Eclipse ThreadX versions prior to 6.4.0 suffers from a missing array size check causing a memory overwrite, missing parameter checks leading to integer wraparound, under allocations, heap buffer overflows, and more.
fe024c1aec7da8d2d51940b04a8a3ca30381ec05224812e3d1fffd2e3661ce4cUbuntu Security Notice 6793-1 - It was discovered that Git incorrectly handled certain submodules. An attacker could possibly use this issue to execute arbitrary code. This issue was fixed in Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS. It was discovered that Git incorrectly handled certain cloned repositories. An attacker could possibly use this issue to execute arbitrary code.
6663dccf730f5142c551541e6d40fa74ee358fffac9030c6af11f18cc01bddd8Ubuntu Security Notice 6791-1 - It was discovered that Unbound could take part in a denial of service amplification attack known as DNSBomb. This update introduces certain resource limits to make the impact from Unbound significantly lower.
b6f4100277c1198256eac0747ee033452ff1ec26d329a21f1883c2637a3ec7f9HAWKI version 1.0.0-beta.1 before commit 146967f suffers from cross site scripting, arbitrary file overwrite, and session fixation vulnerabilities.
dfca73f84c2fb3bf8edc1b2f48f75be2dbaaae19ce18c9d800d8ca4a7c98f67aSiemens CP-XXXX Series (CP-2014, CP-2016, CP-2017, CP-2019, CP-5014) expose serial shells on multiple PLCs. A serial interface can be accessed with physical access to the PCB. After connecting to the interface, access to a shell with various debug functions as well as a login prompt is possible. The hardware is no longer produced nor offered to the market.
440f519186700c01806ac2012a5bbe75033e8be274d7314185fa93b11e2ef29bUbuntu Security Notice 6790-1 - It was discovered that amavisd-new incorrectly handled certain MIME email messages with multiple boundary parameters. A remote attacker could possibly use this issue to bypass checks for banned files or malware.
f6bfecdfd490d397dc6037b380e5c626ef468fcc779a334be787377b4eec25f9Ubuntu Security Notice 6789-1 - Amel Bouziane-Leblond discovered that LibreOffice incorrectly handled graphic on-click bindings. If a user were tricked into clicking a graphic in a specially crafted document, a remote attacker could possibly run arbitrary script.
d3e5b1bd2a39a191a7aebd1d63fd550596fa47d0e63011152637be56aa8bb80bUbuntu Security Notice 6788-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
2ba9114499615625ceec3aef13282d48432167a8d10e47afc3ee65f19e05d3e3Ubuntu Security Notice 6786-1 - It was discovered that Netatalk did not properly protect an SMB and AFP default configuration. A remote attacker could possibly use this issue to execute arbitrary code.
72fad2b781f8ff2082e13d1a516f5bafad0d167afddfbdab03910defffb10881Ubuntu Security Notice 6673-3 - USN-6673-1 provided a security update for python-cryptography. This update provides the corresponding update for Ubuntu 24.04 LTS. It was discovered that python-cryptography incorrectly handled memory operations when processing mismatched PKCS#12 keys. A remote attacker could possibly use this issue to cause python-cryptography to crash, leading to a denial of service. This issue only affected Ubuntu 23.10.
fae6e3df5e57be08d838136e5bf26a4b931c04ece1afafb337e7383996700614Red Hat Security Advisory 2024-3369-03 - An update is now available for Red Hat OpenShift GitOps v1.10.6 to address the CVE-2024-31989, Unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.
8ebdf9fc0993fc577e9846ec2f7d0bdac5e3dcc7fbd90bd50c310f28fd46e00fRed Hat Security Advisory 2024-3368-03 - An update is now available for Red Hat OpenShift GitOps v1.12.3 to address the CVE-2024-31989, Unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.
385d3ce943f1c580c9566f115a45f5d0a573823e0194f7a7bf0cf287eb5461b1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed