Red Hat Security Advisory 2022-8647-01 - Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
8d7766e814b61e6dcc91a5e80089be9cdcb2207fb48aa3e28f3a60c17b72d44dRed Hat Security Advisory 2022-8645-01 - Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
fd889b46081ac4a06098a93ad6caad76da4e7c9f81203881f46dfcbd807df743Red Hat Security Advisory 2022-8641-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.
e1c88b5425ec5ed0bfafdfb1bb34c79b493df323417ebe80b94013a6164c8e91Red Hat Security Advisory 2022-8637-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.
4e44a8266baa587b58e84ee26c227f9b2ad102b7714f8ee75cd7b592b230f030Ubuntu Security Notice 5743-1 - It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.
76560acae7e4f7c49d3b954be28a8983a71c85e0d0d5651f1eb15e998f3d7e0eBackdoor.Win32.Autocrat.b malware suffers from a weak hardcoded credential vulnerability.
d7a1dbe69c51797b7a119cf51d50bfdc0cf2f5d6383559a3c42e0b551d24f2ffUbuntu Security Notice 5742-1 - It was discovered that JBIG-KIT incorrectly handled decoding certain large image files. If a user or automated system using JBIG-KIT were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service.
5e6b01c7b9590d67ac5d2f31e28ada5bb831dc18ea0d6437e725f0dbdfaa990eWin32.Ransom.Conti ransomware fails to encrypt non PE files that have a ".exe" in the filename. Creating specially crafted file names successfully evaded encryption for this malware sample.
d9c0e9406b722512df44cebb17c86eb5064420bbea72fa35eda62ac98a591282Trojan.Win32.DarkNeuron.gen malware creates an IPC pipe with a NULL DACL allowing RW for the Everyone user.
419a95e24053a48a5b8a151771f5d30d68d5dbe8ac113c538ae6b1f007c00d2aUbuntu Security Notice 5741-1 - It was discovered that Exim incorrectly handled certain regular expressions. An attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code.
c46261cbbb9d48d6c57b8a00ef1a2dcf11ea8b4fa2eade1ae7192c04c57bd1aeHelmet Store Showroom version 1.0 suffers from an authenticated remote SQL injection vulnerability.
3e66b115ba8748f4ad2101302dc9ed47242e049cd2dfe657bde160d836d22ceeSanitization Management System version 1.0 suffers from a remote SQL injection vulnerability. This entry was updated in January of 2024 with additional findings.
3a4de72e3b739ff23b5ce1e6d25229108f69fd6464014bc7ad7fb001ce6a3b8cChrome suffers from a heap use-after-free vulnerability in blink::LocalFrameView::PerformLayout due to an incomplete fix for CVE-2022-3199.
ede5dbd6ee9c5895a1b02c8bc6cefd5dfe9adef84fd2fceb45bd3140cd0fa16bXNU suffers from a vm_object use-after-free vulnerability due to invalid error handling in vm_map_enter.
5ef6c77b173e377d874346d025662d6a74af50dd2789a4af20f0430f362f87dfXNU suffers from a dangling PTE entry due to integer truncation when collapsing vm_object shadow chains.
29e4042cd9a0b7666d0b7fda5c45703a1a078adf7f5202670b30f28e36559698Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.
c17f784c29aa5d80215602a82fa8f43456ed9eb244957e34e17f303fef273642This Metasploit module exploits a newline injection into an RPM .rpmspec file that permits authenticated users to remotely execute commands. Successful exploitation results in remote code execution as the root user.
ab0811cdeca1e7b40855fbeb9922d915dac86f0ccb16efdb3855d5d39ebf43acUbuntu Security Notice 5736-1 - It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. Zhang Xiaohui discovered that ImageMagick incorrectly handled certain values when processing image data. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 22.10.
28bcc3309e2412154b73e7a7b025bf5c7fb44a94c51dcae90eb2f22c2656e75fRed Hat Security Advisory 2022-8535-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.16. Issues addressed include a denial of service vulnerability.
5a6cf9c8bb571302d2728392c0a11dbcbedc87ca6142eda5bbc607ee9eae46d8Red Hat Security Advisory 2022-8534-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.16. Issues addressed include a denial of service vulnerability.
7be9eb38ebc4c2855a6120b3303c829f55e132e706368cfd3f578bcab6da27eeUbuntu Security Notice 5740-1 - It was discovered that X.Org X Server incorrectly handled certain inputs. An attacker could use these issues to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code.
b5857b479bebbc5b894d821a73461bef7882ec20e455fb88ee54d65008fad68bUbuntu Security Notice 5739-1 - Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues. MariaDB has been updated to 10.3.37 in Ubuntu 20.04 LTS and to 10.6.11 in Ubuntu 22.04 LTS and Ubuntu 22.10. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
29d50fb9708f72d812a4366f40ff78abf9cf1cadbed13ef82de93ce95c2d9d97Ubuntu Security Notice 5638-3 - USN-5638-1 fixed a vulnerability in Expat. This update provides the corresponding updates for Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. This update also fixes a minor regression introduced in Ubuntu 18.04 LTS.
2532563008e029e5ba0c79ed2b95123070ba281491fe1c60cfa1f24a3d4a0ee8Ecommerce version 1.0 suffers from cross site scripting and open redirection vulnerabilities.
10974d3f0eb8f35db411dab410b7a1c77554ed694b184ccc2855d4f78f6cf262Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.
d01aa72864b1128513c0b3667148e765f83cd9f0befe9a751c51f0f19a8ba280
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed