Red Hat Security Advisory 2022-4867-01 - Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.
8684c1628610a6eac0f276cb213a143f4400fbf8cf1b1d6a404390f1416c96beComma devices running Openpilot suffered from an insecure configuration when SSH is enabled where the private key is publicly known. Additional security hardening improvements have also been made in recent releases to address other concerns as well.
97e4a789717fe1480fe02588feff13555897da5c681197fa1c988ec56942dcffUbuntu Security Notice 5456-1 - It was discovered that ImageMagick incorrectly handled memory under certain circumstances. If a user were tricked into opening a specially crafted image, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact.
c5ee5376271435f7996a5e34a35e688ee4b478589a30df03b3f2372881a59c6eGtkRadiant version 1.6.6 suffers from a buffer overflow vulnerability.
14f9015f9b6fd0206b68903bbe51b7ceaf2ff6f2d18427ab50c01e183f4465a8This archive contains all of the 142 exploits added to Packet Storm in May, 2022.
4cfc964188d16d4261475b9022169b0e9e9bdc05c5b81a3d5577f25e0b58d0fcUbuntu Security Notice 5457-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
4153e8a485e0234b39752d64b97e73d5006aaa1bf37524710ec5361f026bd819Red Hat Security Advisory 2022-4863-01 - OpenShift Serverless version 1.22.1 contains a moderate security impact.
dda02360413f1824abefb4a0bce3718b9ecc6ba04a0192343b6453bd7257ab9clibxml2 is vulnerable to a heap buffer overflow when xmlBufAdd is called on a very large buffer.
2e836bc71a5f639b38695645fac3e6f8cf11af986d63af75240bf0a926a562f1The BN_mod_sqrt() function in OpenSSL versions 1.0.2, 1.1.1, and 3.0, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli.
b8c560eda5504347f10dd0a9166545d0f6d2637eb9ca4cc2944f2c46e26d7f2bUbuntu Security Notice 5443-2 - Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code. Jann Horn discovered that the Linux kernel did not properly enforce seccomp restrictions in some situations. A local attacker could use this to bypass intended seccomp sandbox restrictions.
d9db3c4379a58440851b2d6e71caae3d47d27c20b77c8e1811ef18f4fc1efaf6Ubuntu Security Notice 5451-1 - Ilya Averyanov discovered that an InfluxDB vulnerability allowed attackers to bypass authentication and gain access to any known database user.
98658b65a03cdd73f41af4c537379fbec47478ef02749d914b625cc5c92e8af4Avantune Genialcloud ProJ version 10 suffers from a cross site scripting vulnerability.
7a0d3b9dfd4b8e8ad8e6da668090859f7b1f76c4079023524c8bc929d6e1982fRed Hat Security Advisory 2022-4860-01 - The Red Hat OpenShift Serverless Client kn 1.22.1 provides a CLI to interact with Red Hat OpenShift Serverless 1.22.1. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.
4dddff7eb2426ea7c9820f7d68e0203dd4ed7424aba5590da590fc22e21b0df7Real Player versions 16.0.3.51, Cloud 17.0.9.17, and 20.0.7.309 suffer from a DCP:// URI remote code execution vulnerability.
8a359aeb74dfcb0d2cdf2b2a15aeb57867b10d99cfa4221cac03bafb5f4b59b9Ubuntu Security Notice 5454-2 - USN-5454-1 fixed several vulnerabilities in CUPS. This update provides the corresponding update for Ubuntu 16.04 ESM. Joshua Mason discovered that CUPS incorrectly handled the secret key used to access the administrative web interface. A remote attacker could possibly use this issue to open a session as an administrator and execute arbitrary code.
0122140907f14a83c3d9ef275788cda2f2fbd630569ec8538dafa3fc05a95d69Real Player versions 16.00.282, 16.0.3.51, Cloud 17.0.9.17, and 20.0.7.309 suffer from external::Import() arbitrary file download and directory traversal vulnerabilities that lead to remote code execution.
7a753f92d50706bc1d9f139def6113809aaadcafbfbef5cdd27e58334d230325The G2 Control component in Real Player version 20.0.8.310 suffer from remote code execution vulnerability.
2438a58c4359d3d36d6496e285234087a41157c56bb4df448e56f6cbb9ebd664Ubuntu Security Notice 5442-2 - Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code. Bing-Jhong Billy Jheng discovered that the io_uring subsystem in the Linux kernel contained in integer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code.
5632e668ad026b3cc2fecc2e4439dd6df764ced86921dd64641d8fd7bcfcf72cRed Hat Security Advisory 2022-4845-01 - The zlib packages provide a general-purpose lossless data compression library that is used by many different programs.
5a7995f89c7f2522c45709b80793aa2944aa74fb78397f2ac132ef03ab31d4cc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed