Red Hat Security Advisory 2022-4867-01 - Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.
8684c1628610a6eac0f276cb213a143f4400fbf8cf1b1d6a404390f1416c96be
Comma devices running Openpilot suffered from an insecure configuration when SSH is enabled where the private key is publicly known. Additional security hardening improvements have also been made in recent releases to address other concerns as well.
97e4a789717fe1480fe02588feff13555897da5c681197fa1c988ec56942dcff
Ubuntu Security Notice 5456-1 - It was discovered that ImageMagick incorrectly handled memory under certain circumstances. If a user were tricked into opening a specially crafted image, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact.
c5ee5376271435f7996a5e34a35e688ee4b478589a30df03b3f2372881a59c6e
GtkRadiant version 1.6.6 suffers from a buffer overflow vulnerability.
14f9015f9b6fd0206b68903bbe51b7ceaf2ff6f2d18427ab50c01e183f4465a8
This archive contains all of the 142 exploits added to Packet Storm in May, 2022.
4cfc964188d16d4261475b9022169b0e9e9bdc05c5b81a3d5577f25e0b58d0fc
Ubuntu Security Notice 5457-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
4153e8a485e0234b39752d64b97e73d5006aaa1bf37524710ec5361f026bd819
Red Hat Security Advisory 2022-4863-01 - OpenShift Serverless version 1.22.1 contains a moderate security impact.
dda02360413f1824abefb4a0bce3718b9ecc6ba04a0192343b6453bd7257ab9c
libxml2 is vulnerable to a heap buffer overflow when xmlBufAdd is called on a very large buffer.
2e836bc71a5f639b38695645fac3e6f8cf11af986d63af75240bf0a926a562f1
The BN_mod_sqrt() function in OpenSSL versions 1.0.2, 1.1.1, and 3.0, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli.
b8c560eda5504347f10dd0a9166545d0f6d2637eb9ca4cc2944f2c46e26d7f2b
Ubuntu Security Notice 5443-2 - Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code. Jann Horn discovered that the Linux kernel did not properly enforce seccomp restrictions in some situations. A local attacker could use this to bypass intended seccomp sandbox restrictions.
d9db3c4379a58440851b2d6e71caae3d47d27c20b77c8e1811ef18f4fc1efaf6
Ubuntu Security Notice 5451-1 - Ilya Averyanov discovered that an InfluxDB vulnerability allowed attackers to bypass authentication and gain access to any known database user.
98658b65a03cdd73f41af4c537379fbec47478ef02749d914b625cc5c92e8af4
Avantune Genialcloud ProJ version 10 suffers from a cross site scripting vulnerability.
7a0d3b9dfd4b8e8ad8e6da668090859f7b1f76c4079023524c8bc929d6e1982f
Red Hat Security Advisory 2022-4860-01 - The Red Hat OpenShift Serverless Client kn 1.22.1 provides a CLI to interact with Red Hat OpenShift Serverless 1.22.1. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.
4dddff7eb2426ea7c9820f7d68e0203dd4ed7424aba5590da590fc22e21b0df7
Real Player versions 16.0.3.51, Cloud 17.0.9.17, and 20.0.7.309 suffer from a DCP:// URI remote code execution vulnerability.
8a359aeb74dfcb0d2cdf2b2a15aeb57867b10d99cfa4221cac03bafb5f4b59b9
Ubuntu Security Notice 5454-2 - USN-5454-1 fixed several vulnerabilities in CUPS. This update provides the corresponding update for Ubuntu 16.04 ESM. Joshua Mason discovered that CUPS incorrectly handled the secret key used to access the administrative web interface. A remote attacker could possibly use this issue to open a session as an administrator and execute arbitrary code.
0122140907f14a83c3d9ef275788cda2f2fbd630569ec8538dafa3fc05a95d69
Real Player versions 16.00.282, 16.0.3.51, Cloud 17.0.9.17, and 20.0.7.309 suffer from external::Import() arbitrary file download and directory traversal vulnerabilities that lead to remote code execution.
7a753f92d50706bc1d9f139def6113809aaadcafbfbef5cdd27e58334d230325
The G2 Control component in Real Player version 20.0.8.310 suffer from remote code execution vulnerability.
2438a58c4359d3d36d6496e285234087a41157c56bb4df448e56f6cbb9ebd664
Ubuntu Security Notice 5442-2 - Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code. Bing-Jhong Billy Jheng discovered that the io_uring subsystem in the Linux kernel contained in integer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code.
5632e668ad026b3cc2fecc2e4439dd6df764ced86921dd64641d8fd7bcfcf72c
Red Hat Security Advisory 2022-4845-01 - The zlib packages provide a general-purpose lossless data compression library that is used by many different programs.
5a7995f89c7f2522c45709b80793aa2944aa74fb78397f2ac132ef03ab31d4cc