Debian Security Advisory 5260-1

Debian Linux Security Advisory 5260-1 - Igor Ponomarev discovered that LAVA, a continuous integration system for deploying operating systems onto physical and virtual hardware for running tests, used exec() on input passed to the server component.

Red Hat Security Advisory 2022-7077-01

Red Hat Security Advisory 2022-7077-01 - Updated CVE security packages are now available for Red Hat Certificate System 9.7.

Debian Security Advisory 5257-2

Debian Linux Security Advisory 5257-2 - The security update announced as DSA 5257-1 caused regressions on certain systems using the amdgpu driver. Updated packages are now available to correct this issue.

Red Hat Security Advisory 2022-7070-01

Red Hat Security Advisory 2022-7070-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.4.0 ESR. Issues addressed include a denial of service vulnerability.

Ubuntu Security Notice USN-5695-1

Ubuntu Security Notice 5695-1 - It was discovered that the SUNRPC RDMA protocol implementation in the Linux kernel did not properly calculate the header size of a RPC message payload. A local attacker could use this to expose sensitive information. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.

Red Hat Security Advisory 2022-7069-01

Red Hat Security Advisory 2022-7069-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.4.0 ESR. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-7071-01

Red Hat Security Advisory 2022-7071-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.4.0 ESR. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-7051-01

Red Hat Security Advisory 2022-7051-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for Windows serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include buffer overflow and randomization vulnerabilities.

Red Hat Security Advisory 2022-7007-01

Red Hat Security Advisory 2022-7007-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a randomization vulnerability.

Red Hat Security Advisory 2022-7050-01

Red Hat Security Advisory 2022-7050-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for portable Linux serves as a replacement for Red Hat build of OpenJDK 8 and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a randomization vulnerability.

Red Hat Security Advisory 2022-7072-01

Red Hat Security Advisory 2022-7072-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.4.0 ESR. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-7066-01

Red Hat Security Advisory 2022-7066-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.4.0 ESR. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-7068-01

Red Hat Security Advisory 2022-7068-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.4.0 ESR. Issues addressed include a denial of service vulnerability.

Ubuntu Security Notice USN-5694-1

Ubuntu Security Notice 5694-1 - It was discovered that LibreOffice incorrectly handled links using the Office URI Schemes. If a user were tricked into opening a specially crafted document, a remote attacker could use this issue to execute arbitrary scripts. Thomas Florian discovered that LibreOffice incorrectly handled crashes when an encrypted document is open. If the document is recovered upon restarting LibreOffice, subsequent saves of the document were unencrypted. This issue only affected Ubuntu 18.04 LTS.

Red Hat Security Advisory 2022-6999-01

Red Hat Security Advisory 2022-6999-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.

Red Hat Security Advisory 2022-7049-01

Red Hat Security Advisory 2022-7049-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for Windows serves as a replacement for the Red Hat build of OpenJDK 8 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a randomization vulnerability.

OpenStack Horizon Missing Validation

OpenStack Horizon fails to validate the token provided during a SAML request allowing an attacker to forge a REFERER for redirection.

Red Hat Security Advisory 2022-7053-01

Red Hat Security Advisory 2022-7053-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include buffer overflow and randomization vulnerabilities.

Red Hat Security Advisory 2022-7054-01

Red Hat Security Advisory 2022-7054-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include buffer overflow and randomization vulnerabilities.

Red Hat Security Advisory 2022-7052-01

Red Hat Security Advisory 2022-7052-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for Windows serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include buffer overflow and randomization vulnerabilities.

Red Hat Security Advisory 2022-7013-01

Red Hat Security Advisory 2022-7013-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.

Vicidial v2.14-783a - Multiple XSS Web Vulnerabilities

Posted by info () vulnerability-lab com on Oct 20

Document Title:
===============
Vicidial v2.14-783a - Multiple XSS Web Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2311

Release Date:
=============
2022-10-11

Vulnerability Laboratory ID (VL-ID):
====================================
2311

Common Vulnerability Scoring System:
====================================
5.2

Vulnerability Class:
====================
Cross Site Scripting...

RRX IOB LP v1.0 - DNS Cache Snooping Vulnerability

Posted by info () vulnerability-lab com on Oct 20

Document Title:
===============
RRX IOB LP v1.0 - DNS Cache Snooping Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2261

Article:https://www.vulnerability-db.com/?q=articles/2022/10/11/rhein-ruhr-express-rrx-dns-cache-snooping-vulnerability-wifi-hotspot

Release Date:
=============
2022-10-11

Vulnerability Laboratory ID (VL-ID):
====================================
2261

Common...

WiFi File Transfer v1.0.8 - Cross Site Scripting Vulnerabilities

Posted by info () vulnerability-lab com on Oct 20

Document Title:
===============
WiFi File Transfer v1.0.8 - Cross Site Scripting Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2322

Release Date:
=============
2022-10-17

Vulnerability Laboratory ID (VL-ID):
====================================
2322

Common Vulnerability Scoring System:
====================================
5.6

Vulnerability Class:
====================
Cross Site...

Stripe Green Downloads 2.03 - Cross Site Scripting Web Vulnerability

Posted by info () vulnerability-lab com on Oct 20

Document Title:
===============
Stripe Green Downloads 2.03 - Cross Site Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2287

Release Date:
=============
2022-10-17

Vulnerability Laboratory ID (VL-ID):
====================================
2287

Common Vulnerability Scoring System:
====================================
5.2

Vulnerability Class:
====================
Cross Site...

MapTool v1.11.5 - Cross Site Scripting Vulnerabilities

Posted by info () vulnerability-lab com on Oct 20

Document Title:
===============
MapTool v1.11.5 - Cross Site Scripting Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2319

Release Date:
=============
2022-10-11

Vulnerability Laboratory ID (VL-ID):
====================================
2319

Common Vulnerability Scoring System:
====================================
5.6

Vulnerability Class:
====================
Cross Site Scripting...

Webile v1.0.1 - Directory Traversal Web Vulnerability

Posted by info () vulnerability-lab com on Oct 20

Document Title:
===============
Webile v1.0.1 - Directory Traversal Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2320

Release Date:
=============
2022-10-10

Vulnerability Laboratory ID (VL-ID):
====================================
2320

Common Vulnerability Scoring System:
====================================
7.3

Vulnerability Class:
====================
Directory- or...

MapTool v1.11.5 - Denial of Service Vulnerability

Posted by info () vulnerability-lab com on Oct 20

Document Title:
===============
MapTool v1.11.5 - Denial of Service Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2318

Release Date:
=============
2022-10-10

Vulnerability Laboratory ID (VL-ID):
====================================
2318

Common Vulnerability Scoring System:
====================================
5.7

Vulnerability Class:
====================
Denial of Service...

Knap (APL) v3.1.3 - Persistent Cross Site Vulnerability

Posted by info () vulnerability-lab com on Oct 20

Document Title:
===============
Knap (APL) v3.1.3 - Persistent Cross Site Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2307

Release Date:
=============
2022-10-10

Vulnerability Laboratory ID (VL-ID):
====================================
2307

Common Vulnerability Scoring System:
====================================
5.7

Vulnerability Class:
====================
Cross Site...

Backdoor.Win32.Redkod.d / Weak Hardcoded Credentials

Posted by malvuln on Oct 20

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/bb309bdd071d5733efefe940a89fcbe8.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Redkod.d
Vulnerability: Weak Hardcoded Credentials
Description: The malware listens on TCP port 4820. Authentication is
required, however the password "redkod" is weak and hardcoded in cleartext
within the PE...

OpenStack Horizon, it is posible to trigger a POST Request to any address

Posted by Sven Anders on Oct 20

Hi,

we opened a bug at OpenStack, 3 month ago, but nobody takes care about it. Due
to the OpenStack guidlines the bug report is now public readable.

https://bugs.launchpad.net/horizon/+bug/1980349

I am not a security expert and do not know how bad this bug is, there is now
CVE and so on. Please be kind.

# Description of the bug

We use OpenStack horizon in the following version: `git+https://opendev.org/...

Red Hat Security Advisory 2022-7003-01

Red Hat Security Advisory 2022-7003-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a randomization vulnerability.

Red Hat Security Advisory 2022-7008-01

Red Hat Security Advisory 2022-7008-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.

Red Hat Security Advisory 2022-7005-01

Red Hat Security Advisory 2022-7005-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a randomization vulnerability.

Red Hat Security Advisory 2022-7006-01

Red Hat Security Advisory 2022-7006-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a randomization vulnerability.

Debian Security Advisory 5258-1

Debian Linux Security Advisory 5258-1 - Several vulnerabilities were discovered in Squid, a fully featured web proxy cache, which could result in exposure of sensitive information in the cache manager (CVE-2022-41317), or denial of service or information disclosure if Squid is configured to negotiate authentication with the SSPI and SMB authentication helpers (CVE-2022-41318).

Ubuntu Security Notice USN-5688-1

Ubuntu Security Notice 5688-1 - It was discovered that an integer overflow could be triggered in Libksba when decoding certain data. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code.

Red Hat Security Advisory 2022-7024-01

Red Hat Security Advisory 2022-7024-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-7020-01

Red Hat Security Advisory 2022-7020-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-7019-01

Red Hat Security Advisory 2022-7019-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-7023-01

Red Hat Security Advisory 2022-7023-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Issues addressed include a use-after-free vulnerability.

Debian Security Advisory 5257-1

Debian Linux Security Advisory 5257-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

Red Hat Security Advisory 2022-7021-01

Red Hat Security Advisory 2022-7021-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Issues addressed include a use-after-free vulnerability.

Ubuntu Security Notice USN-5687-1

Ubuntu Security Notice 5687-1 - It was discovered that the SUNRPC RDMA protocol implementation in the Linux kernel did not properly calculate the header size of a RPC message payload. A local attacker could use this to expose sensitive information. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.

Red Hat Security Advisory 2022-7022-01

Red Hat Security Advisory 2022-7022-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-7025-01

Red Hat Security Advisory 2022-7025-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-7026-01

Red Hat Security Advisory 2022-7026-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Issues addressed include a use-after-free vulnerability.

Ubuntu Security Notice USN-5686-1

Ubuntu Security Notice 5686-1 - Cory Snider discovered that Git incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause an unexpected behaviour. Kevin Backhouse discovered that Git incorrectly handled certain command strings. An attacker could possibly use this issue to arbitrary code execution.

Red Hat Security Advisory 2022-6997-01

Red Hat Security Advisory 2022-6997-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-6998-01

Red Hat Security Advisory 2022-6998-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Issues addressed include a use-after-free vulnerability.

Ubuntu Security Notice USN-5685-1

Ubuntu Security Notice 5685-1 - It was discovered that FRR incorrectly handled parsing certain BGP messages. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service. It was discovered that FRR incorrectly handled processing certain BGP messages. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service, obtain sensitive information, or execute arbitrary code.

Red Hat Security Advisory 2022-6996-01

Red Hat Security Advisory 2022-6996-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-6983-01

Red Hat Security Advisory 2022-6983-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include information leakage, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-6985-01

Red Hat Security Advisory 2022-6985-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2022-6991-01

Red Hat Security Advisory 2022-6991-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include information leakage, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-6995-01

Red Hat Security Advisory 2022-6995-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-6963-01

Red Hat Security Advisory 2022-6963-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

Ubuntu Security Notice USN-5684-1

Ubuntu Security Notice 5684-1 - It was discovered that the SUNRPC RDMA protocol implementation in the Linux kernel did not properly calculate the header size of a RPC message payload. A local attacker could use this to expose sensitive information. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.

Red Hat Security Advisory 2022-6978-01

Red Hat Security Advisory 2022-6978-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-6914-01

Red Hat Security Advisory 2022-6914-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.424 and .NET Runtime 3.1.30.