This Metasploit module creates a .tar file that can be emailed to a Zimbra server to exploit CVE-2022-41352. If successful, it plants a JSP-based backdoor in the public web directory, then executes that backdoor. The core vulnerability is a path-traversal issue in the cpio command-line utility that can extract an arbitrary file to an arbitrary location on a Linux system (CVE-2015-1197). Most Linux distros have chosen not to fix it. This issue is exploitable on Red Hat-based systems (and other hosts without pax installed) running versions Zimbra Collaboration Suite 9.0.0 Patch 26 and below and Zimbra Collaboration Suite 8.8.15 Patch 33 and below.
ce92bc8cd0b896bbf1bbebcee5677a9a8619813aaba32b6be0cfc98fba18d5b5
Chrome suffers from a heap use-after-free vulnerability in AccountSelectionBubbleView::OnAccountImageFetched.
58250b99dc0491f82cdc58424c569b8f9d2df212310a3407eb9441507e365641
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
933b5a17271ac0f9acfa54c48997d1b9526759fa9bd929c844cca6471dec33ea
There is a vulnerability in Cisco Jabber that allows an attacker to send arbitrary XMPP stanzas (XMPP control messages) to another Cisco Jabber client, including XMPP stanzas that are normally sent only by the trusted server.
ed2115ba91caeae4b0245ae0141359b56fa7d27077ea7a8cb6d34c1aa2ad914c
Chrome suffers from a heap buffer overflow vulnerability in offline_items_collection::OfflineContentAggregator::OnItemRemoved.
a12649cc87b93dc4f1206b4520f0269c90067ff6042cf3fbf667a38af1956ab3
Red Hat Security Advisory 2022-7005-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a randomization vulnerability.
9276fb50cbeda8a769bfe86afeaff928dbab2db678d8caffd88e1387b38ba8fb
Red Hat Security Advisory 2022-7003-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a randomization vulnerability.
d0357eef19fbe73d9a63b3789b81f07f0128fa01742f0efcff0a148534cf42a2
Red Hat Security Advisory 2022-7008-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.
362b493b16fffb9175878168a4cec96752df189db56b7b1850b2328cbd584be1
Red Hat Security Advisory 2022-7006-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a randomization vulnerability.
e2ac89f8c4e605abf041f5c29ac385e5538b6f1616673b475bbfb3e4561712d3
Red Hat Security Advisory 2022-7009-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.
17a6855820a37dbf1b372fb6cbe7d6c310d0d61cedef1518f64960cfe98c61d4
Red Hat Security Advisory 2022-7002-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a randomization vulnerability.
e35c2ec30ff49fcdf2ffa178cb020478b9f020a3acf3bf98a0b54b95792b439f
Red Hat Security Advisory 2022-7056-01 - Red Hat Gluster Storage is a software-only scale-out storage solution that provides flexible and affordable unstructured data storage. It unifies data storage and infrastructure, increases performance, and improves availability and manageability to meet enterprise-level storage challenges. Issues addressed include an information leakage vulnerability.
cd96952c0c25c20a45986d8b8ba10dcd9addec514c73699e2bc422b736249137
Red Hat Security Advisory 2022-7011-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.
d371461479cf538c027433f6720d499e0a1f42fbf138427d2c5d7606baef72f3
Red Hat Security Advisory 2022-7004-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a randomization vulnerability.
eea5da98f2bc43639a285ba577d85ca96741e9b7f24b4b4b923f8e9d3ade09ae
Red Hat Security Advisory 2022-7010-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.
26a235b42c76e560704e836554ed2edb827a28a50889fdb30e3c5a248ecfa53d
Red Hat Security Advisory 2022-7012-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.
7ddcd79e06b9b9caa29d6c99ee7209ccb1c2bbbc92c878212a408698efd50ac9
Red Hat Security Advisory 2022-7058-01 - OpenShift sandboxed containers support for OpenShift Container Platform provides users with built-in support for running Kata containers as an additional, optional runtime. This advisory contains an update for OpenShift sandboxed containers with security fixes and a bug fix. Space precludes documenting all of the updates to OpenShift sandboxed containers in this advisory. Issues addressed include a null pointer vulnerability.
952618897141c2bcf07e60e877ff3c20659f892e7d4f3e17083ce9ccf958ffc0
Red Hat Security Advisory 2022-7001-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.
7d0bdef5160dba0ba6168260c5a0c462fd59fc74c637e91bc948af614f630b44
Red Hat Security Advisory 2022-7000-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include buffer overflow and randomization vulnerabilities.
1eec6e6b0af1da4d64dd9d97581cd69d831f2ad8f47648ebe0c3d83bac2e66c4
Ubuntu Security Notice 5692-1 - David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Soenke Huster discovered that an integer overflow vulnerability existed in the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
338493434a5be8c82f48711bc041582c907cf71deac0cac516932ba12962a7c5
Ubuntu Security Notice 5691-1 - David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Soenke Huster discovered that an integer overflow vulnerability existed in the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
b0d11c2875faf5dc0eba66e1a8fa7047568fc779aa888e03ead6fda5bf33cc46
Ubuntu Security Notice 5693-1 - David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service.
b188fde6f7ada8ed2d80d51cefde2cc926159548905b92f8f3334d7b98c585e1
Red Hat Security Advisory 2022-7044-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.
7e022ca70787cce1eb3e02a0838ebec4d8b3c6738820e4c3f4bc45f39e0bef47
Red Hat Security Advisory 2022-6905-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.50. Issues addressed include a code execution vulnerability.
d445a81a4efdc52988749989d6a49433d48657553db0b5fda73d161d6fae6246
Red Hat Security Advisory 2022-7055-01 - An update is now available for Red Hat Openshift distributed tracing 2.6.0. Issues addressed include denial of service and traversal vulnerabilities.
5fff960e2fde02a4f151b249992ebb605527410d45341b4ecb9b0c5b43db1262