Red Hat Security Advisory 2022-4721-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a privilege escalation vulnerability.
f9883ad9e6150312c7d527e96bb91bb7ce44824d08863a8198dceed0db83ab06
Ubuntu Security Notice 5439-1 - Gunnar Hjalmarsson discovered that AccountsService incorrectly dropped privileges. A local user could possibly use this issue to cause AccountsService to crash or stop responding, resulting in a denial of service.
1ba0fe6423f2322fb60ea715427b119088fa6ff3ecaa64132a2f82d29d96f2c1
Ubuntu Security Notice 5440-1 - Alexander Lakhin discovered that PostgreSQL incorrectly handled the security restricted operation sandbox when a privileged user is maintaining another user's objects. An attacker having permission to create non-temp objects can use this issue to execute arbitrary commands as the superuser.
afb7ac8dfa18021533dd1fe40974a4cd36cb7516b0d83f7e79b332743aa4ed7d
Ubuntu Security Notice 5438-1 - It was discovered that HTMLDOC did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted HTML file, a remote attacker could possibly use this issue to cause HTMLDOC to crash, resulting in a denial of service, or possibly execute arbitrary code.
542453ced915ebb7602fcd08f1d0bbe3e3d2bc6543e84431afac96174abfa1a1
Ubuntu Security Notice 5437-1 - Tobias Stoeckmann discovered that libXfixes incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.
28b2613b268b5b81a61688ca5923bfc41d7ddbec6de35cfcc7df9010f9b66488
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
525f2ad3267f130b81296b3dd24102fdcf2adf098d54272da4e1be4abd87df04
Ubuntu Security Notice 5436-1 - Tobias Stoeckmann discovered that libXrender incorrectly handled certain responses. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.
a68c328472176a9f2ce8d1148dfe8b7097f7b70356d0bf7472a3922ab24f6102
Online Fire Reporting System version 1.0 suffers from a remote SQL injection vulnerability.
b1c3fcc5f6290ffd9b90335d1c772770c479498cbb069b16a94b8cc5ac381565
Red Hat Security Advisory 2022-4717-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a privilege escalation vulnerability.
2702dee3e48d7005b19141b7d3fdd594630111f42423104e4165fc167a60f8c0
Ubuntu Security Notice 5434-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass permission prompts, obtain sensitive information, bypass security restrictions, cause user confusion, or execute arbitrary code. It was discovered that Thunderbird would show the wrong security status after viewing an attached message that is signed or encrypted. An attacker could potentially exploit this by tricking the user into trusting the authenticity of a message.
237c5eb4eb47add7437e7b310f6d5827e420d60072cbc15d8576433f3ae3affe
Ubuntu Security Notice 5435-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass permission prompts, obtain sensitive information, bypass security restrictions, cause user confusion, or execute arbitrary code. It was discovered that Thunderbird would show the wrong security status after viewing an attached message that is signed or encrypted. An attacker could potentially exploit this by tricking the user into trusting the authenticity of a message.
237c5eb4eb47add7437e7b310f6d5827e420d60072cbc15d8576433f3ae3affe
Deliverance is a file descriptor fuzzer written in bash. It injects random data into file descriptors of pids associated with a process until the program crashes, then outputs the results of what caused the crash. It leaves behind files that were used as input for the last 2 minutes before the fault, useful for reproduction.
b2d5c61d25c3596775232700731b3c52f39be5ff2131841bfe8f930ed516e6e3
Red Hat Security Advisory 2022-4722-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes.
6b4f58a2af0980c8b72c69fb6b72f48a811e77f61b19f7175bd3f6c8cac99b00
Ubuntu Security Notice 5434-1 - It was discovered that the methods of an Array object could be corrupted as a result of prototype pollution by sending a message to the parent process. If a user were tricked into opening a specially crafted website, an attacker could exploit this to execute JavaScript in a privileged context.
5c1a6337e78a42d03169f0ba88e8c5ab3edef10a831fc2af55998839be62848f
Ubuntu Security Notice 5433-1 - It was discovered that Vim incorrectly handled parsing of filenames in its search functionality. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service. It was discovered that Vim incorrectly handled memory when opening and searching the contents of certain files. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges.
8b8300d57f240b901a3f654950e0c539f204e144869f668c8135608a5cde9f4f
Red Hat Security Advisory 2022-4699-01 - The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven. Issues addressed include a code execution vulnerability.
3398978f8c32415ee9443ab2197b63a37808ca5ed5f997fae73573d5b75dff6d
CLink Office version 2.0 anti-spam management console suffers from a remote SQL injection vulnerability.
9676058a709b31daa10982fa1a10ec1523f7cda27a0244b0cd46de826a9d9647
This is a small tool written to help decrypt encrypted TP-Link backups.
6dfd1b159b4562812a1078e17fd4ac9732d0d63aa702172f555e54c1cfb902a8
This report describes a vulnerability chain that enables a malicious user to compromise another user over Zoom chat. User interaction is not required for a successful attack. The only ability an attacker needs is to be able to send messages to the victim over Zoom chat over XMPP protocol. Initial vulnerability (labeled XMPP Stanza Smuggling) abuses parsing inconsistencies between XML parsers on Zoom's client and server in order to be able to "smuggle" arbitrary XMPP stanzas to the victim client. From there, by sending a specially crafted control stanza, the attacker can force the victim client to connect to a malicious server, thus turning this primitive into a man-in-the-middle attack. Finally, by intercepting/modifying client update requests/responses, the victim client downloads and executes a malicious update, resulting in arbitrary code execution. A client downgrade attack is utilized to bypass signature check on the update installer. This attack has been demonstrated against the latest (5.9.3) client running on Windows 64-bit, however some or all parts of the chain are likely applicable to other platforms.
c5835f3651ef4f351fdd27038787c6bd633712398f3562132cf3224e2a0a5e16