Red Hat Security Advisory 2022-0565-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.55. Issues addressed include a cross site request forgery vulnerability.
a77a27376cdeeede8e164e59332a079d3653b7b5e6c8434a66fd7fd583febb5d
Red Hat Security Advisory 2022-0672-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability.
75b83c280fe30dd26b2d514ba311d51c918989f7bf0b43fc25fb89e588c8f1f0
This Metasploit module allows remote attackers to execute arbitrary code on Exchange Server 2019 CU10 prior to Security Update 3, Exchange Server 2019 CU11 prior to Security Update 2, Exchange Server 2016 CU21 prior to Security Update 3, and Exchange Server 2016 CU22 prior to Security Update 2. Note that authentication is required to exploit this vulnerability. The specific flaw exists due to the fact that the deny list for the ChainedSerializationBinder had a typo whereby an entry was typo'd as System.Security.ClaimsPrincipal instead of the proper value of System.Security.Claims.ClaimsPrincipal. By leveraging this vulnerability, attacks can bypass the ChainedSerializationBinder's deserialization deny list and execute code as NT AUTHORITY\SYSTEM. Tested against Exchange Server 2019 CU11 SU0 on Windows Server 2019, and Exchange Server 2016 CU22 SU0 on Windows Server 2016.
12eb99965a3f9b7bfde5c2c3d85628bf4f85bbe42475b654e2c35b7e33a8ccaa
Red Hat Security Advisory 2022-0665-01 - The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Issues addressed include a buffer over-read vulnerability.
30a40458f5e8f2144068d42968899f4d706efe71abb367d0f59cada140c422b5
Bank Management System version 1.0 suffers from a remote SQL injection vulnerability.
bb3fa2ada8dbb10e11f109d1e2eac74158f420d5db6279f49d675faf7e0c1040
Red Hat Security Advisory 2022-0669-01 - The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Issues addressed include a buffer over-read vulnerability.
d76b5bc5053822e21cf3d8c58b4ea3c6473c57da55a8e22f364e5f62e7fc8f79
Red Hat Security Advisory 2022-0666-01 - The cyrus-sasl packages contain the Cyrus implementation of Simple Authentication and Security Layer. SASL is a method for adding authentication support to connection-based protocols.
95dbedfb31ab478d75fd196d8c96e6aaea3383b38893a87766ecfdae1ea3a8ca
WordPress Photoswipe Masonry Gallery plugin version 1.2.14 suffers from a persistent cross site scripting vulnerability.
15996cc31605f93925a67eef5bab187429b2569dcdbb41553596502d78575f90
Red Hat Security Advisory 2022-0555-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a cross site request forgery vulnerability.
04b518ab641e93f4535bdfd079f2eae5c76ff1632cf6da61dd6e81f2900b8304
Technitium Installer version 4.4 suffers from a dll hijacking vulnerability.
0e6484ed861f014968126a0f09091025cbefed6941d943a6fd29af9e7f51a890
Red Hat Security Advisory 2022-0668-01 - The cyrus-sasl packages contain the Cyrus implementation of Simple Authentication and Security Layer. SASL is a method for adding authentication support to connection-based protocols.
e0855dbe4f7074b4b32b749a55fc1193ec694d72f7ff294796c487c89cfd5991
Red Hat Security Advisory 2022-0667-01 - The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Issues addressed include a buffer over-read vulnerability.
dd8e0e821c9152d338037751995124bc5afa10bc5d5f918b752baac6460d2cbf
Dahua ToolBox version 1.010.0000000.0 suffers from a dll hijacking vulnerability.
13b6d80a27771213e1631636b6d01816a483271a35a812cf8beee915dd96e152
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
14e0915c5ade0f452ed74540b6e34a54e94e728680e3f09293dde36bfc98c6a8
Ubuntu Security Notice 5292-4 - USN-5292-1 fixed a vulnerability in snapd. Unfortunately that update introduced a regression that could break the fish shell. This update fixes the problem. James Troup discovered that snap did not properly manage the permissions for the snap directories. A local attacker could possibly use this issue to expose sensitive information. Ian Johnson discovered that snapd did not properly validate content interfaces and layout paths. A local attacker could possibly use this issue to inject arbitrary AppArmor policy rules, resulting in a bypass of intended access restrictions. The Qualys Research Team discovered that snapd did not properly validate the location of the snap-confine binary. A local attacker could possibly use this issue to execute other arbitrary binaries and escalate privileges. The Qualys Research Team discovered that a race condition existed in the snapd snap-confine binary when preparing a private mount namespace for a snap. A local attacker could possibly use this issue to escalate privileges and execute arbitrary code.
169abf80da0290c7a605e413fa2b7a41d8a2c57ded0ed852147dda380b2de9a5
Red Hat Security Advisory 2022-0663-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Issues addressed include a code execution vulnerability.
24dda6271dda80c5868174e0e36df55396478a74dc320200b6051d3e05894fea
Red Hat Security Advisory 2022-0664-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Issues addressed include a code execution vulnerability.
9b25509fe631ffce124b1c6daf151996ea9dae6960cdb31b554da6529fc46fb4
Red Hat Security Advisory 2022-0561-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.22.
0e7af326f0f271460b04fc1779109d6262a541fffb8de50ba313da361668f52e
Red Hat Security Advisory 2022-0557-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
2e91b3452fdbc421c55f50de8a4dcf470d0a33611a06ac8632dffe83b77b8e6a
Red Hat Security Advisory 2022-0658-01 - The cyrus-sasl packages contain the Cyrus implementation of Simple Authentication and Security Layer. SASL is a method for adding authentication support to connection-based protocols.
1f899de6f90fec4d374d03cac15ac5ef7c78f7d8a99a66268ae66792e4a631e7
Red Hat Security Advisory 2022-0661-01 - This release of Red Hat Fuse 7.10.1 serves as a replacement for Red Hat Fuse 7.10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.
f479c300fc79084c051684b2216b5a70471bf4d2ef7a53e18336b4968c31b24c
Simple Mobile Comparison Website version 1.0 suffers from a remote SQL injection vulnerability.
695bf39dcd0d3744026fcb148bfc24bfa5cf5578621d80e3431287638536eca1
VMware Security Advisory 2022-0006 - VMware Workspace ONE Boxer update addresses a persistent cross site scripting vulnerability.
5a32a12f1a08cf58e9548b3c22be85570f889ee77785c88393248b2b7f9be9fb
Wondershare MirrorGo version 2.0.11.346 suffers from an insecure permissions vulnerability.
7c357903c71131608d611e554bd946d3f3f155a0d469502402e051e43742df02
Ubuntu Security Notice 5300-1 - It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly obtain sensitive information. It was discovered that PHP incorrectly handled certain scripts with XML parsing functions. An attacker could possibly use this issue to obtain sensitive information.
a3c43189a77d959782469e503170048c773cfe62638b7e5096d7604ac94e195c