Debian Linux Security Advisory 5467-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
9746736e5ad0547769a67aa9e3341df6a9896e510c46325b72fba0be7a4965cdDebian Linux Security Advisory 5466-1 - It was discovered that ntpd in ntpsec, a secure, hardened, and improved implementation derived from the original NTP project, could crash if NTS is disabled and an NTS-enabled client request (mode 3) is received.
ea9f1572b7d4ca5fa982ffce4713932ead0ecbfd3d51492fad7558417049d4c1The Canon PIXMA TR4550 stores sensitive data, such as the SSID and the Wi-Fi pre-shared key (PSK), unencrypted in its persistent storage (EEPROM). Resetting the product to factory settings does not securely delete this sensitive information. Versions 1.020 and 1.080 are affected.
e18ed4bfb6b147224bfbdafe53ebbbc71e96f5992a0562fc4eba3906334ee60bUbuntu Security Notice 6274-1 - Jurien de Jong discovered that XMLTooling did not properly handle certain KeyInfo element content within an XML signature. An attacker could possibly use this issue to achieve server-side request forgery.
19e79cbe903a0246e94a3fa323db69d8e7a0eaca4f93fad7e0207bf2f9ff311dThis Metasploit module exploits an authenticated file upload vulnerability in Subrion CMS versions 4.2.1 and lower. The vulnerability is caused by the .htaccess file not preventing the execution of .pht, .phar, and .xhtml files. Files with these extensions are not included in the .htaccess blacklist, hence these files can be uploaded and executed to achieve remote code execution. In this module, a .phar file with a randomized name is uploaded and executed to receive a Meterpreter session on the target, then deletes itself afterwards.
72859313ffb21cb022d15b4566fe8863b0a0f88f5ef2dff2e8c3eba2e934c2ceA vulnerability exists within Citrix ADC that allows an unauthenticated attacker to trigger a stack buffer overflow of the nsppe process by making a specially crafted HTTP GET request. Successful exploitation results in remote code execution as root.
94d1415f6fe455813346e8f6de25a1fa7b5b88484ea770a8bc9b669e25457a13GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.
b6e4e8bac3a950a3a1b7bdb0904979d4ab420a81e74de8636dd50b467d36f5a9Debian Linux Security Advisory 5464-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, bypass of the same-origin policy, spoofing or sandbox bypass.
3069629d3ef5bc6b0d21cfa08fe173ff4a81f30ad88de2fa86b9b678de047138WordPress Adivaha Travel plugin version 2.3 suffers from a cross site scripting vulnerability.
e73caf77468320e4edfd0009aa8a04f4c0e978dc9be0d3890a8d42d41b1c4a0aRed Hat Security Advisory 2023-4475-01 - Gatekeeper is an open source project that applies the OPA Constraint Framework to enforce policies on your Kubernetes clusters. This advisory contains the container images for Gatekeeper that include bug fixes and container upgrades.
5a99e222d213dbe2342e0393e6098878ebf40578b53a89010d0aa852634b2e29Ubuntu Security Notice 6273-1 - Jieyong Ma discovered that poppler incorrectly handled certain malformed PDF files. A remote attacker could possibly use this issue to cause poppler to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that poppler incorrectly handled certain malformed PDF files. A remote attacker could possibly use this issue to cause poppler to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.04.
badf6cba568a05acbe51df73153826647bc7178fe772457b3982573cf50845a8Debian Linux Security Advisory 5465-1 - Seokchan Yoon discovered that missing sanitising in the email and URL validators of Django, a Python web development framework, could result in denial of service.
33b7ca821d6fc6dd2ab809a37b4f1612df724b871bdac89beddd3b918a60c415Red Hat Security Advisory 2023-4471-01 - Red Hat OpenShift Serverless Client kn 1.29.1 provides a CLI to interact with Red Hat OpenShift Serverless 1.29.1. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. This release includes security and bug fixes, and enhancements.
284f930ef367225816f3bafd712d70efcd7f83333fced0c0efb0b1493ecac730Xlight FTP Server version 3.9.3.6 suffers from a stack buffer overflow vulnerability.
c93c53ba75838e1a8737f505ea9a9ee2eb80967242203b18e7f363133ef1b554Red Hat Security Advisory 2023-4472-01 - Version 1.29.1 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.10, 4.11, 4.12, and 4.13. This release includes security and bug fixes, and enhancements.
6279c43e2e64c3223f9a641285d7c47b27f5e06abc997f2a8678863ea219e43eUbuntu Security Notice 5064-3 - USN-5064-1 fixed a vulnerability in GNU. This update provides the corresponding update for Ubuntu 14.04 LTS. Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled certain pattern files. A remote attacker could use this issue to cause cpio to crash, resulting in a denial of service, or possibly execute arbitrary code.
848d27ec0229bbed482d72d1c434ad927ab11faebfa5356ff55ec79046e7f471WordPress EventON Calendar plugin version 4.4 suffers from an insecure direct object reference vulnerability.
fb2bcd929980474ea78a4c3aef30b7f6cf18d2e0e345c56fb0eaf2f8dbd00157WordPress Ninja Forms plugin version 3.6.25 suffers from a cross site scripting vulnerability.
2f5172bba94c67423895b9834718d894cb792397b17c96031ba1295f5a262551Ubuntu Security Notice 6275-1 - Addison Crump discovered that Cargo incorrectly set file permissions on UNIX-like systems when extracting crate archives. If the crate would contain files writable by any user, a local attacker could possibly use this issue to execute code as another user.
f2966c79576ad4d4b94a6d3844273a23c1a3674ca05ab3e471da58790232a5aaCOURIER DEPRIXA version 2.5 suffers from a cross site request forgery vulnerability.
057025def7e831a2032ce61d12d854618ff7bb979f4a1cf9889728a45e82d30eWebedition CMS version 2.9.8.8 suffers from a persistent cross site scripting vulnerability.
473683b302116f34c4110e38ba573093cfa43c5d3305886f1b74ea71622b0a90Webedition CMS version 2.9.8.8 suffers from a remote code execution vulnerability.
d97ddb9da17cdbd3bdce2deb167b5d2950190a32a5e3b3b47d26690bb5828528Webutler version 3.2 suffers from a remote shell upload vulnerability.
22d02e75820e61be78b6ffc04f11672c3e6212206e9a28a62c1a26954c521f0aRed Hat Security Advisory 2023-4461-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.14.0 ESR. Issues addressed include buffer overflow and bypass vulnerabilities.
ddb2a0756d62f711c911cd8c4b53ad7d0583595b1b5733ac92ad7e20029e2119Ubuntu Security Notice 6272-1 - Motoyasu Saburi discovered that OpenJDK 20 incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. Eirik Bjørsnøs discovered that OpenJDK 20 incorrectly handled certain ZIP archives. An attacker could possibly use this issue to cause a denial of service.
ef29c04ae8e50638fee3aa1910c46999d0da17350681fbef567a0f2c8a994549
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed