September 27, 2022—KB5019311 (OS Build 22621.525) Out-of-band

September 27, 2022—KB5019311 OS Build 22621.525 Out-of-band For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. Note Follow @WindowsUpdate to find out when new content is published to the Windows release health...

Service-Update-0.40-for-Microsoft-Dynamics CRM ( on-premises)-9.0

Service-Update-0.40-for-Microsoft-Dynamics CRM on-premises-9.0 Dynamics 365 Introduction Service Update 9.0.40 for Microsoft Dynamics CRM on-premises 9.0 is now available. This article describes the hotfixes and updates that are included in Service Update 9.0.40. More information Update package|...

GHSA-8WM5-8H9C-47PC Apache Hadoop argument injection vulnerability

Apache Hadoop's FileUtil.unTarFile, File API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in...

CVE-2022-25168

Apache Hadoop's FileUtil.unTarFile, File API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in...

Fedora: Security Advisory for golang-x-text (FEDORA-2022-5038c3236c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-github-gosexy-gettext-0.9-8.fc36

Go bindings for GNU gettext, an internationalization and localization library for writing multilingual systems...

Fedora: Security Advisory for golang-github-gosexy-gettext (FEDORA-2022-3e1ade35db)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 35 Update: golang-github-gosexy-gettext-0.9-7.fc35

Go bindings for GNU gettext, an internationalization and localization library for writing multilingual systems...

Fedora: Security Advisory for golang-x-text (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for golang-x-text (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-x-text-0.3.7-2.fc36

Text is a repository of text-related packages related to internationalization i18n and localization l10n, such as character encodings, text transformations, and locale-specific text handling...

Malicious code in @epic-mw/localization (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a02d41f96074f4eb8d18299277cd8de53b91d344bc012f910e70d55b75f60335 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1827 Malicious code in carbon-localization (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9a0b88b3ad7aaf575333d90fce017445adc4d400a5bf1c7bd2ca3078d3e4dad0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in carbon-localization (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9a0b88b3ad7aaf575333d90fce017445adc4d400a5bf1c7bd2ca3078d3e4dad0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Improper Link Resolution Before File Access in Apache Hadoop

The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during...

Mozilla: Use-after-free in DocumentL10n::TranslateDocument

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: By using a link with rel="localization," a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to...

Mozilla: Use-after-free in DocumentL10n::TranslateDocument

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: By using a link with rel="localization," a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to...

Mozilla: Use-after-free in DocumentL10n::TranslateDocument

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: By using a link with rel="localization," a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to...

Mozilla: Use-after-free in DocumentL10n::TranslateDocument

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: By using a link with rel="localization," a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to...

Mozilla: Use-after-free in DocumentL10n::TranslateDocument

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: By using a link with rel="localization," a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to...