This archive contains all of the 92 exploits added to Packet Storm in June, 2022.
31e00bfbb5593a7d72fc5ec743f63f47efd91e3ec97fcfd2e215072bd2bc27d2
Carel pCOWeb HVAC BACnet Gateway version 2.1.0 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the file GET parameter through the logdownload.cgi bash script is not properly verified before being used to download log files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.
6080b06695bafffc697537b01af1fe9b2c39e6c9237b59563f645f36adbc81cb
Several PHP compatibility libraries contain a potential remote code execution flaw in their json_decode() function based on having copy pasted existing vulnerable code. Affected components include the WassUp Realtime analytics WordPress plugin, AjaXplorer Core, and more.
15c734bb46c83c88ca1f44b832953d3f324999fb6a6e5fa2aaf519830ded1198
BigBlueButton versions 2.3, prior to 2.4.8, and prior to 2.5.0 suffer from a persistent cross site scripting vulnerability.
c68ede95337b08934eceb60e7e3ded22f6717375681d84eac96231f4c47ee8b1
The Call For Papers has been announced for the Workshop on CPS and IoT Security and Privacy (CPSIoTSec 2022). It will be held in Los Angeles, CA, USA on November 7th through the 11th, 2022.
210cc314daa5b40530b4eb6824f2e2f763e9b2b7e7db997ee26df88975e8880b
The call for papers for Hardwear.io NL 2022 is now open. It will take place October 27th through the 28th, 2021 in the Netherlands.
2297c70faeb7fd538fb02f2327a806bcbe1a2e1e9ae61e3f2ae62b36eb68bfd2
Red Hat Security Advisory 2022-5483-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.
ce70c2647076c3e2e1ce8691bcc4d5a053b71f02fc338cb8e6f439843c00f8bc
Red Hat Security Advisory 2022-5481-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.11 ESR. Issues addressed include bypass, integer overflow, and use-after-free vulnerabilities.
7caf7e3868553b1722bc5e3c4e3bb6a6ebb800f956c629288b0040dd219a84a4
Red Hat Security Advisory 2022-5245-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include bypass and password leak vulnerabilities.
26b21b9a48461a54adcdb1040ed8768743f785be74ea237cbfd0790432ea8359
Red Hat Security Advisory 2022-5475-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.11. Issues addressed include bypass, integer overflow, and use-after-free vulnerabilities.
162e47918737bf2b9a3d20dc8ed77ffab33bb1a27c81ce64cb1b4032a81be4e5
Red Hat Security Advisory 2022-5257-01 - libinput is a library that handles input devices for display servers and other applications that need to directly deal with input devices. Issues addressed include format string and privilege escalation vulnerabilities.
5f14b8b6a643a54634672b9000eb4cd92b506b12fe7ece0f9485efe0c444be88
Red Hat Security Advisory 2022-5439-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include heap overflow, privilege escalation, and use-after-free vulnerabilities.
3db4a9a3eaef4ae44ffe0e4b1baeea0aa294da5f2930bbfe0457203563dd5c83
Red Hat Security Advisory 2022-5249-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, information leakage, privilege escalation, and use-after-free vulnerabilities.
39941dd8b9ab6d237ebb34325a101a531c4026515a0315d722619a2c1ec84cff
Red Hat Security Advisory 2022-5251-01 - The pcre2 package contains a new generation of the Perl Compatible Regular Expression libraries for implementing regular expression pattern matching using the same syntax and semantics as Perl. Issues addressed include an out of bounds read vulnerability.
7f82598fb861b54efea0b9faf6de8baf9b04240de2e408afbe72628bf8b9ec0e
Red Hat Security Advisory 2022-5244-01 - Expat is a C library for parsing XML documents. Issues addressed include an integer overflow vulnerability.
967d45b90ae2aa8dff55d712fefe60ba5d0259307e080234d1ce761da9956cbd
Red Hat Security Advisory 2022-5479-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.11 ESR. Issues addressed include bypass, integer overflow, and use-after-free vulnerabilities.
68fcffc884b271b340a45952c80d0760fda5905d764590790b6c7860bdb909f0
Red Hat Security Advisory 2022-5476-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include buffer overflow, privilege escalation, and use-after-free vulnerabilities.
6ee33a81ccb7adc6d430f5454bb1faecc13229f4ff5fb2ac6ea006cea6c7e26f
Red Hat Security Advisory 2022-5263-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include a memory leak vulnerability.
ce7aed4ed0ea33c923529fdfa1a6fb01737682e6427b6b785ab68545d12095b9
Red Hat Security Advisory 2022-5482-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.11. Issues addressed include bypass, integer overflow, and use-after-free vulnerabilities.
b6ed99db20fcdc8939101b87827d15c065ccaee40b0ab1067c24b0b4d0f466ab
Red Hat Security Advisory 2022-5242-01 - Vim is an updated and improved version of the vi editor. Issues addressed include buffer over-read, buffer overflow, and use-after-free vulnerabilities.
7f54bbeaba225ab3573d888abe910358d13c726e9adc4f49603d93d5f2885a15
Red Hat Security Advisory 2022-5474-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.11 ESR. Issues addressed include bypass, integer overflow, and use-after-free vulnerabilities.
1adbfc53af90a34a494fa6d1eccfb30462495758efbe0bee1be05ea61ad29a3f
Red Hat Security Advisory 2022-5480-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.11. Issues addressed include bypass, integer overflow, and use-after-free vulnerabilities.
02568651ed7b85a5720326972435216ec064f0a173e64c15dae8365d70033f1f
Red Hat Security Advisory 2022-5250-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. Issues addressed include integer overflow and out of bounds write vulnerabilities.
c78b08f501a4068ea87736af84676bf1f75085ae5bb8ef01846c271abbe738bf
Red Hat Security Advisory 2022-5252-01 - The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Issues addressed include an out of bounds read vulnerability.
da8355efec72e9121638397ab44a9e235dea55861707e1bd3c7799b9f7a429b5
Ubuntu Security Notice 5499-1 - Florian Kohnhuser discovered that curl incorrectly handled returning a TLS server’s certificate chain details. A remote attacker could possibly use this issue to cause curl to stop responding, resulting in a denial of service. Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages. An attacker could possibly use this to perform a machine-in-the-middle attack.
579ac0d4fbdd6b3c4bbc8ad5e07aa9f74a39a82dc0fe5bff37ac34f9fa633de5