Red Hat Security Advisory 2024-1825-03 - An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.6 Extended Update Support, Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 9.0 Extended Update Support, and Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include an integer overflow vulnerability.
4fba84c5865b83ce2be2d7d40ed4bdb7edd461ec78209e4934479634d0dbb955Red Hat Security Advisory 2024-1824-03 - An update is now available for OpenJDK. Issues addressed include an integer overflow vulnerability.
69cf7200bc97e9ee0bcf333fbf7b35e645abc82aa87783c69ba74a7962f60805Red Hat Security Advisory 2024-1823-03 - An update is now available for OpenJDK. Issues addressed include an integer overflow vulnerability.
4a5b8a3af7361517b6c931248e38031dd84a58ba291e890dd1c8040734e72e61Red Hat Security Advisory 2024-1820-03 - An update is now available for OpenJDK. Issues addressed include an integer overflow vulnerability.
4b9da8dff3c5b4294b142b77e2b204ceda4d1f31039172853ae842cc1f2a34fbRed Hat Security Advisory 2024-1817-03 - An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Issues addressed include an integer overflow vulnerability.
4b59b814abb1f6beb94c843f2e7878d96e9b753b88e25787268ef28e30c57ee6Red Hat Security Advisory 2024-1816-03 - An update is now available for OpenJDK. Issues addressed include an integer overflow vulnerability.
08915273201c7587360f439c41cf435541a56d1f327a42af01813330c85fb103Red Hat Security Advisory 2024-1815-03 - An update is now available for OpenJDK. Issues addressed include an integer overflow vulnerability.
9b57ba244fb00b55111e0d6d8f98f3b94bb2e9304a39f5e8dce4359430f33a57Debian Linux Security Advisory 5663-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or clickjacking.
476592212a64df9134adcc4f8af8746abf77e54f195e5a04cb8940b7bfc841d0pgAdmin versions 8.3 and below have a path traversal vulnerability within their session management logic that can allow a pickled file to be loaded from an arbitrary location. This can be used to load a malicious, serialized Python object to execute code within the context of the target application. This exploit supports two techniques by which the payload can be loaded, depending on whether or not credentials are specified. If valid credentials are provided, Metasploit will login to pgAdmin and upload a payload object using pgAdmin's file management plugin. Once uploaded, this payload is executed via the path traversal before being deleted using the file management plugin. This technique works for both Linux and Windows targets. If no credentials are provided, Metasploit will start an SMB server and attempt to trigger loading the payload via a UNC path. This technique only works for Windows targets. For Windows 10 v1709 (Redstone 3) and later, it also requires that insecure outbound guest access be enabled. Tested on pgAdmin 8.3 on Linux, 7.7 on Linux, 7.0 on Linux, and 8.3 on Windows. The file management plugin underwent changes in the 6.x versions and therefore, pgAdmin versions below 7.0 cannot utilize the authenticated technique whereby a payload is uploaded.
841d670fe90193388942d1169f9624f5fb5ef8dcf21530ef2dc60444dccc5377Debian Linux Security Advisory 5655-2 - The update of cockpit released in DSA 5655-1 did not correctly build binary packages due to unit test failures when building against libssh 0.10.6. This update corrects that problem.
57fb20788fae22a5cc68b4ccfe49ea83c955e36180b368ea82637c4ffc79b01eDebian Linux Security Advisory 5662-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service.
91dd197c5a6d8baaed2ebca649cbbb006dfaa18a448d23acca955357225d36ebUbuntu Security Notice 6726-3 - Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service. It was discovered that the IPv6 implementation of the Linux kernel did not properly manage route cache memory usage. A remote attacker could use this to cause a denial of service.
fbdef91004d190c96cf4e043eaae82ae1153ee17c38e14e93c908daa2a909e66Ubuntu Security Notice 6726-2 - Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service. It was discovered that the IPv6 implementation of the Linux kernel did not properly manage route cache memory usage. A remote attacker could use this to cause a denial of service.
729c2c491401a2ba3cbcc24fc7e792dce6e1d41caac420160758655bfe67ca27Ubuntu Security Notice 6725-2 - Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate certain data structure fields when parsing lease contexts, leading to an out-of-bounds read vulnerability. A remote attacker could use this to cause a denial of service or possibly expose sensitive information. Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel, leading to a use-after-free vulnerability. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code.
6d7cd6326721629b499ff1a4ed3916c1134b9cf7a03933ebb2aad8ffbd18a71dUbuntu Security Notice 6724-2 - Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service. It was discovered that the Habana's AI Processors driver in the Linux kernel did not properly initialize certain data structures before passing them to user space. A local attacker could use this to expose sensitive information.
11f429fc308aea23b94e34cc88c73194b07fa2d7d771891e940b1ec417543744Red Hat Security Advisory 2024-1868-03 - An update is now available for Red Hat build of Keycloak. Issues addressed include bypass, cross site scripting, and denial of service vulnerabilities.
30aed3acd3e4f969cf77c6d68e2564174f4c8f0552b53be6fe4b1db2999dc60eRed Hat Security Advisory 2024-1865-03 - Red Hat Single Sign-On 7.6.8 Operator enhancement and security update.
fe0e145cbaf01a4d3c51a85825c02cb74c7c1514523889ff27862d587131447eRed Hat Security Advisory 2024-1859-03 - OpenShift API for Data Protection 1.3.1 is now available. Issues addressed include a denial of service vulnerability.
83102553ae60d679c6d9440007dd884e634206ee64c59c9ab23a30e70e74f21bRed Hat Security Advisory 2024-1856-03 - An update for opencryptoki is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
6ba60b1c172a5155a0559101646e51b12c8e2b35cf26a09421d8ca5664823a4fRed Hat Security Advisory 2024-1846-03 - An update for pcs is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.
bae4ea0b9315156ac23e6e625286416898c8c44733d13d20c21cc446aeb0a5a2Red Hat Security Advisory 2024-1841-03 - An update for pcs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a denial of service vulnerability.
6dbd224d5309d7d146917d496f71c2b941315138a2ae4abb8b71c1f813864d86Red Hat Security Advisory 2024-1840-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
dbb0e877dc997c58524cca7262a66eb70f0fe145a426d12e428b8ac2842cd6efRed Hat Security Advisory 2024-1836-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
0d50182c51470a637222a85624e294df7959b1d14b436bc9d497847ee0c1772dRed Hat Security Advisory 2024-1835-03 - An update for shim is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include buffer overflow, bypass, integer overflow, and out of bounds read vulnerabilities.
bcc6d07da755900b374e9e5999f533940b17e639cb85c56c2c0ad7c71f890246Red Hat Security Advisory 2024-1834-03 - An update for shim is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Issues addressed include buffer overflow, bypass, integer overflow, and out of bounds read vulnerabilities.
6bea09ed785098d089b673e4999ce967a32853ca4cefc2dd346c8eeb079465ea
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed