Red Hat Security Advisory 2022-8647-01 - Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
8d7766e814b61e6dcc91a5e80089be9cdcb2207fb48aa3e28f3a60c17b72d44d
Red Hat Security Advisory 2022-8645-01 - Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
fd889b46081ac4a06098a93ad6caad76da4e7c9f81203881f46dfcbd807df743
Red Hat Security Advisory 2022-8641-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.
e1c88b5425ec5ed0bfafdfb1bb34c79b493df323417ebe80b94013a6164c8e91
Red Hat Security Advisory 2022-8637-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.
4e44a8266baa587b58e84ee26c227f9b2ad102b7714f8ee75cd7b592b230f030
Ubuntu Security Notice 5743-1 - It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.
76560acae7e4f7c49d3b954be28a8983a71c85e0d0d5651f1eb15e998f3d7e0e
Backdoor.Win32.Autocrat.b malware suffers from a weak hardcoded credential vulnerability.
d7a1dbe69c51797b7a119cf51d50bfdc0cf2f5d6383559a3c42e0b551d24f2ff
Ubuntu Security Notice 5742-1 - It was discovered that JBIG-KIT incorrectly handled decoding certain large image files. If a user or automated system using JBIG-KIT were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service.
5e6b01c7b9590d67ac5d2f31e28ada5bb831dc18ea0d6437e725f0dbdfaa990e
Win32.Ransom.Conti ransomware fails to encrypt non PE files that have a ".exe" in the filename. Creating specially crafted file names successfully evaded encryption for this malware sample.
d9c0e9406b722512df44cebb17c86eb5064420bbea72fa35eda62ac98a591282
Trojan.Win32.DarkNeuron.gen malware creates an IPC pipe with a NULL DACL allowing RW for the Everyone user.
419a95e24053a48a5b8a151771f5d30d68d5dbe8ac113c538ae6b1f007c00d2a
Ubuntu Security Notice 5741-1 - It was discovered that Exim incorrectly handled certain regular expressions. An attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code.
c46261cbbb9d48d6c57b8a00ef1a2dcf11ea8b4fa2eade1ae7192c04c57bd1ae
Helmet Store Showroom version 1.0 suffers from an authenticated remote SQL injection vulnerability.
3e66b115ba8748f4ad2101302dc9ed47242e049cd2dfe657bde160d836d22cee
Sanitization Management System version 1.0 suffers from a remote SQL injection vulnerability. This entry was updated in January of 2024 with additional findings.
3a4de72e3b739ff23b5ce1e6d25229108f69fd6464014bc7ad7fb001ce6a3b8c
Chrome suffers from a heap use-after-free vulnerability in blink::LocalFrameView::PerformLayout due to an incomplete fix for CVE-2022-3199.
ede5dbd6ee9c5895a1b02c8bc6cefd5dfe9adef84fd2fceb45bd3140cd0fa16b
XNU suffers from a vm_object use-after-free vulnerability due to invalid error handling in vm_map_enter.
5ef6c77b173e377d874346d025662d6a74af50dd2789a4af20f0430f362f87df
XNU suffers from a dangling PTE entry due to integer truncation when collapsing vm_object shadow chains.
29e4042cd9a0b7666d0b7fda5c45703a1a078adf7f5202670b30f28e36559698
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.
c17f784c29aa5d80215602a82fa8f43456ed9eb244957e34e17f303fef273642
This Metasploit module exploits a newline injection into an RPM .rpmspec file that permits authenticated users to remotely execute commands. Successful exploitation results in remote code execution as the root user.
ab0811cdeca1e7b40855fbeb9922d915dac86f0ccb16efdb3855d5d39ebf43ac
Ubuntu Security Notice 5736-1 - It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. Zhang Xiaohui discovered that ImageMagick incorrectly handled certain values when processing image data. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 22.10.
28bcc3309e2412154b73e7a7b025bf5c7fb44a94c51dcae90eb2f22c2656e75f
Red Hat Security Advisory 2022-8535-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.16. Issues addressed include a denial of service vulnerability.
5a6cf9c8bb571302d2728392c0a11dbcbedc87ca6142eda5bbc607ee9eae46d8
Red Hat Security Advisory 2022-8534-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.16. Issues addressed include a denial of service vulnerability.
7be9eb38ebc4c2855a6120b3303c829f55e132e706368cfd3f578bcab6da27ee
Ubuntu Security Notice 5740-1 - It was discovered that X.Org X Server incorrectly handled certain inputs. An attacker could use these issues to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code.
b5857b479bebbc5b894d821a73461bef7882ec20e455fb88ee54d65008fad68b
Ubuntu Security Notice 5739-1 - Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues. MariaDB has been updated to 10.3.37 in Ubuntu 20.04 LTS and to 10.6.11 in Ubuntu 22.04 LTS and Ubuntu 22.10. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
29d50fb9708f72d812a4366f40ff78abf9cf1cadbed13ef82de93ce95c2d9d97
Ubuntu Security Notice 5638-3 - USN-5638-1 fixed a vulnerability in Expat. This update provides the corresponding updates for Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. This update also fixes a minor regression introduced in Ubuntu 18.04 LTS.
2532563008e029e5ba0c79ed2b95123070ba281491fe1c60cfa1f24a3d4a0ee8
Ecommerce version 1.0 suffers from cross site scripting and open redirection vulnerabilities.
10974d3f0eb8f35db411dab410b7a1c77554ed694b184ccc2855d4f78f6cf262
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.
d01aa72864b1128513c0b3667148e765f83cd9f0befe9a751c51f0f19a8ba280