Red Hat Security Advisory 2023-0630-01 - This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include bypass and denial of service vulnerabilities.
15ccdc826c7259de9a5ec38f689d87d9fdeded3191e269f8f680ca5a0884014aRed Hat Security Advisory 2023-0631-01 - Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud. This advisory contains bug fixes and enhancements to the Submariner container images.
84040b92e1ae6d10c00822fd553a5cc4540fa54a549a4b8dda49a0daa2a4ed8aRed Hat Security Advisory 2023-0629-01 - KSBA is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Issues addressed include code execution and integer overflow vulnerabilities.
6776eec4f16c0032de484d20c9e8a78276eb90c09df1bdf8341b5be6e44b22dcDebian Linux Security Advisory 5343-1 - Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit, which may result in incomplete encryption, side channel attacks, denial of service or information disclosure.
4916517dff3b6d3fb82a697282b6e0fd5fe217beb0223ca7d7db63be7baf4ac1Ubuntu Security Notice 5847-1 - It was discovered that Grunt was not properly loading YAML files before parsing them. An attacker could possibly use this issue to execute arbitrary code. It was discovered that Grunt was not properly handling symbolic links when performing file copy operations. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code.
fd1cc18e822dad735d8f6c62fd1c2f333eab8fdd25f0f9c96985674a1e4fd27bUbuntu Security Notice 5845-1 - David Benjamin discovered that OpenSSL incorrectly handled X.400 address processing. A remote attacker could possibly use this issue to read arbitrary memory contents or cause OpenSSL to crash, resulting in a denial of service. Octavio Galland and Marcel Boehme discovered that OpenSSL incorrectly handled streaming ASN.1 data. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code.
b2fae3ad025b116aec7451725d91f5c92b860f8585a86fd648cfa9af96eba0d9Ubuntu Security Notice 5846-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
20b14bba6bf0005b56c4052dec5d080c08df04d9798cd779224b69132af76c17Ubuntu Security Notice 5844-1 - David Benjamin discovered that OpenSSL incorrectly handled X.400 address processing. A remote attacker could possibly use this issue to read arbitrary memory contents or cause OpenSSL to crash, resulting in a denial of service. Corey Bonnell discovered that OpenSSL incorrectly handled X.509 certificate verification. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 22.10.
9148a451ed73788ce14d48db0869c0d82f74b5a31944d3cbb731fc7a3633c392Ubuntu Security Notice 5810-3 - USN-5810-1 fixed several vulnerabilities in Git. This update provides the corresponding update for Ubuntu 16.04 ESM. Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain gitattributes. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
ddefb38e6746c1ce9fb7aac486ac5ea3f7c6b269887f093d613429174a76fa2bDebian Linux Security Advisory 5342-1 - Jan-Niklas Sohn discovered that a user-after-free flaw in the X Input extension of the X.org X server may result in privilege escalation if the X server is running under the root user.
d9cd986f6b68c068a98e8f263690e16240a4bad3bcee76be602630f0b4931e29Ubuntu Security Notice 5843-1 - It was discovered that tmux incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service.
a359c7a3872cb72f5ff55f827ddbd3a8e1ff6255aed1bbcd66fc63ceb10877ecAIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
f1166ad01a50f7f4523a585760c673ae11185a38cfa602ae7c9e9266effd038dRed Hat Security Advisory 2023-0565-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.26.
e3406f7337ee1e8e41117fec0a4bbbad1b232990eb8314e516c1f16954101073WordPress Metform Elementor Contact Form Builder plugin versions 3.1.2 and below suffer from a persistent cross site scripting vulnerability.
c049226eafcb4a203f2e5559ba9fda2836f1add53fb4cdf6aad29f235f957132Red Hat Security Advisory 2023-0566-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.26. Issues addressed include denial of service and out of bounds read vulnerabilities.
50ab1242efe681cb75b6ee025e1abbed5eb7409d661edde40d4b2117a74961abSysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.
23c36580c981ff7de09ab37dd19eff58ace79337657cc06e0f9ae71b20633246Debian Linux Security Advisory 5341-1 - Multiple vulnerabilities have been discovered in the WebKitGTK web engine. Francisco Alonso discovered that processing maliciously crafted web content may lead to arbitrary code execution. YeongHyeon Choi, Hyeon Park, SeOk JEON, YoungSung Ahn, JunSeo Bae and Dohyun Lee discovered that processing maliciously crafted web content may lead to arbitrary code execution.
212adcea258405c894269cd25e16fe7f3b2e83a0c7c6ce5cef79396b0daf8325This Metasploit module exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine ServiceDesk Plus versions 14003 and below (CVE-2022-47966). Due to a dependency to an outdated library (Apache Santuario version 1.4.1), it is possible to execute arbitrary code by providing a crafted samlResponse XML to the ServiceDesk Plus SAML endpoint. Note that the target is only vulnerable if it has been configured with SAML-based SSO at least once in the past, regardless of the current SAML-based SSO status.
4fbf903ff9fa864b803fbd7d746a0b2a59de1e2222a5e9821f7d2bf7760f7166Red Hat Security Advisory 2023-0608-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1.
fa1ef684bd3112ec68547eb4896aaa55c8afe9188b169bf807b9e453bb28f7abRed Hat Security Advisory 2023-0603-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1.
f8706b3cd0a696486c59da046e1d29a1f9328ddc462a201c759964f30a95aca6Debian Linux Security Advisory 5340-1 - Multiple vulnerabilities have been discovered in the WebKitGTK web engine. Francisco Alonso discovered that processing maliciously crafted web content may lead to arbitrary code execution. YeongHyeon Choi, Hyeon Park, SeOk JEON, YoungSung Ahn, JunSeo Bae and Dohyun Lee discovered that processing maliciously crafted web content may lead to arbitrary code execution.
7323df2630b7f04b8478335b4fa0c1fb95f5d7a7d242de527b89c6fa32c63eb3Red Hat Security Advisory 2023-0606-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1.
bf2f189121e28e7380669d95832096fba67d8334d0f3147102d4cc4a503b6d9eRed Hat Security Advisory 2023-0599-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.
7c1a4f14cbe6bae003a19e3a3ce344158b5cc7db8925f069f39b7d06927efa52Red Hat Security Advisory 2023-0602-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1.
20a6b00600b3205fd659f8ae7ef7bd99b2bdddfc835f35541ca91bd182dfcdc3Red Hat Security Advisory 2023-0596-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.
558be28f677d1fb569fcee5dbe02f4ea04f644b7be461799dfa4e497b6dcd642
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed