A privilege escalation vulnerability exists in the clfs.sys driver which comes installed by default on Windows 10 21H2, Windows 11 21H2 and Windows Server 20348 operating systems. This Metasploit module exploit makes use to two different kinds of specially crafted .blf files.
9aa5ede2ea03c876775407f0098c013dfd3c503cc4ebb1ee7306284def339699Ubuntu Security Notice 6368-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. It was discovered that Thunderbird did not properly manage memory when handling WebP images. If a user were tricked into opening a malicious WebP image file, an attacker could potentially exploit these to cause a denial of service or execute arbitrary code.
8d95e0118cdd19372dc4ff5235aa6a52784eef3641630f31f94c81a7e15db254Red Hat Security Advisory 2023-5148-01 - Red Hat Integration Camel for Spring Boot 3.20.2 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Issues addressed include bypass and denial of service vulnerabilities.
b0954fc421046b904362a64bc1355a62d0f65f3a440cff6f4d97de9a4d265f11Debian Linux Security Advisory 5497-1 - A buffer overflow in parsing WebP images may result in the execution of arbitrary code.
ad3befb7b686c256583e0e50a04e1df3f0429d81b5b6fcaaa703680831a6ed3bUbuntu Security Notice 6367-1 - It was discovered that Firefox did not properly manage memory when handling WebP images. If a user were tricked into opening a webpage containing malicious WebP image file, an attacker could potentially exploit these to cause a denial of service or execute arbitrary code.
aaf87b74a4a839e647b2f99a873ab024401c6117b83f68855850111b917d2f7dRed Hat Security Advisory 2023-5147-01 - A security update for Camel for Spring Boot 3.18.3.2 is now available. Issues addressed include bypass and denial of service vulnerabilities.
66396fdb7f1a3317d1bdabc7a31a25d0e1214a43a1cc54712ba36d28fdcd5a64Debian Linux Security Advisory 5496-1 - A buffer overflow in parsing WebP images may result in the execution of arbitrary code.
c82c8662b4cb856cef00c651c37f65322490fdda603a29d98b698d651c861107iSmile Soft CMS version 0.3.0 suffers from an add administrator vulnerability.
53c61e2d58e402521ca5973de27e7d6a518d7d159c7b44b1ce701814f8336b33Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
6047c75f9e79a9b0cc6d6c7632024a4126812bc212f52acf5d3c813cc7c9fb0bUbuntu Security Notice 6364-1 - It was discovered that Ghostscript incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. It was discovered that Ghostscript incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.
91972b9a30d177eedb72329131d2be05233ba948220bc38cbbe0989077c92a30Ubuntu Security Notice 6366-1 - It was discovered that PostgreSQL incorrectly handled certain extension script substitutions. An attacker having database-level CREATE privileges can use this issue to execute arbitrary code as the bootstrap superuser.
3aafc6d0eb1b6b6af93b8a2e7aa24bd4e2f58041707954910ca902da7600c204Red Hat Security Advisory 2023-5143-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.122 and .NET Runtime 6.0.22. Issues addressed include a denial of service vulnerability.
495f48e531322a5c8a1c04b837bc279b8e05e57eae2389cec33a9eca0d2fd1d0Red Hat Security Advisory 2023-5146-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.111 and .NET Runtime 7.0.11. Issues addressed include a denial of service vulnerability.
6c653cd18590bd863de7b041369f8ee0f4d482017e7fbb87aee2193d2bd6ec1fislamnt CMS version 2.1.0 suffers from an add administrator vulnerability.
459140609c3884d950ad9fe4a6639059bcd27b1966c70c69285c3841c6942e9aislamnt CMS version 2.1.0 suffers from a cross site scripting vulnerability.
9da3ffc464d21e2c887d8241061ae3ce06a1c69cd562b4ab23911bc70287d3e0Red Hat Security Advisory 2023-4933-01 - Logging Subsystem 5.7.6 addresses an issues where LokiStack authorization is cached too broadly.
502e6e9888a0dfe72ee4bcd30135f5e4960dfba1e0b041541837e1efb9155bc5Night Club Booking Software version 1.0 suffers from a cross site scripting vulnerability.
dff51d8b253d9631dee285face4809594062abc6803e40cbd31f7c69cd6e0641Red Hat Security Advisory 2023-5142-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.122 and .NET Runtime 6.0.22. Issues addressed include a denial of service vulnerability.
da204f6db67c2d7877509d6e9d2faa3fc0c9d20459713b0c68f815790fe3beb1Ubuntu Security Notice 6365-1 - It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker could possibly use this issue to bypass SAML token signature verification and perform VMware Tools Guest Operations.
d61c866c47b627d6cda3352868ce3be2ce4c34eff8c2ce9f61d4d10445262364Red Hat Security Advisory 2023-5144-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.122 and .NET Runtime 6.0.22. Issues addressed include a denial of service vulnerability.
1b02526e6400583d3514f1555cd490113a1d170eb7fc8fb3f554b604ec518f16ImgHosting version 1.3 suffers from a cross site scripting vulnerability.
8c169afaf39b32fa5c563194367feecff6f19735b337600d64caa7b0f3c6b6a3Red Hat Security Advisory 2023-5145-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.111 and .NET Runtime 7.0.11. Issues addressed include a denial of service vulnerability.
6dd409e6285b1cd98e843932933a49a0d974aa0f050231f8813b962c3aef7651
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed