Ubuntu Security Notice 7017-1 - Iggy Frankovic discovered that Quagga incorrectly handled certain BGP messages. A remote attacker could possibly use this issue to cause Quagga to crash, resulting in a denial of service.
5de28707d33411664b92640aa20a05b15c3f1883532c98f677b861e05322fb02Ubuntu Security Notice 7016-1 - Iggy Frankovic discovered that FRR incorrectly handled certain BGP messages. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service.
c16b067412f887ca443d01cd624f103aea4a4b7ba0c3c6ee59cf33092e6de7a9Membership Management System version 1.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
6a15cdedf00f0b752cebff83c346b7c042814e903684ee4884b3896ad044391bHYSCALE System version 1.9 suffers from add administrator and cross site request forgery vulnerabilities.
be1be6516ccdabbe67428de5ef0e49fca374004dda69f00f5fe8c675baa3d990Furniture Master version 2 suffers from a remote SQL injection vulnerability.
de62e37b3de6cb06ff4294692fa90d5dbfd158a0153c79993900f1fcc28b6789Food Ordering and Table Reservation System for Restaurants version 1.0 suffers from an ignored default credential vulnerability.
bc2fab72834ac56fe6948d05d57dea4c287fd8500fe999daf8cd8d910200f7a3Beauty Parlour and Saloon Management System version 1.1 suffers from an ignored default credential vulnerability.
d6660c1c6980ef3268d1a22cf2f264a4cca0ec4b56c1477c7fef4007d4b6424aCVE-2024-30088 is a Windows kernel elevation of privilege vulnerability which affects many recent versions of Windows 10, Windows 11 and Windows Server 2022. The vulnerability exists inside the function called AuthzBasepCopyoutInternalSecurityAttributes specifically when the kernel copies the _AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION of the current token object to user mode. When the kernel performs the copy of the SecurityAttributesList, it sets up the list of the SecurityAttributes structure directly to the user supplied pointed. It then calls RtlCopyUnicodeString and AuthzBasepCopyoutInternalSecurityAttributeValues to copy out the names and values of the SecurityAttribute leading to multiple Time Of Check Time Of Use (TOCTOU) vulnerabilities in the function.
a4e521839032a10c16e91b79eb43b6f9620dcc27482be434b0d2b62d5ac92e66This Metasploit module exploits an unauthenticated account takeover vulnerability in LiteSpeed Cache, a WordPress plugin that currently has around 6 million active installations. In LiteSpeed Cache versions prior to 6.5.0.1, when the Debug Logging feature is enabled, the plugin will log admin cookies to the /wp-content/debug.log endpoint which is accessible without authentication. The Debug Logging feature in the plugin is not enabled by default. The admin cookies found in the debug.log can be used to upload and execute a malicious plugin containing a payload.
6e09b750ae1a9a0b2b8f3c6e3aa95c6c27115a13bd3431b2f9fa3155e9f1d346GibbonEdu Core version 26.0.00 suffers from a cross site scripting vulnerability that can lead to privilege escalation.
55a116c03d9b7b070c43d09aaf32571f24950ed2afe7ec231624d9fb0a220996TP-Link Archer AX50 router with firmware version 1.0.11 build 2022052 suffers from a persistent cross site scripting vulnerability.
25ff26ec2bb983142b60be6c6850961636a672ee8e4a79e14449322abbb2d5ccHTMLy version 2.9.9 suffers from a persistent cross site scripting vulnerability that can lead to account takeover.
6bb08fb3fda4692b34b179dbafc8e6a3f67eca89052852c0d0f06bb6f11cdaa8Dockwatch is a container management web UI for docker. It runs by default without authentication, although guidance is available for how to setup credentials for access. It has a Commands feature that allows a user to run docker commands such as inspect, network, ps. Prior to fix, it did not restrict input for parameters, so both container and parameters for the dockerInspect command were vulnerable to shell command injection on the container as the abc user with (limited) command output. See commits 23df366 and c091e4c for fixes.
4dc88e4bbab7011783c0ecfab89efa0414dbb5928fb33b19bb6580f2eaabe3c2Ubuntu Security Notice 7001-2 - USN-7001-1 fixed vulnerabilities in xmltol library. This update provides the corresponding updates for Ubuntu 24.04 LTS. Shang-Hung Wan discovered that Expat, contained within the xmltok library, did not properly handle certain function calls when a negative input length was provided. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code.
e8e28f2f9097ce08c9631f1af9eb47b3fb56c0e9466585153477ebbeb1f2ce61Apple Security Advisory 09-16-2024-10 - macOS Ventura 13.7 addresses buffer overflow, bypass, out of bounds access, out of bounds read, and spoofing vulnerabilities.
83bec15ab00978bb0f11e5f9e97e565cb578510b79514deba529887e8947a015This Python script for Linux can analyze Microsoft Windows .msi Installer files and point out potential vulnerabilities.
5acb6c6d8634611b63c2c7dbe9d099afc2807b183f5f065ed3557bc52c57aa7dRed Hat Security Advisory 2024-6726-03 - An update for fence-agents is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include a code execution vulnerability.
8da1af33ccd27fdce30013232ee0f14bc2b96116f470eac2a05cf2734e08afbeApple Security Advisory 09-16-2024-9 - macOS Sonoma 14.7 addresses buffer overflow, bypass, out of bounds access, out of bounds read, out of bounds write, and spoofing vulnerabilities.
8c7c598c2151ce639d355f21defbebd09be8b2089b0d7ca88eaa2eab7d02cc0aUbuntu Security Notice 7011-2 - USN-7011-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that ClamAV incorrectly handled certain PDF files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service.
8eab588cda40b015f2993c6befd64881bea3df23eba9fc2f37d8135f1ca86eb5Red Hat Security Advisory 2024-6723-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.
a8c871abfcdf00df34c3a055130cd59682a642cba44f2eef56e53f98b415d5c2Red Hat Security Advisory 2024-6722-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
bc990a117e524d785b33bafdfa035a954c557ee4cc0585dd70b456feb3b70148Red Hat Security Advisory 2024-6721-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.
3b884d8963ac1b4827a95580bdbd6a3af1fa012cb4d849a2d15cdf9cc5091c28Ubuntu Security Notice 7015-1 - It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service.
0224b04ebdd855ff165cab147873523db9bc82d1b5c8fdecef438adbabb325b4Ubuntu Security Notice 7010-1 - Jinsheng Ba discovered that DCMTK incorrectly handled certain requests. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. Sharon Brizinov and Noam Moshe discovered that DCMTK incorrectly handled pointers. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS.
c9f04b5ecfe6737ab3cb550780a5ecb52fe8dfc68f3c8b7ca996331ca6ac4f3fApple Security Advisory 09-16-2024-8 - iOS 17.7 and iPadOS 17.7 addresses bypass, out of bounds access, and out of bounds read vulnerabilities.
4993b0fd28e2f9894d9a7a6b11b76fd5ab68a695255e84e47ffc88d2865ddeaf
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed