Apple Security Advisory 2022-05-16-6 - tvOS 15.5 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.
5480893244307a0f7793b1e15ce9f59e15579367d1804417f9bc81c154d6f4acApple Security Advisory 2022-05-16-5 - watchOS 8.6 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.
fcb6dedf7ecf800ff5544046d1316a1df6c389b573da6a5559a7fdfb740d5acdApple Security Advisory 2022-05-16-4 - Security Update 2022-004 Catalina addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
1457e96d61b184fbf3ed170c9802dbce7d15ed833ab54d7784b078ed15b160e1Apple Security Advisory 2022-05-16-2 - macOS Monterey 12.4 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
c8eee02086d45b9c9a2776ce254bee0daede9360e0231556fd5fec341d3407c0Apple Security Advisory 2022-05-16-1 - iOS 15.5 and iPadOS 15.5 addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.
dde1d552c35f2995a88956c43d2ed8e85b607bc8d90f69562c2416a22d95e796This Metasploit module exploits a stack buffer overflow in the Cisco RV series router's SSL VPN functionality. The default SSL VPN configuration is exploitable, with no authentication required and works over the Internet! The stack is executable and no ASLR is in place, which makes exploitation easier. Successful execution of this module results in a reverse root shell. A custom payload is used as Metasploit does not have ARMLE null free shellcode. This vulnerability was presented by the Flashback Team in Pwn2Own Austin 2021 and OffensiveCon 2022. For more information check the referenced advisory. This module has been tested in firmware versions 1.0.03.15 and above and works with around 65% reliability. The service restarts automatically so you can keep trying until you pwn it. Only the RV340 router was tested, but other RV series routers should work out of the box.
619682621429d96cd23a1e1bcd69a008398c5244223265886c52e2e417242d02Red Hat Security Advisory 2022-1810-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include buffer overflow and denial of service vulnerabilities.
ed90db77dc4754094e0035cc37fe0c1e014c1073c5cdaae5a6cd9da78e2c94daRed Hat Security Advisory 2022-1988-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, denial of service, information leakage, integer overflow, memory leak, out of bounds read, out of bounds write, privilege escalation, and use-after-free vulnerabilities.
37a2bc5df5427ed04000a8d10823bd2aed8f25a960acdbe741e5cfa028d617dfRed Hat Security Advisory 2022-1759-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include buffer overflow, integer overflow, null pointer, out of bounds access, out of bounds read, and use-after-free vulnerabilities.
cf2c26724e7650e1aeb0964cd78478438588a1ed37ddff36eb738dc4866cc442Red Hat Security Advisory 2022-1975-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, denial of service, information leakage, integer overflow, out of bounds read, out of bounds write, privilege escalation, and use-after-free vulnerabilities.
76e7a83f67a9594d044f0555940c9cdc95fcacfd7cb6fe3ce07a4e4115106e22Red Hat Security Advisory 2022-2031-01 - libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Issues addressed include a buffer overflow vulnerability.
99f67d3e5873587a717a66b1ddacad59122c8692e3fefaf1169520a8c0bbacd6Red Hat Security Advisory 2022-1991-01 - The cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another. Issues addressed include integer overflow and out of bounds write vulnerabilities.
24a0cf7784baf59e62fa1e4f391e96a61f3b8c3c80212b5da1fd9457fef97e39Microsoft's CMD.EXE suffers from an integer overflow vulnerability that can cause a denial of service.
0dd89aa95efb736688b5ffc10611f37891e22e136b3e6479a503952ce6a9f6e3Red Hat Security Advisory 2022-1777-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include buffer overflow, bypass, code execution, cross site scripting, information leakage, out of bounds read, and use-after-free vulnerabilities.
1b42edcf15bc395449a2f06f7c24ba1c5002c9b86ced5974af0fc8fe1f4ffeb1Red Hat Security Advisory 2022-1808-01 - GNU Aspell is a spell checker designed to eventually replace Ispell. It can either be used as a library or as an independent spell checker. Issues addressed include a buffer overflow vulnerability.
c99b19ffd02de82a92a5fd528999f602f4797e92e3e2d9c8ada270ebc0472c80Red Hat Security Advisory 2022-1556-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Issues addressed include an integer overflow vulnerability.
f1c69783af1c2a576f6d2fe8a921eca44f3f5f67e8fada605cebecdcdc089e7cRed Hat Security Advisory 2022-1557-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Issues addressed include an integer overflow vulnerability.
3158fc1129575174341c7fa063aa1194c07ab45a783012f0896772de28542d04Backdoor.Win32.Jokerdoor malware suffers from a buffer overflow vulnerability.
949be84608d28e27970c8245bf2a554a1d7bacb3e2ebe644ebb97328491fc4b5Ubuntu Security Notice 5389-1 - It was discovered that Libcroco was incorrectly accessing data structures when reading bytes from memory, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. It was discovered that Libcroco was incorrectly handling invalid UTF-8 values when processing CSS files. An attacker could possibly use this issue to cause a denial of service.
55f0191b02e02399bd4983d04afd3a49a8ceefe82368abffe402e2f5e947687cPrime95 version 30.7 build 9 suffers from a buffer overflow vulnerability.
79bac0b7ca9b464728e6052f0272701247728bd55953b88870a22da80055f1bcRed Hat Security Advisory 2022-1389-01 - This release adds the new Apache HTTP Server 2.4.37 Service Pack 11 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10 and includes bug fixes and enhancements. Issues addressed include HTTP request smuggling, buffer overflow, bypass, null pointer, and use-after-free vulnerabilities.
543450d6c14d4c09bcf5947c484b86e571d3712934810fc7815f183da6554438Red Hat Security Advisory 2022-1390-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 11 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10 and includes bug fixes and enhancements. Issues addressed include HTTP request smuggling, buffer overflow, bypass, null pointer, and use-after-free vulnerabilities.
ad0fd16dc55990a0a43914c90f2049b89914071377efc58825ef7d913c3134dbUbuntu Security Notice 5379-1 - It was discovered that klibc did not properly perform some mathematical operations, leading to an integer overflow. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that klibc did not properly handled some memory allocations on 64 bit systems. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code.
69850c1afcc1631690209befbab57cecc173d4514803a7c4e88d8a361acff09cHackTool.Win32.IpcScan.c malware suffers from a buffer overflow vulnerability.
9f6c8558b2fd54132bcbc7fb7ec9094dc5480dbb618f8e26e8945badd9b41aa7Red Hat Security Advisory 2022-1345-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 2.1.0 serves as a replacement for Red Hat AMQ Streams 2.0.1, and includes security and bug fixes, and enhancements. Issues addressed include HTTP request smuggling and integer overflow vulnerabilities.
ad7d0a5ea3bd59034ab1fa1bef28c21800f686847ce75f83e41e3e7a012f895f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed