Debian Linux Security Advisory 5307-1 - ZeddYu Lu discovered that the FTP client of Apache Commons Net, a Java client API for basic Internet protocols, trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client.
41b44ea9f6994bb126334a021ce554f5d235573bf2cf4cf42ab4a2effd6c874dSAP Enterprise Portal with ENGINEAPI versions 7.10, 7.30, 7.31, 7.40, and 7.50 suffers from an XSLT injection vulnerability.
da6ac9ab738f2080b02cc97608aef6a101c7d751b2f8886505ca291243379d5fUbuntu Security Notice 5137-2 - It was discovered that the f2fs file system in the Linux kernel did not properly validate metadata in some situations. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service or possibly execute arbitrary code. It was discovered that the Infiniband RDMA userspace connection manager implementation in the Linux kernel contained a race condition leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possible execute arbitrary code. Various other issues were also addressed.
09ff616a3433c23ba31da4c5e5fa7d4a49f8585cf9a524473f6c9904ec46e4e7Ubuntu Security Notice 5137-1 - It was discovered that the f2fs file system in the Linux kernel did not properly validate metadata in some situations. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service or possibly execute arbitrary code. It was discovered that the Infiniband RDMA userspace connection manager implementation in the Linux kernel contained a race condition leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possible execute arbitrary code. Various other issues were also addressed.
5fef8e7f5f28fbf71440acfa341c2c082504de263157b46ee9e4e00f76144514Ubuntu Security Notice 5136-1 - It was discovered that the f2fs file system in the Linux kernel did not properly validate metadata in some situations. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service or possibly execute arbitrary code. It was discovered that the FUSE user space file system implementation in the Linux kernel did not properly handle bad inodes in some situations. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.
28724fdbb83e4490e3fc8c3f933128c22cd04d060dad7537f8dd275bde2370b7Ubuntu Security Notice 5117-1 - It was discovered that the btrfs file system in the Linux kernel did not properly handle removing a non-existent device id. An attacker with CAP_SYS_ADMIN could use this to cause a denial of service. It was discovered that the Qualcomm IPC Router protocol implementation in the Linux kernel did not properly validate metadata in some situations. A local attacker could use this to cause a denial of service or expose sensitive information. Various other issues were also addressed.
cce7c97d1a7b5ac598cdad78c2c1a4eb2e18dad7774ea31f3fc554d87b9b0892Ubuntu Security Notice 5115-1 - It was discovered that a race condition existed in the Atheros Ath9k WiFi driver in the Linux kernel. An attacker could possibly use this to expose sensitive information. Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF verifier in the Linux kernel missed possible mispredicted branches due to type confusion, allowing a side-channel attack. An attacker could use this to expose sensitive information. Various other issues were also addressed.
123e5f4aa3de879d935abfb080a9134445af106fa262a01d71265623b346525aUbuntu Security Notice 5113-1 - It was discovered that a race condition existed in the Atheros Ath9k WiFi driver in the Linux kernel. An attacker could possibly use this to expose sensitive information. Alois Wohlschlager discovered that the overlay file system in the Linux kernel did not restrict private clones in some situations. An attacker could use this to expose sensitive information. It was discovered that the btrfs file system in the Linux kernel did not properly handle removing a non-existent device id. An attacker with CAP_SYS_ADMIN could use this to cause a denial of service. Various other issues were also addressed.
5b77b651661b26b5ddee110193bf60874290434159ecf99d6501028d96ace712Debian Linux Security Advisory 4978-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
58e6e00aeccd2d98b5f0fbd9438d9ad7fea0354cd2d4fc6a894c0d2ecc5f5d7f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed