FreshRSS

๐Ÿ”’
โŒ Secure Planet Training Courses Updated For 2019 - Click Here
There are new available articles, click to refresh the page.
Before yesterdayVulnerabilities

Red Hat Security Advisory 2022-9071-01

Red Hat Security Advisory 2022-9071-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-9078-01

Red Hat Security Advisory 2022-9078-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-9080-01

Red Hat Security Advisory 2022-9080-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-9081-01

Red Hat Security Advisory 2022-9081-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-8893-01

Red Hat Security Advisory 2022-8893-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.20.

Red Hat Security Advisory 2022-9079-01

Red Hat Security Advisory 2022-9079-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-9072-01

Red Hat Security Advisory 2022-9072-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-9065-01

Red Hat Security Advisory 2022-9065-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-9069-01

Red Hat Security Advisory 2022-9069-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-9077-01

Red Hat Security Advisory 2022-9077-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-9067-01

Red Hat Security Advisory 2022-9067-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-9058-01

Red Hat Security Advisory 2022-9058-01 - Prometheus JMX Exporter is a JMX to Prometheus exporter: a collector that can be configured to scrape and expose MBeans of a JMX target. Issues addressed include code execution and deserialization vulnerabilities.

Red Hat Security Advisory 2022-9032-01

Red Hat Security Advisory 2022-9032-01 - This release of Red Hat build of Eclipse Vert.x 4.3.4 GA includes security updates. For more information, see the release notes listed in the References section. Issues addressed include code execution and deserialization vulnerabilities.

Ubuntu Security Notice USN-5782-1

Ubuntu Security Notice 5782-1 - It was discovered that Firefox was using an out-of-date libusrsctp library. An attacker could possibly use this library to perform a reentrancy issue on Firefox. Nika Layzell discovered that Firefox was not performing a check on paste received from cross-processes. An attacker could potentially exploit this to obtain sensitive information. Pete Freitag discovered that Firefox did not implement the unsafe-hashes CSP directive. An attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject an executable script.

Red Hat Security Advisory 2022-9047-01

Red Hat Security Advisory 2022-9047-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.

Red Hat Security Advisory 2022-9040-01

Red Hat Security Advisory 2022-9040-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.3 General Availability release images, which provide security updates, fix bugs, and update container images. Issues addressed include bypass and denial of service vulnerabilities.

Ubuntu Security Notice USN-5781-1

Ubuntu Security Notice 5781-1 - It was discovered that Emacs did not properly manage certain inputs. An attacker could possibly use this issue to execute arbitrary commands.

Debian Security Advisory 5301-1

Debian Linux Security Advisory 5301-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure.

Ubuntu Security Notice USN-5780-1

Ubuntu Security Notice 5780-1 - It was discovered that a memory leak existed in the IPv6 implementation of the Linux kernel. A local attacker could use this to cause a denial of service. It was discovered that the Bluetooth HCI implementation in the Linux kernel did not properly deallocate memory in some situations. An attacker could possibly use this cause a denial of service.

Ubuntu Security Notice USN-5779-1

Ubuntu Security Notice 5779-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Red Hat Security Advisory 2022-8761-01

Red Hat Security Advisory 2022-8761-01 - Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of Red Hat support for Spring Boot 2.7.2 serves as a replacement for Red Hat support for Spring Boot 2.5.12, and includes security, bug fixes and enhancements. For more information, see the release notes listed in the References section. Issues addressed include denial of service and deserialization vulnerabilities.

Red Hat Security Advisory 2022-9023-01

Red Hat Security Advisory 2022-9023-01 - This release of Red Hat build of Quarkus 2.13.5 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include denial of service and remote SQL injection vulnerabilities.

Red Hat Security Advisory 2022-9029-01

Red Hat Security Advisory 2022-9029-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Issues addressed include an integer overflow vulnerability.

Ubuntu Security Notice USN-5778-1

Ubuntu Security Notice 5778-1 - Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.

Red Hat Security Advisory 2022-8980-01

Red Hat Security Advisory 2022-8980-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.5.0. Issues addressed include bypass and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-8989-01

Red Hat Security Advisory 2022-8989-01 - The kpatch management tool provides a kernel patching infrastructure which allows you to patch a running kernel without rebooting or restarting any processes. Issues addressed include an out of bounds write vulnerability.

Red Hat Security Advisory 2022-8978-01

Red Hat Security Advisory 2022-8978-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.

Red Hat Security Advisory 2022-8979-01

Red Hat Security Advisory 2022-8979-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.5.0 ESR. Issues addressed include bypass and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-8977-01

Red Hat Security Advisory 2022-8977-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.

Red Hat Security Advisory 2022-8973-01

Red Hat Security Advisory 2022-8973-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, code execution, memory leak, out of bounds write, and privilege escalation vulnerabilities.

Red Hat Security Advisory 2022-8976-01

Red Hat Security Advisory 2022-8976-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Issues addressed include a denial of service vulnerability.

Ubuntu Security Notice USN-5777-1

Ubuntu Security Notice 5777-1 - It was discovered that Pillow incorrectly handled the deletion of temporary files when using a temporary directory that contains spaces. An attacker could possibly use this issue to delete arbitrary files. This issue only affected Ubuntu 20.04 LTS. It was discovered that Pillow incorrectly handled the decompression of highly compressed GIF data. An attacker could possibly use this issue to cause Pillow to crash, resulting in a denial of service.

Red Hat Security Advisory 2022-8974-01

Red Hat Security Advisory 2022-8974-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, code execution, out of bounds write, and privilege escalation vulnerabilities.

Red Hat Security Advisory 2022-8971-01

Red Hat Security Advisory 2022-8971-01 - The USBGuard software framework provides system protection against intrusive USB devices by implementing basic whitelisting and blacklisting capabilities based on device attributes. To enforce a user-defined policy, USBGuard uses the Linux kernel USB device authorization feature.

Trojan-Dropper.Win32.Decay.dxv (CyberGate v1.00.0) / Insecure Proprietary Password Encryption

Posted by malvuln on Dec 13

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/618f28253d1268132a9f10819a6947f2.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Backup media: infosec.exchange/@malvuln

Threat: Trojan-Dropper.Win32.Decay.dxv (CyberGate v1.00.0)
Vulnerability: Insecure Proprietary Password Encryption
Family: CyberGate
Type: PE32
MD5: 618f28253d1268132a9f10819a6947f2
Vuln ID:...

Re: CyberDanube Security Research 20221009-0 | Authenticated Command Injection in Intelbras WiFiber 120AC inMesh

Posted by Thomas Weber on Dec 13

CyberDanube Security Research 20221009-0
-------------------------------------------------------------------------------

ย ย ย ย ย ย ย ย ย ย ย ย ย ย  title| Authenticated Command Injection
ย ย ย ย ย ย ย ย ย ย ย ย  product| Intelbras WiFiber 120AC inMesh
ย  vulnerable version| 1.1-220216
ย ย ย ย ย ย  fixed version| 1-1-220826
ย ย ย ย ย ย ย ย ย  CVE number| CVE-2022-40005
ย ย ย ย ย ย ย ย ย ย ย ย ย  impact| High
ย ย ย ย ย ย ย ย ย ย ย ...

SEC Consult SA-20221213-0 :: Privilege Escalation Vulnerabilities (UNIX Insecure File Handling) in SAP Host Agent (saposcol)

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 13

SEC Consult Vulnerability Lab Security Advisory < 20221213-0 >
=======================================================================
title: Privilege Escalation Vulnerabilities (UNIX Insecure File
Handling)
product: SAPยฎ Host Agent (saposcol)
vulnerable version: see section "Vulnerable / tested versions"
fixed version: see SAP security note 3159736
CVE...

Vulnerabilities Disclosure - Shoplazza Stored XSS

Posted by Andrey Stoykov on Dec 13

# Exploit Title: Shoplazza 1.1 - Stored Cross Site Scripting
# Exploit Author: Andrey Stoykov
# Software Link: https://github.com/Shoplazza/LifeStyle
# Version: 1.1
# Tested on: Ubuntu 20.04

Stored XSS #1:

To reproduce do the following:

1. Login as normal user account
2. Browse "Blog Posts" -> "Manage Blogs" -> "Add Blog Post"
3. Select "Title" and enter payload...

Red Hat Security Advisory 2022-8941-01

Red Hat Security Advisory 2022-8941-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include an out of bounds write vulnerability.

Red Hat Security Advisory 2022-8958-01

Red Hat Security Advisory 2022-8958-01 - The Byte Code Engineering Library is intended to give users a convenient way to analyze, create, and manipulate Java class files.

Red Hat Security Advisory 2022-8961-01

Red Hat Security Advisory 2022-8961-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.1 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes the security fixes listed below. Issues addressed include a traversal vulnerability.

Red Hat Security Advisory 2022-8959-01

Red Hat Security Advisory 2022-8959-01 - The Byte Code Engineering Library is intended to give users a convenient way to analyze, create, and manipulate Java class files.

Red Hat Security Advisory 2022-8965-01

Red Hat Security Advisory 2022-8965-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.1 serves as a replacement for Red Hat Single Sign-On 7.6.1. Issues addressed include a traversal vulnerability.

Red Hat Security Advisory 2022-8940-01

Red Hat Security Advisory 2022-8940-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an out of bounds write vulnerability.

Red Hat Security Advisory 2022-8963-01

Red Hat Security Advisory 2022-8963-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.1 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes the security fixes listed below. Issues addressed include a traversal vulnerability.

Red Hat Security Advisory 2022-8964-01

Red Hat Security Advisory 2022-8964-01 - The rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator operator has been updated for RHEL-8 based Middleware Containers to address the following security issues. Issues addressed include a traversal vulnerability.

Red Hat Security Advisory 2022-8957-01

Red Hat Security Advisory 2022-8957-01 - This release of Red Hat build of Quarkus 2.7.6.SP3 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include a deserialization vulnerability.

Red Hat Security Advisory 2022-8962-01

Red Hat Security Advisory 2022-8962-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.1 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes the security fixes listed below. Issues addressed include a traversal vulnerability.

Ubuntu Security Notice USN-5776-1

Ubuntu Security Notice 5776-1 - It was discovered that containerd incorrectly handled memory when receiving certain faulty Exec or ExecSync commands. A remote attacker could possibly use this issue to cause a denial of service or crash containerd. It was discovered that containerd incorrectly set up inheritable file capabilities. An attacker could possibly use this issue to escalate privileges inside a container. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

Red Hat Security Advisory 2022-8938-01

Red Hat Security Advisory 2022-8938-01 - Version 1.26.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, and 4.11. This release includes security and bug fixes, and enhancements.

Ubuntu Security Notice USN-5775-1

Ubuntu Security Notice 5775-1 - It was discovered that Vim uses freed memory in recursive substitution of specially crafted patterns. An attacker could possibly use this to crash Vim and cause denial of service. It was discovered that Vim makes illegal memory calls when patterns start with an illegal byte. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. It was discovered that Vim could be made to crash when parsing invalid line numbers. An attacker could possibly use this to crash Vim and cause denial of service.

Red Hat Security Advisory 2022-8915-01

Red Hat Security Advisory 2022-8915-01 - The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System.

Red Hat Security Advisory 2022-8932-01

Red Hat Security Advisory 2022-8932-01 - Red Hat OpenShift Serverless Client kn 1.26.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.26.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.

Debian Security Advisory 5300-1

Debian Linux Security Advisory 5300-1 - Multiple security issues were discovered in pngcheck, a tool to verify the integrity of PNG, JNG and MNG files, which could potentially result in the execution of arbitrary code.

Ubuntu Security Notice USN-5774-1

Ubuntu Security Notice 5774-1 - Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the instruction emulator of the Linux kernel on Arm 64-bit systems. A local attacker could use this to cause a denial of service.

Red Hat Security Advisory 2022-8917-01

Red Hat Security Advisory 2022-8917-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.1 serves as a replacement for Red Hat JBoss Web Server 5.7.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2022-8913-01

Red Hat Security Advisory 2022-8913-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.1 serves as a replacement for Red Hat JBoss Web Server 5.7.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a code execution vulnerability.

Ubuntu Security Notice USN-5773-1

Ubuntu Security Notice 5773-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5754-2

Ubuntu Security Notice 5754-2 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a memory leak existed in the IPv6 implementation of the Linux kernel. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-5756-3

Ubuntu Security Notice 5756-3 - Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a memory leak existed in the IPv6 implementation of the Linux kernel. A local attacker could use this to cause a denial of service.
โŒ