Ubuntu Security Notice 5374-1 - It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to expose sensitive information.
0d4f3575b87fe0c1a853cb7b11a12c9dc828bce0d0b34bf38a43c7aede12654c
Red Hat Security Advisory 2022-1306-01 - A security update to Red Hat Integration Camel Extensions for Quarkus 2.2.1 is now available. Issues addressed include a remote code execution vulnerability.
c3c5d0930ccc1fe38ee5366563b5d922321b3645300f06dfcd16a55e0f841566
The user profile service, identified as ProfSrv, is vulnerable to a local privilege elevation vulnerability in its CreateDirectoryJunction() function due to a lack of appropriate checks on the directory structure of the junctions it tries to link together. Attackers can leverage this vulnerability to plant a malicious DLL in a system directory and then trigger a UAC prompt to cause this DLL to be loaded and executed by ProfSrv as the NT AUTHORITY\SYSTEM user. Note that this bug was originally identified as CVE-2021-34484 and was subsequently patched a second time as CVE-2022-21919, however both patches were found to be insufficient. This bug is a patch bypass for CVE-2022-21919 and at the time of publishing, has not yet been patched, though plans are in place to patch it as CVE-2022-26904.
d30eae074af8b00dd694a057dd1c7a07694de0851d5e48da9ee462ed23d2a3ce
Ubuntu Security Notice 5373-2 - USN-5373-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that Django incorrectly handled certain certain column aliases in the QuerySet.annotate, aggregate, and extra methods. A remote attacker could possibly use this issue to perform an SQL injection attack.
2d0ada8dcc7b8cd95184a6cb883e28067fd48b7855c636b3d44e3bc4d67ac669
haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.
b835fa02b52ee7d06276e028571cadcb14d08f5e5a4b5767adf81451f70561c7
Red Hat Security Advisory 2022-1305-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.8.0. Issues addressed include denial of service, out of bounds write, and use-after-free vulnerabilities.
a391422e9bea70842e432e4e26b4c839e51f0526da5c0637398cbc285780b1c1
This is a small document that provides a cheat sheet for use of Ansible during penetration testing and red teaming activities.
0c12a80286493aa8bd0c790357f229f5d0169bc51d3a6f38387aea2b27d0ce5d
Ubuntu Security Notice 5373-1 - It was discovered that Django incorrectly handled certain certain column aliases in the QuerySet.annotate, aggregate, and extra methods. A remote attacker could possibly use this issue to perform an SQL injection attack. It was discovered that Django incorrectly handled certain option names in the QuerySet.explain method. A remote attacker could possibly use this issue to perform an SQL injection attack. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 21.10.
83b3874a7e07bf1426c94457033cfdda1d9ad9d05c7d7c13567c8466dda3e2b5
Red Hat Security Advisory 2022-1301-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.8.0. Issues addressed include denial of service, out of bounds write, and use-after-free vulnerabilities.
2fa591380f12d1c005495a0fdba76afc32625f3ba8d6e492de9f1632cec22956
Razer Sila versions 2.0.441_api through 2.0.418 suffer from a command injection vulnerability.
8d4dce671307b0506af35d07cd539a18cb3de819355fd82c5a8446f004bff643
Razer Sila versions 2.0.441_api through 2.0.418 suffer from a local file inclusion vulnerability.
6363e3e4801fa8c1578d66fb8a359d85cf16f7ebcee3a51f79ee9dadf54e6098
Red Hat Security Advisory 2022-1303-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.8.0. Issues addressed include denial of service, out of bounds write, and use-after-free vulnerabilities.
fbcbe2a187ffb5d294d0f095e2d7ba9a3587a2765ce5cc5a4894871465a46d99
Red Hat Security Advisory 2022-1302-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.8.0. Issues addressed include denial of service, out of bounds write, and use-after-free vulnerabilities.
839065cd2c1cd3d58db4a10f20c2f884f19d2e9514c687f85b804f663847868d
WordPress Anti-Malware Security and Brute-Force Firewall plugin versions prior to 4.20.96 suffer from a cross site scripting vulnerability.
15deb4bb3fa3074a878f4ff2971d4437fe72194ad2e849ace53c61818887db29
WordPress LayerSlider versions prior to 7.1.2 suffer from a persistent cross site scripting vulnerability.
233ee8cdcefede58dd027f8be9e66aa49dc17875ea99ad481954f410e434deb8
Ubuntu Security Notice 5331-2 - USN-5331-1 fixed several vulnerabilities in tcpdump. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that tcpdump incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.
38b46a173218a86068577a31a1c94662185b8daf7a603f126f70a1f8cb5f6b6f
Red Hat Security Advisory 2022-1296-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3 and includes bug fixes and enhancements. Issues addressed include code execution, denial of service, deserialization, and remote SQL injection vulnerabilities.
1de26c3c6ecdff823b58463236c3fe59d86abca7b36687d8db235b7714dca37d
Red Hat Security Advisory 2022-1297-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3 and includes bug fixes and enhancements. Issues addressed include code execution, denial of service, deserialization, and remote SQL injection vulnerabilities.
58a7101151b88b40315fc79b2d43c72de0330ccf0217461528bae2197e6d2d95
Telesquare TLR-2855KS6 suffers from an arbitrary file deletion vulnerability.
c4ecdd376217b87a01721109712a5b118e9f13a405929fe785250ecb485166b8
Telesquare TLR-2855KS6 suffers from an arbitrary file creation vulnerability.
51830bffb637cef49bdb853322fff457da3ba1d9f08243e590d0df94378971fa
Red Hat Security Advisory 2022-1299-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3 and includes bug fixes and enhancements. Issues addressed include code execution, denial of service, deserialization, and remote SQL injection vulnerabilities.
38ef3cdf417ff2fa4436ce0f5afd1722d4b504dcfab834e960434daca0289dc1
Red Hat Security Advisory 2022-1291-01 - Red Hat OpenShift Serverless Client kn 1.21.1 provides a CLI to interact with Red Hat OpenShift Serverless 1.21.1. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. Issues addressed include a code execution vulnerability.
9feef76368da978f68221f391059ead0c6b9074e5810adbb913303328d782a09
Franklin Fueling Systems Colibri Controller Module version 1.8.19.8580 suffers from a local file inclusion vulnerability.
f45a40ee7fe8f2f856deb113c48a0f102823cf6b887757553709163f470b6fe5
SAM SUNNY TRIPOWER version 5.0 suffers from an insecure direct object reference vulnerability.
ff1ca49edf9be89972d8549fdf9a5476f59811a6d9f46d080ce2d1f75b24dd15
Red Hat Security Advisory 2022-1162-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.8.
8fabdc807fb62a2f0d6520e1707c9dcc4a3f0e6f01c55c6e9434731ebd5c6461