On Windows, the buffer for redirected logon context does not protect against spoofing resulting in arbitrary code execution in the LSA leading to local elevation of privilege.
e5fb08a6edcf0b1b0510543eebe8a2074c96f610873eefbc81fd441dc6b36c39Ubuntu Security Notice 5475-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, spoof the browser UI, conduct cross-site scripting attacks, bypass content security policy restrictions, or execute arbitrary code.
bca38467c0fb77530533f649645a7dd5ce5d57ec086d37e4da86b8a23323098fRed Hat Security Advisory 2022-4671-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a spoofing vulnerability.
1a7182c8803733e24a2f52a38dc6173bf272d5ad45772e1226fe7c4a018efefeRed Hat Security Advisory 2022-4690-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a spoofing vulnerability.
3bfe6b3b087ca42a19201811078371538ab2936796ff2422443605c3aef038d7Red Hat Security Advisory 2022-4692-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a spoofing vulnerability.
ecf97b114c811de8b773415e31f85d2dbbd762da9a08556fc7bc868b0c83a9a5Red Hat Security Advisory 2022-4691-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a spoofing vulnerability.
6fe762e2616c6dacdada61a5ff131f5097db13088eef51a3811f2266f29dfb07Ubuntu Security Notice 5411-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, bypass permission prompts, obtain sensitive information, bypass security restrictions, or execute arbitrary code.
000f629967ca92f7e1c38fe716cc7f512431d6be87f751d10c253c7ae9867eb9Ubuntu Security Notice 5402-1 - Elison Niven discovered that OpenSSL incorrectly handled the c_rehash script. A local attacker could possibly use this issue to execute arbitrary commands when c_rehash is run. Raul Metsma discovered that OpenSSL incorrectly verified certain response signing certificates. A remote attacker could possibly use this issue to spoof certain response signing certificates. This issue only affected Ubuntu 22.04 LTS.
9f908328ff337686f5d5cffc66667d81dbd3b4ce35629e2bd3050e7444f1fd8bUbuntu Security Notice 5393-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, conduct spoofing attacks, or execute arbitrary code. It was discovered that Thunderbird ignored OpenPGP revocation when importing a revoked key in some circumstances. An attacker could potentially exploit this by tricking the user into trusting the authenticity of a message or tricking them into use a revoked key to send an encrypted message.
dfe0d7843af6c686d2aef7aa4091bcfac518f6bb06c09227a82b7e7c49217bbfUbuntu Security Notice 5370-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, execute script unexpectedly, obtain sensitive information, conduct spoofing attacks, or execute arbitrary code. A security issue was discovered with the sourceMapURL feature of devtools. An attacker could potentially exploit this to include local files that should have been inaccessible.
8aee0edbf8cdf371f11c1fa4ab225892863de31ed0f41cef4175d2f0218fdc30Ubuntu Security Notice 5321-3 - USN-5321-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, bypass security restrictions, obtain sensitive information, or execute arbitrary code. A TOCTOU bug was discovered when verifying addon signatures during install. A local attacker could potentially exploit this to trick a user into installing an addon with an invalid signature.
3d7bc90a79a0814602089234f5c04c4d39f5707208f69d54d7ec8df656aa52b2RTLO injection URI spoofing generator for WhatsApp, iMessage, Instagram, and Facebook Messenger.
8add20e505d85dfcd1125eb892d0726f12751ed7cff691329973ac7c8d3c4a25Ubuntu Security Notice 5345-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, obtain sensitive information, cause undefined behaviour, spoof the browser UI, or execute arbitrary code. It was discovered that extensions of a particular type could auto-update themselves and bypass the prompt that requests permissions. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to bypass security restrictions.
158e67eea2f1566d437c34e7e51105fbd18e6d48a7076eb1db7f2932c00300c5Apple Security Advisory 2022-03-14-2 - watchOS 8.5 addresses buffer overflow, bypass, code execution, denial of service, null pointer, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.
57f50271cc9223aeca9436ea0025dcd1dceafa1ec5f21df823af449a2865e66cUbuntu Security Notice 5321-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, bypass security restrictions, obtain sensitive information, or execute arbitrary code. A TOCTOU bug was discovered when verifying addon signatures during install. A local attacker could potentially exploit this to trick a user into installing an addon with an invalid signature.
e7217b5c453bc51005a77269f4aea90fa1b4d4491b2d065628dcf2a653d6f70eUFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using GET/POST, multi-threading, proxies, origin spoofing methods, cache evasion techniques, etc.
4d832c6c90e63867d2ed67773e1e473adf4b36bc86918c68af2360c1e8afac7dRed Hat Security Advisory 2022-0708-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include code execution, denial of service, and spoofing vulnerabilities.
f83547ba4736bf0787d355efe1d9f8bfeb8c4feba15c83208f06fc61783cd7d3Red Hat Security Advisory 2022-0582-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, HTTP response splitting, code execution, denial of service, information leakage, and spoofing vulnerabilities.
28f434c8a7e0c5a9a457c78e1d0a72539ecb56d9a3673853dd0aa3595f619edaRed Hat Security Advisory 2022-0581-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, HTTP response splitting, code execution, denial of service, information leakage, and spoofing vulnerabilities.
8bd21cf01e10e7a947db8efca057a501595b8383a816b9f497a90e17a13ebc45Red Hat Security Advisory 2022-0544-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include code execution, denial of service, and spoofing vulnerabilities.
ceb41e93f7a4f1064aec7c5b8bc73d5be2c606f6aff3d1f38923815c8a60f0aaRed Hat Security Advisory 2022-0543-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include code execution, denial of service, and spoofing vulnerabilities.
dfdba266365e044f1046b80b1a63a79d7490623a6a4906cec8a75fe7353d9087Ubuntu Security Notice 5248-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, trick a user into accepting unwanted permissions, conduct header splitting attacks, conduct spoofing attacks, bypass security restrictions, confuse the user, or execute arbitrary code.
ee94116ff4e4b3081cc98a796565452f32b9979d45115195dba7be2d4510ee9aUbuntu Security Notice 5246-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, conduct spoofing attacks, bypass security restrictions, or execute arbitrary code.
bb2e4c8ab0377f822fe6dea499ddee9a3c91b266aa305adc3d5390e4e6812690Ubuntu Security Notice 5229-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, bypass security restrictions, obtain sensitive information across domains, or execute arbitrary code.
38b8f876573318f91fabc911cbd027f8b7a4297bbedd540823dbb6f581a364fcRed Hat Security Advisory 2022-0124-04 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.5.0 ESR. Issues addressed include buffer overflow, bypass, spoofing, and use-after-free vulnerabilities.
4fc2ee9b8efa90a3da52ee95cc7f2493d45c7daa885d6f1bd9936371b4a5b0ee
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed