In this paper, the authors present the efforts behind building a Special Interest Group (SIG) that seeks to develop a completely data-driven exploit scoring system that produces scores for all known vulnerabilities, that is freely available, and which adapts to new information.
8226a3dc718a8972e22524b28b782a704c31078e7997a2ddd07aeb9c9608798fUbuntu Security Notice 6138-1 - Philip Turnbull discovered that libssh incorrectly handled rekeying with algorithm guessing. A remote attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. Kevin Backhouse discovered that libssh incorrectly handled verifying data signatures. A remote attacker could possibly use this issue to bypass authorization.
46a67bf7f5f698c3b40a2aa3bbd16509c4f49e70671e96c4e085b9137a02fe32Ubuntu Security Notice 6137-1 - It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code.
98dadefed588bdb754c434e2c239002a0bc24c0a4243335d2b1ce99782d63fd7Debian Linux Security Advisory 5418-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
84a636d11c6341fab403959a6a9d66ba7ff37699e8e47df760c6f1c8fe61267cRed Hat Security Advisory 2023-3304-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.1. Issues addressed include denial of service and traversal vulnerabilities.
91069eb74686b5da4b567db05d7c23174c76c6c493d75b64cd6986faa991161dRed Hat Security Advisory 2023-3379-01 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes security fixes. This release of RHACS includes a fix for CVE-2023-24540 by building RHACS with updated Golang.
1d1e87c38beec522c88f4304f1731c2ed4c8da7214c1f5cfefcc60974e8ff8eeUbuntu Security Notice 6135-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
66a7b03c775050a82498ed2f444111107efb6e548a7e691d1c03a28b8eb3e17bRed Hat Security Advisory 2023-3305-02 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.1.
383177d2d56e95cb71b0a48b7f2b4855400866b9f9c688fbdc03099787ca8af1Red Hat Security Advisory 2023-3309-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.42. Issues addressed include a denial of service vulnerability.
c91347d4eacd33c674502120cc2317c1f69bb7ba46d738f4b534bc4338ada89bEnrollment System Project version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
6e54602e1e4c03831c3552471345de95eccf163818ce9c3aad5c3fa7173f482cRed Hat Security Advisory 2023-3303-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.1.
9aefb2c8802ae3fdc09ce27e694b83e81bc3227a711c9cf16829936ae8c64471Total CMS version 1.7.4 suffers from a cross site scripting vulnerability.
54920c9b2caba6bf85b1fde3663ac1e0fde09fd554dd4c4f7f2f03335cedea57Red Hat Security Advisory 2023-3287-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.19. Issues addressed include a denial of service vulnerability.
1241684510265ad75824115abf9b92bbebf8cff5cb431f6be0376a27ea5874b2Ubuntu Security Notice 6136-1 - It was discovered that FRR incorrectly handled parsing certain BGP messages. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service. This issue only affected Ubuntu 23.04. It was discovered that FRR incorrectly handled parsing certain BGP messages. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service.
37c8ad8112691a8a46b6576e91b88cfbedccb8ce23683ecf522ecad4c8bcf602Red Hat Security Advisory 2023-3351-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
4d11b69cf35aac539170a396888fab6db775944bac6110a2c2ee0b04360378bfRed Hat Security Advisory 2023-3361-01 - The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.
7527cafe3af7b9759f5621380318a7a9bedcfe4a4a2b176c9a80003da1735f92Barebones CMS version 2.0.2 suffers from a persistent cross site scripting vulnerability.
87d7c444fc8376dd022db8b44f5ad9fa896a40f1c89d6b7b62a23aca7dea18d7Red Hat Security Advisory 2023-3349-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.
f990430eba686c8bbb49f75fd24fb5c648a19b508c52c04cca304aca1c92d698Red Hat Security Advisory 2023-3350-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include privilege escalation and use-after-free vulnerabilities.
4a8fc344abc332c5c7d3ef9377875ddcf5290da8e02f8dfc278f24e543d84d15File Manager Advanced Shortcode version 2.3.2 suffers from a remote code execution vulnerability.
123fe999b3768d81b415d9afb97d193fbe64d07848b6123122bd60e3c119ac03Red Hat Security Advisory 2023-3360-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. "apr-util" is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.
73497ad46ee521e46832778833df91e52dfbe5f1cec27957e9027139b198ef1cUbuntu Security Notice 6112-2 - USN-6112-1 fixed vulnerabilities in Perl. This update provides the corresponding updates for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. It was discovered that Perl was not properly verifying TLS certificates when using CPAN together with HTTP::Tiny to download modules over HTTPS. If a remote attacker were able to intercept communications, this flaw could potentially be used to install altered modules.
88d292c5cea590c61b6c43300276011b2ed5acec94fe889627c267568b5a9cf4Red Hat Security Advisory 2023-3380-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.
056546bb110d0b58eea78e4d665338c2de72fcf784d192f892f31b4ccda896abRed Hat Security Advisory 2023-3356-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.9 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
27162c7cc1e92dcc5d23d2448871d026da2046e4fa22b54bb29cc7cea099108cWordPress Circle Progress plugin version 1.0 suffers from a persistent cross site scripting vulnerability.
502b301ed47c56e6442e398af2ff24d0af312fd677fdee6560fd58b30b1150e8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed