare. But when a pixel buffer is unmapped by calling AppleAVDUserClient::_unmapPixelBuffer, which calls AppleAVD::deallocateKernelMemoryInternal, the IOSurface is not locked before calling complete. This means that mapping and unmapping can occur at the same time, leading to kernel memory corruption. This bug could allow escalation to kernel privileges from a local app.
fa06dd34c9fcfaf9f03c6a70c7fd7fc078ff6872d40e76e3295731e58256ce8a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed