CHAOS version 5.0.8 is a free and open-source Remote Administration Tool that allows generated binaries to control remote operating systems. The web application contains a remote command execution vulnerability which can be triggered by an authenticated user when generating a new executable. The web application also contains a cross site scripting vulnerability within the view of a returned command being executed on an agent.
f57ebc1eae72783c36ac9e3df7805d9879e3d1ced0b8232ea872b32518252dceUbuntu Security Notice 6780-1 - Guido Vranken discovered that idna did not properly manage certain inputs, which could lead to significant resource consumption. An attacker could possibly use this issue to cause a denial of service.
bbb048cf814f6806a645c6dc9c2a5fdd98efe4048d43ea84e67590f8f5bad561Ubuntu Security Notice 6781-1 - Le Dinh Hai discovered that Spreadsheet::ParseExcel was passing unvalidated input from a file into a string-type "eval". An attacker could craft a malicious file to achieve arbitrary code execution.
cbbc9336f0ab4f5ad4b0da404d1fa2f58da1f00404c2dbea318ee4148ecf03b9Joomla versions 4.2.8 and below remote unauthenticated information disclosure exploit.
626134242ae4ae7b4c28853f3d05cf44659ed92ca2ceb96b914b80675d522cdcUbuntu Security Notice 6779-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Jan-Ivar Bruaroey discovered that Firefox did not properly manage memory when audio input connected with multiple consumers. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code.
4d7400f325f71baca26df6b20cae1eea1678bfef4723ae53fb8cbfd57b547707The NethServer module installed as WebTop, produced by Sonicle, is affected by a stored cross site scripting vulnerability due to insufficient input sanitization and output escaping which allows an attacker to store a malicious payload as to execute arbitrary web scripts or HTML. Versions 7 and 8 are affected.
71dee722377e162d1e9feb9e21ad78ba3b875d892287e875ff81e8ff1b5fccf2PowerVR suffers from a wrong order of operations in DevmemIntChangeSparse2() that leads to a temporarily dangling page table entry.
c60d53fd594988ae874f9172ca988e0a08a60b03ec48452203f70a979e6d922ePowerVR suffers from a use-after-free vulnerability in _UnrefAndMaybeDestroy().
62d48fec6da2920518cfbf331f251078d85c51ab0a1e30e21ab38e0edd6f3b51Red Hat Security Advisory 2024-2945-03 - Red Hat AMQ Broker 7.12.0 is now available from the Red Hat Customer Portal. Issues addressed include bypass, cross site scripting, denial of service, and deserialization vulnerabilities.
a1bd8b17d1ea52c416681ba7c4b14359862f20f952c91549afb225034cc1ad70Red Hat Security Advisory 2024-2944-03 - This is the multiarch release of the AMQ Broker 7.12.0 aligned Operator and associated container images on Red Hat Enterprise Linux 8 for the OpenShift Container Platform. Issues addressed include denial of service and deserialization vulnerabilities.
eb6c67a7046e0e5d471b6ff28a0285a141f410365f6e59c0a915fd044bc8171fArm Mali versions since r45p0 suffer from a broken KBASE_USER_BUF_STATE_* state machine for userspace mappings that can lead to a use-after-free condition.
6886ec45419b22efaa4183177ef852a685bb4e3e8f20fe513a25b84dccef3243Red Hat Security Advisory 2024-2941-03 - Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes changes, bug fixes, and updates to patch vulnerabilities.
058274a5a8a2ef81022c3b931e75a58aeb095177305dbb4f368e7c05ccd002fbRed Hat Security Advisory 2024-2938-03 - An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.
3b5b45809c43ee04ff76b81a77ff212b0953901c7e5497f18085cb5cc579fa7bRed Hat Security Advisory 2024-2937-03 - An update for nodejs is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.
d94948125e0734bf4210d1dc02ef910d0f3fbaa97f00fa612029fbf4a1a6d5f8Red Hat Security Advisory 2024-2936-03 - An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.
0c66080036d3877a2053131be34e3532ec730fd6f664126d288f32bb2b9f52f4Red Hat Security Advisory 2024-2935-03 - An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a denial of service vulnerability.
eb6abceef4af7f545bb0a4498e6c1196cfa2a03103cf9293ecb4dc2b44a27d8bRed Hat Security Advisory 2024-2892-03 - An update for go-toolset-1.19-golang is now available for Red Hat Developer Tools. Issues addressed include a denial of service vulnerability.
f6d61698d047beee21d5faf2677c8d8ef6887f8590521f36f728c66ccdf88fe2Red Hat Security Advisory 2024-2865-03 - Red Hat OpenShift Container Platform release 4.15.14 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.
55ab991ba6df729380417347d8d1dcc16692a8e477df61d3a76e2e87859b7230
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed