Ubuntu Security Notice 5507-1 - It was discovered that Vim incorrectly handled memory access. An attacker could potentially use this issue to cause the program to crash, use unexpected values, or execute arbitrary code. It was discovered that Vim incorrectly handled memory access. An attacker could potentially use this issue to cause the corruption of sensitive information, a crash, or arbitrary code execution.
4e11c29d9f2087162a256b26af4fd6c6c5dd8e6c39e84dc1478d70ad8f3e27b6
Ubuntu Security Notice 5479-3 - USN-5479-1 fixed vulnerabilities in PHP. Unfortunately that update for CVE-2022-31625 was incomplete for Ubuntu 18.04 LTS. This update fixes the problem. Charles Fol discovered that PHP incorrectly handled initializing certain arrays when handling the pg_query_params function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Charles Fol discovered that PHP incorrectly handled passwords in mysqlnd. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.
a15e8d30137eb95d8c8f9128fe3185a5cdd63a4cac161ca59faae5bc79624c15
Ubuntu Security Notice 5506-1 - Tavis Ormandy discovered that NSS incorrectly handled an empty pkcs7 sequence. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10. Ronald Crane discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.
bfd2a41a0a3fe43a7c0be6e78b0d2c1b21e1b6247f193100dbc3cc678fe8f02f
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
ee163a5fb9ec99ffc1b18e65faef8d086800c5713d15a672ab57d3799da83669
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions. This is the LTS release.
bdfe783810fceca9703b9e811817acca63ee9ef0174e616598e8ea6590aa4c9c
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
6683030c0954015fd2437e241b6da7dd2d804b88f55461c0262ad1a5d96f46e9
This tool is a 3DES shellcode crypter.
9e6475d7e02bb5bcc0b7670b1ca005b4e4ecb987abc3fd2dcd7a5d44af829d04
WordPress Visual Slide Box Builder plugin version 3.2.9 suffers from a remote SQL injection vulnerability.
f6f431664e7cffdce804349fe1630e7178f567a1366a6e9862dff6ce51fe95c6
Sashimi Evil OctoBot Tentacle is a python script that exploits a vulnerability that lies in the Tentacles upload functionality of the cryptocurrency trading bot OctoBot which is designed to be easy to use and customizable. Versions 0.4.0beta3 through 0.4.3 are affected.
67657fcc4e1e91fdf6687effb98e5e02419480dc043b1f499700a2140f08b47b
Nginx version 1.20.0 suffers from a denial of service vulnerability.
d5e69479a9c5a46d1cf68eb6f70e5c392f4e2292c4ebd20a8e40b7422c4f6f23
The code in cc::PaintImageReader::Read (cc::PaintImage*) does not properly check the incoming data when handling embedded image data, resulting in an out-of-bounds copy into the filter bitmap data.
3442a632be9dec3260619421059a97062f1e5b5331769ad612a11a97ecf3ec9b
Xen's _get_page_type() contains an ABAC cmpxchg() race, where the code incorrectly assumes that if it reads a specific type_info value, and then later cmpxchg() succeeds, the type_info can't have changed in between.
88fe91f31a1fa5b68860cd0112d829c44076320a17d995120f8a3d426cc59af7
In mutt_decode_uuencoded(), the line length is read from the untrusted uuencoded part without validation. This could result in including private memory in replys, for example fragments of other messages, passphrases or keys.
1a0da9d9e3bf42ea5367e18954311a408e444a40a4960bbf41e240bbab050a63