Ubuntu Security Notice 5637-1 - It was discovered that libvpx incorrectly handled certain WebM media files. A remote attacker could use this issue to crash an application using libvpx under certain conditions, resulting in a denial of service.
62acfeee21a05d07af7c6e293d6841f7a19ff21ba74bd33367cd0ea77a38691aGentoo Linux Security Advisory 202209-15 - Multiple vulnerabilities have been found in Oracle JDK and JRE, the worst of which could result in the arbitrary execution of code. Versions less than or equal to 11.0.2 are affected.
030e23f792d0ed43c2b7a044f13cd2fd185aa4154ba366dd3a86cc4f5e6668a4OpenStego is a tool implemented in Java for generic steganography, with support for password-based encryption of the data. It supports plugins for various steganographic algorithms (currently, only Least Significant Bit algorithm is supported for images).
278d0934e1132a352cde6f89a86018ffc35037c9cfacf1ebdfdadf1508d5ad36GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.
249358ef3b10ce99810781fedaec526a6eab943c120e4bba096aedf91c1afc40Ubuntu Security Notice 5636-1 - It was discovered that SoS incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information.
d1c1fc6093fc48a6f3f09a0d6da63677a743e4dce81b8351ee68f92dbe62e04fThe WiFi Mouse (Mouse Server) from Necta LLC contains an authentication bypass as the authentication is completely implemented entirely on the client side. By utilizing this vulnerability, is possible to open a program on the server (cmd.exe in our case) and type commands that will be executed as the user running WiFi Mouse (Mouse Server), resulting in remote code execution. Tested against versions 1.8.3.4 (current as of module writing) and 1.8.2.3.
a1eb49c803eef32a7d3986d02c20457c3afa4cb25fe942b90918d6d5bcceb6e6Veritas Backup Exec Agent supports multiple authentication schemes and SHA authentication is one of them. This authentication scheme is no longer used within Backup Exec versions, but had not yet been disabled. An attacker could remotely exploit the SHA authentication scheme to gain unauthorized access to the BE Agent and execute an arbitrary OS command on the host with NT AUTHORITY\SYSTEM or root privileges depending on the platform. The vulnerability presents in 16.x, 20.x and 21.x versions of Backup Exec up to 21.2 (or up to and including Backup Exec Remote Agent revision 9.3).
5d2a9879ee25f3f36daab21dabc7454caa668fe4871c215806df28dda8ea3890Gentoo Linux Security Advisory 202209-14 - Multiple vulnerabilities have been discovered in Fetchmail, the worst of which could result in email disclosure to third parties. Versions less than 6.4.22 are affected.
0464eed96bdd7d49cf6ef1bba542adce39a341211e8349a992dd1f3d06faf788Backdoor.Win32.Augudor.b malware suffers from a code execution vulnerability.
eb63fba65d43437a287680fff71157dd2127d980055e141a70d67d2a9e75bbe9Red Hat Security Advisory 2022-6560-01 - An update is now available for OpenShift Logging 5.3.12 Red Hat Product Security has rated this update as having a security impact of Moderate.
d134f436fdff639de70a03b7b3975885bf861fbed06c5479cdbcb07453bd6f5dWordPress Forym plugin version 1.5.7 suffers from a cross site scripting vulnerability.
9098a88f216244d26aece5715f65327ef4cb3938af59970db2d4b6054763daddGentoo Linux Security Advisory 202209-13 - Multiple vulnerabilities have been discovered in libaacplus, the worst of which could result in denial of service. Versions less than or equal to 2.0.2-r3 are affected.
77c49924ec9e5b62c262a88429d862b90625c3033d60984030a7ffc22b76e78fWordPress Sabai Discuss plugin version 1.4.13 suffers from a cross site scripting vulnerability.
89f5ed0fd301c5179d5c7e7b897151915e046831ba89d38f7fe464fece6e2463Gentoo Linux Security Advisory 202209-12 - Multiple vulnerabilities have been discovered in GRUB, the worst of which may allow for secureboot bypass. Versions less than 2.06 are affected.
6ed9c7fcb103a96def8481a7caf238738ec32577a4a9992f019f98348d8786acOnline Diagnostic Lab Management System version 1.0 remote exploit that bypasses login with SQL injection and then uploads a shell.
a9a666adc9b5791a812164167d20c4ced022f91eed35188667143b4e7b0ee94eGentoo Linux Security Advisory 202209-11 - Multiple vulnerabilities have been discovered in HarfBuzz, the worst of which could result in arbitrary code execution. Versions less than 4.4.0 are affected.
fcab7df28d3ef304ed8fe7a721ed0ce5b1ba413ba835ad8b93caf849762bcdd9WooCommerce plugin BRW Booking Rental version 1.3.1 from Ovatheme suffers from a cross site scripting vulnerability.
dfe1cdd557607de5f92a6a88e09b22e7cde7affb9a23004ed5c5615dd5fb84d4Backdoor.Win32.Psychward.b malware suffers from a hardcoded credential vulnerability.
4a196172d709119bf5c9fd8264d2064a406a4232f965f914f828caf704ad4124Gentoo Linux Security Advisory 202209-10 - A vulnerability has been discovered in Logcheck's ebuilds which could allow for root privilege escalation. Versions less than or equal to 1.3.23 are affected.
aa98c006ed7286f0640e95c22bca0d5dc8e2af534e7dbdcc233ab4f91e9694d0Gentoo Linux Security Advisory 202209-9 - Multiple vulnerabilities have been found in Smarty, the worst of which could result in remote code execution. Versions less than 4.2.1 are affected.
8a9753a3318c6302ef6528cd85e6f858a3e8e25c2174e9c1bdaf58ea02e08e97Backdoor.Win32.Bingle.b malware suffers from a hardcoded credential vulnerability.
2071a5c002ce27b0ea6b560999d5a672774467ed9490813fdbb0280c50591569Ubuntu Security Notice 5635-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service.
659df738a1290534fb4de396b00a3b37c0db9cd653e811b0b0daf576c904b263Active eCommerce CMS version 6.3.0 suffers from a cross site scripting vulnerability.
f51e5c579856d6d8fa09e372f8f6b12ff91605bb22a15f16b8caa488351dcb3fActive eCommerce CMS version 6.3.0 suffers from an arbitrary file download vulnerability.
4036be9f28862cc4e0346638cd293b4cbcd82af4741e2fa269b30a31d2b7fd7cGentoo Linux Security Advisory 202209-8 - Multiple vulnerabilities have been discovered in Smokeping, the worst of which could result in root privilege escalation. Versions less than or equal to 2.7.3-r1 are affected.
6e3fcee3fe1f1e7e0baf4975b253d383008542bce7b60e7fd3ab9f30c21bbae3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed