Ubuntu Security Notice 5968-1 - It was discovered that GitPython did not properly sanitize user inputs for remote URLs in the clone command. By injecting a maliciously crafted remote URL, an attacker could possibly use this issue to execute arbitrary commands on the host.
8f3a54575d7096992b3d3c81d82c2304712210afd399ea0e5c2c33f7df845437
This Metasploit module exploits a buffer overflow in the zhttpd binary (/bin/zhttpd). It is present on more than 40 Zyxel routers and CPE devices. The code execution vulnerability can only be exploited by an attacker if the zhttp webserver is reachable. No authentication is required. After exploitation, an attacker will be able to execute any command as root, including downloading and executing a binary from another host.
fc9419af3871336277cafde42125966d876812e4e57c8b48da3a83050219381f
MyBB Export User plugin version 2.0 suffers from a cross site scripting vulnerability.
0f727d240d596072a9f1163413ddf43f29204849be9ee9b048371ea0547009e6
The World Cryptologic Competition (WCC) 2023 is a fully-online and open competition using GitHub. The language of the competition is English. The WCC 2023 has a total duration of 295 days, from Sunday January 1st 2023 to Monday October 23rd 2023. Teams and Judges must complete registration before Wednesday June 1st.
12848db5eecde474ede8125eed53f5c8e8e8198f50e1cd86053ead35891713eb
The documentation for the python CGI module suffers from a cross site scripting vulnerability.
12070a3cded8397a9c1036c6ffa17c97d5ef5a584b91e3216867995ff23654e8
Ubuntu Security Notice 5904-2 - USN-5904-1 fixed vulnerabilities in SoX. It was discovered that the fix for CVE-2021-33844 was incomplete. This update fixes the problem. Helmut Grohne discovered that SoX incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS.
9eb608d1d81df98a62419fb66e125f081ea979dfda8e237aabfad17285322c4d
Ubuntu Security Notice 5965-1 - It was discovered that TigerVNC mishandled TLS certificate exceptions. An attacker could use this vulnerability to impersonate any server after a client had added an exception and obtain sensitive information.
e166ae752951bf18e75b2cf377be8ae567407cff980379c3476eb2f4f4c8d8c9
Ubuntu Security Notice 5806-3 - USN-5806-1 fixed vulnerabilities in Ruby. This update fixes the problem for Ubuntu 20.04 LTS. Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications which generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user would receive from a vulnerable application.
2946affe6446c720209e8c8a6781b9e746e6210d18a5a939af4608b1e97f3dfd
Debian Linux Security Advisory 5376-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service.
e7656527650776cefd2ce56651b8e7692943c0d30562f0041bf42d1330f3c976
Red Hat Security Advisory 2023-1337-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.9.0 ESR.
01685704d18bf8183e32963ac3cb4e6e6ada557566263ae85054a1685e47ea16
Red Hat Security Advisory 2023-1332-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.
389776e27aab442848dfbc6c1d3f0a64eb1abedeb09467048a5e0f49955dc09d
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. The 3.1.x series is the current major version of OpenSSL.
aaa925ad9828745c4cad9d9efeb273deca820f2cdcf2c3ac7d7c1212b7c497b4
Red Hat Security Advisory 2023-1333-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.9.0 ESR.
11bf472412d2db2d3f57abb184b5ce07a20f6a34d31fd9acb63e37142f3833e5
Red Hat Security Advisory 2023-1335-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.
c19faea4c59d909ca8beaca05918d75fc00f5d844d3606a7b7c52cb073698fba
The kernel tree of CentOS Stream 9 suffers from multiple use-after-free conditions that were already patched in upstream stable trees.
a5f94e90c58a4d65e7349c5ac6abff2cbc680f758ae71b7d0bf35a8ec6642057
Red Hat Security Advisory 2023-1336-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.9.0 ESR.
c7cd62e9be26e368dcce7e0d1976e0a8615ec3f69dfadaf4a6825860dca8fda7
Ubuntu Security Notice 5964-1 - Harry Sintonen discovered that curl incorrectly handled certain TELNET connection options. Due to lack of proper input scrubbing, curl could pass on user name and telnet options to the server as provided, contrary to expectations. Harry Sintonen discovered that curl incorrectly handled special tilde characters when used with SFTP paths. A remote attacker could possibly use this issue to circumvent filtering.
7303af9763b09b697c1acbc39214d51f90dd82cd2f8e2e8bd2040d6a4b2ec3e8
Ubuntu Security Notice 5963-1 - It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10.
373740425cdce8362111cf4caef765a5938b71e36b30145ab757004e4a8b3cb8
Ubuntu Security Notice 5960-1 - Yebo Cao discovered that Python incorrectly handled certain URLs. An attacker could possibly use this issue to bypass blocklisting methods by supplying a URL that starts with blank characters.
727432be8aaebcbbf1e8da1308a8110c3c6dc6fb3ff312a8e8e10aae1adc194b
Red Hat Security Advisory 2023-1303-01 - Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 7.3.10 replaces Data Grid 7.3.9 and includes security fixes. Issues addressed include code execution and deserialization vulnerabilities.
c62443ed1f58111e5bcbad07381e2b4e325eed22780a41853e581f1fe837f762
MyBB External Redirect Warning plugin version 1.3 suffers from a cross site scripting vulnerability.
30648b0a86ff796492c571bdf536801d2869613474a695f71e4142c2ef8f81e5
MyBB Active Threads plugin version 1.3.0 suffers from a cross site scripting vulnerability.
efde58a58fcaee1af61de2dc0406e8406e2498067e290b0e69c2c859fce1b6a9
101+ News Portal version 1.0 suffers from a remote blind SQL injection vulnerability.
3fe8bd04f55dfecfb3d191adee5c41eba6df99f6a1c15639bda4682d062a7e22
There is an intra-object overflow in Shannon Baseband, inside the 5G SM protocol implementation (NrSmMsgCodec as it is called in Shannon according to debug strings), when decoding the Extended protocol configuration options message (IEI = 0x7B).
fbcb90e472d2e3ece0a5999daefccbac91cb16b93b5bdde7163bb7f5b46c8021
Red Hat Security Advisory 2023-1286-01 - Migration Toolkit for Runtimes 1.0.2 Images. Issues addressed include denial of service, privilege escalation, and server-side request forgery vulnerabilities.
b6aeb9fcd298c51ea745ab2408444b545077335be2e3494910e6f630ad0116c8