Red Hat Security Advisory 2023-4910-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.4 serves as a replacement for Red Hat JBoss Web Server 5.7.3. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References section. Issues addressed include denial of service, information leakage, integer overflow, and out of bounds write vulnerabilities.
eb75438ef29d3419f6725183bfbeb51f52079fcb4b05c04f5a9dab7196252540
Red Hat Security Advisory 2023-4909-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.4 serves as a replacement for Red Hat JBoss Web Server 5.7.3. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References section. Issues addressed include denial of service, information leakage, and integer overflow vulnerabilities.
42d63a53d46500f97ac09efb36b14aeae78e4c4154a0783587555b21ea3cde1c
Ubuntu Security Notice 6335-1 - It was discovered that BusyBox incorrectly handled certain malformed gzip archives. If a user or automated system were tricked into processing a specially crafted gzip archive, a remote attacker could use this issue to cause BusyBox to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. It was discovered that BusyBox did not properly validate user input when performing certain arithmetic operations. If a user or automated system were tricked into processing a specially crafted file, an attacker could possibly use this issue to cause BusyBox to crash, resulting in a denial of service, or execute arbitrary code.
ce6cd273a2adefd9dc9d4b39d27ed6ba12c30e3105c870f8b4e96eaa14d28bc3
Ubuntu Security Notice 6334-1 - Peter Wang discovered that atftp did not properly manage certain inputs. A remote attacker could send a specially crafted tftp request to the server to cause a crash. Andreas B. Mundt discovered that atftp did not properly manage certain inputs. A remote attacker could send a specially crafted tftp request to the server to cause a crash. Johannes Krupp discovered that atftp did not properly manage certain inputs. A remote attacker could send a specially crafted tftp request to the server and make the server to disclose /etc/group data.
3bdd531c8758e85af1a9dc219bf472e81e0cf00af872e44aefe3ded2b15188f4
Ubuntu Security Notice 6333-1 - Junsung Lee discovered that Thunderbird did not properly validate the text direction override unicode character in filenames. An attacker could potentially exploits this issue by spoofing file extension while attaching a file in emails. Max Vlasov discovered that Thunderbird Offscreen Canvas did not properly track cross-origin tainting. An attacker could potentially exploit this issue to access image data from another site in violation of same-origin policy.
de1cdeefaa54cbd5ac2ba23369fd0091cdef1507fcdebab7399ef5c6b2b74e13
Debian Linux Security Advisory 5488-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.
c4b9ef34e56f966dc628297fcd9a209fc6e8f676919d45454be8a2f6a9cac139
jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.
c2fbf8bf0a47c670fad1bee18fdc18a0b6b5257d83d819dce0dc4303a17f79e8
There is a race between mbind() and VMA-locked page faults in the Linux 6.4 kernel, leading to a use-after-free condition.
78b0a4905933278287d325ebef0bf5c144a4c579eaaf4874daf17a797f5aa2b7
NVClient version 5.0 suffers from a stack buffer overflow vulnerability.
abd3909daaf63482eae8d1670f83664e68a0dc2a1099d512a7df9789899192c7
CSZ CMS version 1.3.0 suffers from multiple persistent cross site scripting vulnerabilities.
9b94dac81267b78ab87830aff4334c9f75589fa563e0c0d8dac51942e11ccd07
nullcon Goa 2023 will be having a live bug hunting competition to win money. Registration deadline is September 7, 2023. The conference will be held September 22nd through the 24th, 2023.
1cd891b4b4f7b63a38bb73250b01e63e89e37a5c67f9dcf2487b0a4a3db90a52
AdminTLE PiHole versions prior to 5.18 suffer from a broken access control vulnerability.
9b8c890163587c6b86432ce2b114aa227620678fe2ad0b6011239c3105f1be06
Ivanti Avalanche versions prior to 6.4.0.0 suffer from a remote code execution vulnerability.
fbb31ff5f38dd146b12a471e205d680b8205fc2fdb41ac774f03201dcb313808
ImpressionTech CMS version 1.4 suffers from a remote SQL injection vulnerability.
7032b1e074d75927ade21c93b6ef6a9107eb57b2322cb16a4880374746b827ae
Impress CMS version 1.3.9 suffers from an open redirection vulnerability.
e2fcf8fc68a8d805a84ed27217308849c526fd9c890e5ac538f4522ab18908e7
ImgHosting version 1.3 suffers from a html injection vulnerability.
191405965601ade0d4bd0ce91b2f3150036b54e91e9ed959a9c38087ce9f2322
Humhub version 1.3.13 suffers from a remote shell upload vulnerability.
7a715a33400e2add27f596f876eb05f01d21b959756f68afee12e2b91ef7ac46