Ubuntu Security Notice 5629-1 - It was discovered that the Python http.server module incorrectly handled certain URIs. An attacker could potentially use this to redirect web traffic.
8ed17abf4d4b43b1e2bb7cde1858817522b51ed63ec4e2aa8a769c70b7853ef1Ubuntu Security Notice 5631-1 - It was discovered that libjpeg-turbo incorrectly handled certain EOF characters. An attacker could possibly use this issue to cause libjpeg-turbo to consume resource, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS. It was discovered that libjpeg-turbo incorrectly handled certain malformed jpeg files. An attacker could possibly use this issue to cause libjpeg-turbo to crash, resulting in a denial of service.
1c5e9f66c33802aff0761c128dc62d1964aa449af0264e73bb69f61d3abed1d5WordPress 3dady Real-Time Web Stats plugin version 1.0 suffers from a persistent cross site scripting vulnerability.
9bc44384be766635f2fbfc237ec0aeb19285a6e3efb8c861d02d2212924dd3feWordPress WP-UserOnline plugin version 2.88.0 suffers from a persistent cross site scripting vulnerability.
2d27257ac7ea666ea0f91e21e2cf2524b25f6b5630c8e00106161db5acf1445bUbuntu Security Notice 5632-1 - Sebastian Chnelik discovered that OAuthLib incorrectly handled certain redirect uris. A remote attacker could possibly use this issue to cause OAuthLib to crash, resulting in a denial of service.
6f7b863b27652aa9705029e163b1edc76bb8e28ed46da9dae3fa8141b190d3d9Teleport version 10.1.1 suffers from a remote code execution vulnerability.
c6d52b424ef6fecae4f1b523bd776835ab95ce19413a32ddacde1e3e5c128f9eFeehi CMS version 2.1.1 suffers from an authenticated remote code execution vulnerability.
983f5ef29aec5a308538a5a0f342863532963a034a2146d2f5d3fe9bcb54fe54Ubuntu Security Notice 5634-1 - Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter subsystem in the Linux kernel did not properly handle rules that truncated packets below the packet header size. When such rules are in place, a remote attacker could possibly use this to cause a denial of service.
f8b1a7ed35a19079cc1dd5e26022f3651c361b93150ae1cc012219e3818ac9aeTesta Online Test Management System version 3.5.1 suffers from a cross site scripting vulnerability.
e9867bdeeba70c36ee85639c18dbb98c4422fde1467af31cc0a26c7ec8e89a09Ubuntu Security Notice 5633-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service.
8351862c78cded631737902c0b3547d5bb307ab0a6be5cec52f04529fb8c7581TP-Link Tapo c200 version 1.1.15 suffers from a remote code execution vulnerability.
8e68cc2b8496ad99d86b7b36d04b8055a2811ee41b6746feca8d8f15c304f133Ubuntu Security Notice 5630-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.
c7c0c0227fda6e6bf4499a2c48b667c084b37cc6c2d87ab84b3410ec00d70af1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed