Ubiquiti Networks products suffer from an open redirection vulnerability. Products affected include, but are not limited to TS-16-CARRIER, TS-5-POE, TS-8-PRO, AG-HP-2G16, AG-HP-2G20, AG-HP-5G23, AG-HP-5G27, AirGrid M, AirGrid M2, AirGrid M5, AR, AR-HP, BM2HP, BM2-Ti, BM5HP, BM5-Ti, LiteStation M5, locoM2, locoM5, locoM9, M2, M3, M365, M5, M900, NB-2G18, NB-5G22, NB-5G25, NBM3, NBM365, NBM9, NSM2, NSM3, NSM365, NSM5, PBM10, PBM3, PBM365, PBM5, PICOM2HP, and Power AP N.

Ubiquiti Networks EP-R6, ER-X, and ER-X-SFP with firmware version 1.9.1 suffer from a cross site scripting vulnerability.

It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). Jann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel could overflow reference counters on systems with more than 32GB of physical ram and with RLIMIT_MEMLOCK set to infinite. A local unprivileged attacker could use to create a use-after- free situation, causing a denial of service (system crash) or possibly gain administrative privileges. Various other issues were also addressed.

WebKit JSC suffers from incorrect LoadVarargs handling in ArgumentsEliminationPhase::transform.

WebKit suffers from a WebCore::RenderSearchField::addSearchResult heap buffer overflow vulnerability.

WebKit suffers from a WebCore::AccessibilityNodeObject::textUnderElement use-after-free vulnerability.

WebKit suffers from a use-after-free vulnerability in WebCore::RenderObject with accessibility enabled.

WebKit suffers from a WebCore::AccessibilityRenderObject::handleAriaExpandedChanged use-after-free vulnerability.

WebKit suffers from a WebCore::InputType::element use-after-free vulnerability.

WebKit suffers from a WebCore::Node::getFlag use-after-free vulnerability.

WebKit suffers from a WebCore::getCachedWrapper use-after-free vulnerability.

WebKit suffers from a WebCore::Node::nextSibling use-after-free vulnerability.

WebKit JSC JSObject::putInlineSlow and JSValue::putToPrimitive suffer from a universal cross site scripting vulnerability.

WebKit JSC suffers from an ObjectPatternNode::appendEntry stack use-after-free.

MEDHOST Connex suffers from having hard-coded credentials that are used for customer database access.

WebKit suffers from a JSC JSArray::appendMemcpy uninitialized memory copy vulnerability.

WebKit suffers from a JSC incorrect scope register handling in DFG::ByteCodeParser::flush(InlineStackEntry* inlineStackEntry).

WebKit JSC suffers from an uninitialized memory reference in arrayProtoFuncSplice.

RedTeam Pentesting discovered a remote command execution vulnerability in the REDDOXX appliance software, which allows attackers to execute arbitrary command with root privileges while unauthenticated. Affected versions include build 2032 and 2.0.625.

RedTeam Pentesting discovered a vulnerability which allows attackers unauthenticated access to the diagnostic functions of the administrative interface of the REDDOXX appliance. The functions allow, for example, to capture network traffic on the appliance's interfaces. Affected versions include build 2032 and 2.0.625.

RedTeam Pentesting discovered an undocumented service account in the REDDOXX appliance software, which allows attackers to access the administrative interface of the appliance and change its configuration. Affected versions include build 2032 and 2.0.625.

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Debian Linux Security Advisory 3917-1 - A heap-based buffer underflow flaw was discovered in catdoc, a text extractor for MS-Office files, which may lead to denial of service (application crash) or have unspecified other impact, if a specially crafted file is processed.

Slackware Security Advisory - New seamonkey packages are available for Slackware 14.2 and -current to fix security issues.