Red Hat Security Advisory 2022-5924-01 - Service Telemetry Framework provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform deployment for storage, retrieval, and monitoring.
833b91155aa03699b892bf1d0dee5fa04c60f68d328462973266e1fb470c8d60Matrimonial PHP Script version 1.0 suffers from a remote SQL injection vulnerability.
dea1ba958ed1aef8b263c768dc1166b983798ae9571329778e696710463b676dPAN-OS version 10.0 suffers from a remote code execution vulnerability.
c1282cb5ecd90e16f595092c1707c237e44c6b5bd2c379fcb5da77524df6d2c8Red Hat Security Advisory 2022-5923-01 - Service Telemetry Framework provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform deployment for storage, retrieval, and monitoring.
7e8ac2d5db9cd6bd574fd29235e94db0aa016bbdfedad1357e3e498515d49bcePrestashop Blockwishlist module version 2.1.0 suffers from a remote SQL injection vulnerability.
c4740ce3e754d2170870371886153ecc56be12fc11d2a658a526807b827fdd99Ubuntu Security Notice 5554-1 - Pedro Ribeiro discovered that the GDK-PixBuf library did not properly handle certain GIF images. If an user or automated system were tricked into opening a specially crafted GIF file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code.
e3627154196feab669778608b18845cbd453c874886a6d8b9162c1db15124694Ubuntu Security Notice 5551-1 - It was discovered that mod-wsgi did not correctly remove the X-Client-IP header when processing requests from untrusted proxies. A remote attacker could use this issue to pass the header to WSGI applications, contrary to expectations.
c0d8b0811cff1c4ea3ce6d3631247e214ed04798446bc13c1afab5378aab94e1Ubuntu Security Notice 5550-1 - It was discovered that GnuTLS incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. It was discovered that GnuTLS incorrectly handled the verification of certain pkcs7 signatures. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code.
e6be1b0f70c52298ac52eaf627c11fe4e6dbb1bfd6bbff03ccc185fa6c027cc5Ubuntu Security Notice 5546-1 - Neil Madden discovered that OpenJDK did not properly verify ECDSA signatures. A remote attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 17 and OpenJDK 18. It was discovered that OpenJDK incorrectly limited memory when compiling a specially crafted XPath expression. An attacker could possibly use this issue to cause a denial of service. This issue was fixed in OpenJDK 8 and OpenJDK 18. USN-5388-1 and USN-5388-2 addressed this issue in OpenJDK 11 and OpenJDK 17.
84c887787fbc010de3680aa29d38e80563065655d3f3e4aab5622447751585c1Ubuntu Security Notice 5546-2 - USN-5546-1 fixed vulnerabilities in OpenJDK. This update provides the corresponding updates for Ubuntu 16.04 ESM. Neil Madden discovered that OpenJDK did not properly verify ECDSA signatures. A remote attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 17 and OpenJDK 18.
87c3a989ef7c811d1439e85194a5e4c23b3972fb68b3f204b750638318cec97cBackdoor.Win32.Bushtrommel.122 malware suffers from an unauthenticated remote command execution vulnerability.
cf89785b492c836d6c244e6fc3290bceee66fd68edf28a7400e7d2792d8b6e34Online Admission System version 1.0 suffers from a remote SQL injection vulnerability.
9f6552806e7f79bf6438a86513e24999dcff366eebb104a253377d13284fc82eGentoo Linux Security Advisory 202208-1 - A vulnerability in lib3mf could lead to remote code execution. Versions less than 2.1.1 are affected.
fc6389bd2feac72adae0eb488ca83448d6ad549d5bacaa27328875ae4cad563aGentoo Linux Security Advisory 202208-5 - Multiple vulnerabilities have been found in Icinga Web 2, the worst of which could result in remote code execution. Versions less than 2.9.6 are affected.
4a08c63afff8eb3bfdc8a00c4537380ca8e077d51e8edd3dcfc94e6d3eee8b15Gentoo Linux Security Advisory 202208-3 - A vulnerability in Babel could result in remote code execution. Versions less than 2.9.1 are affected.
e70e2fa5fd8c9e60d94d64c386d341ca0857cec1c7c071bd4e918f701c47d519Gentoo Linux Security Advisory 202208-2 - Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. Versions less than 1.18.5 are affected.
eabceb4823bcfb7bb993cf3361829f17b94012ebb0f1f7786ada1edb6fe5b395Red Hat Security Advisory 2022-5738-01 - Red Hat Update Infrastructure offers a highly scalable, highly redundant framework that enables you to manage repositories and content. It also enables cloud providers to deliver content and updates to Red Hat Enterprise Linux instances. Issues addressed include a remote SQL injection vulnerability.
7e41a316501851fd6f3baf50dd0a4b9e4248d91642db6933d2ed534c86b736c1This Metasploit module exploits a Java deserialization vulnerability in Zoho ManageEngine Pro before 12101 and PAM360 before 5510. Unauthenticated attackers can send a crafted XML-RPC request containing malicious serialized data to /xmlrpc to gain remote command execution as the SYSTEM user.
ed156b4196a5a0b6a6fd8e554208ebb6ce6da15417fc57d837d2b7e65c35c174Multi-Language Hotel Management 2022 version 1.0 suffers from a remote SQL injection vulnerability.
0c11ae5ed3c1b7202d2009cb0d1807126f6bde6b8e241059c3663ab7153e0cf7Ubuntu Security Notice 5544-1 - It was discovered that the Atheros ath9k wireless device driver in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Felix Fu discovered that the Sun RPC implementation in the Linux kernel did not properly handle socket states, leading to a use-after-free vulnerability. A remote attacker could possibly use this to cause a denial of service or execute arbitrary code.
6ff10c40293ee5b0cacf9d5cdadbf326e0de7006c17b46a23ab455145589f987Ubuntu Security Notice 5543-1 - Yu Zhang and Nanyu Zhong discovered that Net-SNMP incorrectly handled memory operations when processing certain requests. A remote attacker could use this issue to cause Net-SNMP to crash, resulting in a denial of service, or possibly execute arbitrary code.
153417a2fbd138ed01adf8e6296b0b3124a2f4d608835e96715157fb56c53600Ubuntu Security Notice 5542-1 - It was discovered that Samba did not handle MaxQueryDuration when being used in AD DC configurations, contrary to expectations. This issue only affected Ubuntu 20.04 LTS. Luke Howard discovered that Samba incorrectly handled certain restrictions associated with changing passwords. A remote attacker being requested to change passwords could possibly use this issue to escalate privileges.
64dcd0b4e57993d8ecdb31b0a283748a7fe8d11403650392271d1261d52dc7beBackdoor.Win32.Destrukor.20 malware suffers from an unauthenticated remote command execution vulnerability.
b2929297a27431a955030b6a10960d07ffdcbdeb69b274c81b62bcbd3f78ab50NanoCMS version 0.4 suffers from an authenticated remote code execution vulnerability.
f89daed79ee49f4e3db2c1bf5807bdc8863a2487fd65d3b7f4724e51f4fe642dWebmin version 1.996 suffers from an authenticated remote code execution vulnerability.
a89c83a46baf912bad79b59cea2c4954e3ac100a48e421ae4b7e8c04fc532526
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed