Debian Linux Security Advisory 4967-1 - Etienne Stalmans discovered that unsquashfs in squashfs-tools, the tools to create and extract Squashfs filesystems, does not validate filenames for traversal outside of the destination directory. An attacker can take advantage of this flaw for writing to arbitrary files to the filesystem if a malformed Squashfs image is processed.
c7522b4eeabe8c9588e7d48cd0cc114c4b00a72b7777470016051ed6fbc09d70
Debian Linux Security Advisory 4968-1 - Ori Hollander reported that missing header name length checks in the htx_add_header() and htx_add_trailer() functions in HAProxy, a fast and reliable load balancing reverse proxy, could result in request smuggling attacks or response splitting attacks.
722e6b1f007edff3fc58e6248446392cfef076d7541acd8ed38ea7e8add1a122
Debian Linux Security Advisory 4969-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
bbf752c06cdbb8161899c2f1532324e5f1f0e311ff5c48461e056792a520eef0
Debian Linux Security Advisory 4970-1 - Kevin Israel discovered that Postorius, the administrative web frontend for Mailman 3, didn't validate whether a logged-in user owns the email address when unsubscribing.
d0c0d8c9e3c781e6faf36980659196a409ce5700fd69a57831a82485c7e65a85
Debian Linux Security Advisory 4971-1 - Several vulnerabilities were discovered in NTFS-3G, a read-write NTFS driver for FUSE. A local user can take advantage of these flaws for local root privilege escalation.
507f001642bcc1403611d56627f15d6bf5b64ac341f2e2a5db931f2781606046
Debian Linux Security Advisory 4972-1 - It was discovered that Ghostscript, the GPL PostScript/PDF interpreter, does not properly validate access for the "%pipe%", "%handle%" and "%printer%" io devices, which could result in the execution of arbitrary code if a malformed Postscript file is processed (despite the -dSAFER sandbox being enabled).
efae9a961b56c9384742b0eb52f6aecb392a18a59c1e854ecd4ad068889fe62b
Debian Linux Security Advisory 4973-1 - Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code.
0d4113449ce1cada8dbb75e60d597373835145fb30048c182cc9a09fc054ee74
Debian Linux Security Advisory 4974-1 - Two vulnerabilities were discovered in the Nextcloud desktop client, which could result in information disclosure.
6224cf36fc7db2027cb5f00f3a2dc2fcd4db77f937b2bcc3cd750746a1374493
Debian Linux Security Advisory 4975-1 - Vulnerabilities have been discovered in the webkit2gtk web engine.
354b5be51d57f019107d08c3e6a1c194b278396fc086352a972819a0b4c52d4f
Debian Linux Security Advisory 4976-1 - Vulnerabilities have been discovered in the webkit2gtk web engine.
2875eed4ac197c4faf5b97c96bb75a711a9936e46f225a9d62c0ce24f02dd76d
Debian Linux Security Advisory 4977-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation, denial of service or information leaks.
d81161044e1a99166a8514342c122a44470dc3e7951d7c4383ff8fd3711141c2
Debian Linux Security Advisory 4978-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
58e6e00aeccd2d98b5f0fbd9438d9ad7fea0354cd2d4fc6a894c0d2ecc5f5d7f
FatPipe Networks WARP/IPVPN/MPVPN version 10.2.2 suffers from a remote privilege escalation vulnerability.
6ef66ed70e92ad612290d98df48054d67d1c964e07a0683eaed0ee4abc38ad4e
FatPipe Networks WARP/IPVPN/MPVPN version 10.2.2 has the hidden administrative account cmuser that has no password and has write access permissions to the device. The user cmuser is not visible in the Users menu list of the application.
76986786233f93566ddb9953be6f98bfa450885a5ac241ed16617a8870a9ff2b
FatPipe Networks WARP/IPVPN/MPVPN version 10.2.2 is vulnerable to an unauthenticated configuration disclosure when a direct object reference is made to the backup archive file using an HTTP GET request.
c9208e538a5afc70b3635572f890f2667c94de059d48740427d2b3abf186786c
FatPipe Networks WARP version 10.2.2 suffers from an authorization bypass vulnerability.
d011bfaa75604c3b3dc63ad611330b11fc8a534120edc38f724e1a4f58929d87
The application interface FatPipe Networks WARP/IPVPN/MPVPN version 10.2.2 allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
7e2119d2b169c3fb6fb1b259c686bac08187edd3b7de42bea6ab93a108d54445
Ubuntu Security Notice 5090-3 - USN-5090-1 fixed vulnerabilities in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem.
b581416306f3dd476e571d54877a550435c22900a370f6c91efbf9d6ff8a914f
Red Hat Security Advisory 2021-3675-01 - The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. The fwupd packages provide a service that allows session software to update device firmware. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
ad9ce160c59df30cf9941c0697bd6c9340ed669c6ce5bb9d5b843c8b6fea9592
WordPress Ultimate Maps plugin version 1.2.4 suffers from a cross site scripting vulnerability.
ffbdf36c553fc01d39018fe0185356f74c5cc7f17c0c33a393d62e41f2a8b4f0
Red Hat Security Advisory 2021-3676-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
3890d30cbbe4c135f4f392438402e64ce8d51636134209fb2750f26e7d7532aa
Ubuntu Security Notice 5093-1 - Brian Carpenter discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. Brian Carpenter discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Various other issues were also addressed.
c4de699295308995e581a4fe17697bd8bdf4568f3c040db7dede29c2d61a0c08
Apache James Server version 2.3.2 remote command execution exploit.
c9b253ccb01558d000573b82422dd40cdb537674eba685ea7b12e068e995cf6b
Ubuntu Security Notice 5092-1 - Valentina Palmiotti discovered that the io_uring subsystem in the Linux kernel could be coerced to free adjacent memory. A local attacker could use this to execute arbitrary code. Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF verifier in the Linux kernel missed possible mispredicted branches due to type confusion, allowing a side-channel attack. An attacker could use this to expose sensitive information. Various other issues were also addressed.
ebcf129926760acf6a8d3e98fe23c9b1ac0c8a4d82db537ed58774cee102bccf
WordPress Popup plugin version 1.10.4 suffers from a cross site scripting vulnerability.
ed1b48d005de68bb19e777a8b0f2eaf4468a6b8c5f2311d3d8b400aa188e742b