Simmeth System GmbH Supplier Manager (Lieferantenmanager) versions prior to 5.6 suffer from authentication bypass, code execution, cross site scripting, information leakage, remote SQL injection, and various other vulnerabilities.
6eddce047a1f5ab31ff59fc32cdd934d9a0dbd6474090fe26968d79a7d77daf2VMware Cloud Foundation (NSX-V) contains a remote code execution vulnerability via XStream open source library. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. Due to an unauthenticated endpoint that leverages XStream for input serialization in VMware Cloud Foundation (NSX-V), a malicious actor can get remote code execution in the context of root on the appliance. VMware Cloud Foundation 3.x and more specific NSX Manager Data Center for vSphere up to and including version 6.4.13 are vulnerable to remote command injection. This Metasploit module exploits the vulnerability to upload and execute payloads gaining root privileges.
e1f5fa59aee9a79145c46b8829a1543dbca23d36d00d330dacc1326a5f871b45Apple Security Advisory 2022-11-09-2 - macOS Ventura 13.0.1 addresses code execution and integer overflow vulnerabilities.
10c454d0b0b5904ed0e2f71ab984574a625e84a942a9a8406aa6c1ec8f046856Apple Security Advisory 2022-11-09-1 - iOS 16.1.1 and iPadOS 16.1.1 addresses code execution and integer overflow vulnerabilities.
991b1f0f1c1f623df67f682fb82885b28002056c66e1c73a9fcc14f5d20a12adRed Hat Security Advisory 2022-7933-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include code execution, denial of service, double free, information leakage, null pointer, out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.
c7306cb3e2d21e76d1cf923d8e8152b52d296914c9dd94bd60e420cd01196ce6Red Hat Security Advisory 2022-7927-01 - KSBA is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Issues addressed include code execution and integer overflow vulnerabilities.
7384ac3b3b5d832368e91e5dd923b8a0880dc37fd564939c9df7d8452b48fa06MSNSwitch Firmware MNT.2408 suffers from a remote code execution vulnerability.
0aa2010dca8260f648fb8dbb7af7facb6c5dd2996e3ffb913fb36877a1e3b0d6SmartRG Router SR510n version 2.6.13 suffers from a remote code execution vulnerability.
dba419bb745ff6282406231b1e06978a7526ccc1828d7e4bb7c0dee6d345cbe1Gentoo Linux Security Advisory 202211-2 - A vulnerability has been found in lesspipe which could result in arbitrary code execution. Versions less than 2.06 are affected.
16e18cdaf744c7633689b386bcb9622f71915125e77fbaf726851cbe318ce073Open Web Analytics version 1.7.3 remote code execution exploit.
510a35dd10eda1581749d4f461426849b3ee8288b2d10dc43516201665b6a10cDebian Linux Security Advisory 5274-1 - Jihwan Kim and Dohyun Lee discovered that visiting a malicious website may lead to user interface spoofing. Dohyun Lee discovered that processing maliciously crafted web content may lead to arbitrary code execution. Abdulrahman Alqabandi, Ryan Shin and Dohyun Lee discovered that processing maliciously crafted web content may disclose sensitive user information.
b2cd03cb3cd51e835828566f26955b1a24433b4d4ee8969dda2279eab675c38fDebian Linux Security Advisory 5273-1 - Jihwan Kim and Dohyun Lee discovered that visiting a malicious website may lead to user interface spoofing. Dohyun Lee discovered that processing maliciously crafted web content may lead to arbitrary code execution. Abdulrahman Alqabandi, Ryan Shin and Dohyun Lee discovered that processing maliciously crafted web content may disclose sensitive user information.
6bbe81d2c9efe6e21d1f0e9b955cd92bda11b610558952c581bfaa7120f0b2dfRed Hat Security Advisory 2022-7811-01 - Expat is a C library for parsing XML documents. The mingw-expat packages provide a port of the Expat library for MinGW. Issues addressed include code execution and integer overflow vulnerabilities.
40e1bd82a4029a9b397c129156f6c862515c76db9d799f06c1e3ed5dd189a0fbRed Hat Security Advisory 2022-7704-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Issues addressed include buffer overflow, code execution, information leakage, and use-after-free vulnerabilities.
7f201e53d142f0cc702b77fbe65d70c0448bfa7a6edebd1c64382daf9d87ef81Apple Security Advisory 2022-11-01-1 - Xcode 14.1 addresses code execution vulnerabilities.
283ad9d8171efece3850247f493b6534fc49e5c0a1da52d7fc3564099bd20c39Red Hat Security Advisory 2022-7410-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.1 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP request smuggling, code execution, cross site scripting, and denial of service vulnerabilities.
20de8cac035eb0328ec9dcb7ce2f968147a87e30dacad7dfd94b929d9ff397daRed Hat Security Advisory 2022-7409-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.1 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP request smuggling, code execution, cross site scripting, and denial of service vulnerabilities.
c920db1dec3b041d6c286f4114456a9165972f7534a40725c37eb60214d02198Red Hat Security Advisory 2022-7417-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.1 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP request smuggling, code execution, cross site scripting, and denial of service vulnerabilities.
66e7c910cb690290044b2d3be37ff70715adf821991f2d81a1677e4efb1eff1dRed Hat Security Advisory 2022-7411-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.1 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP request smuggling, code execution, cross site scripting, and denial of service vulnerabilities.
783a2b010e945a3b187cff896274ec22adcdcf88ca22b7e1c6c7a3ebc2cc25ecUbuntu Security Notice 5712-1 - It was discovered that SQLite did not properly handle large string inputs in certain circumstances. An attacker could possibly use this issue to cause a denial of service or arbitrary code execution.
ce65c00028a01e0df3948e6640148ec8ae4f817b436b3dc3359958f0f796e12dRed Hat Security Advisory 2022-7216-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.51. Issues addressed include code execution and memory leak vulnerabilities.
c18c3a486447b76e9e84334f9b7ff103f33ecf705368a1ee6f116b60977636fdRed Hat Security Advisory 2022-7338-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include code execution, privilege escalation, and use-after-free vulnerabilities.
97a4f05892f5310eee304e4ddc0379cfce9b9f7cd23d75d375041238621f622eRed Hat Security Advisory 2022-7343-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include code execution and denial of service vulnerabilities.
d1b6ac62a06e19b0ef6a475cfb7101cf13b2a89489b7b9103ca8e390984ef3aeRed Hat Security Advisory 2022-7337-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include code execution, privilege escalation, and use-after-free vulnerabilities.
cecb4ff726f2e2ac5392c18e54da018333c6e9f6ac8100a7ea617dcc091c62bfIn Webmin version 1.984, any authenticated low privilege user without access rights to the File Manager module could interact with file manager functionalities such as downloading files from remote URLs and changing file permissions. It is possible to achieve remote code execution via a crafted .cgi file by chaining those functionalities in the file manager.
174516108c4d106859887c676523c5bd94d8fe133ba6657e421890c8d9f7ef89
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed