Ubuntu Security Notice 5647-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.
f646132213ac5199fd0835b743af47740f9030b83556dc9ad35a5af5da00ade0
Ubuntu Security Notice 5615-2 - USN-5615-1 fixed several vulnerabilities in SQLite. This update provides the corresponding fix for CVE-2020-35525 for Ubuntu 16.04 ESM. It was discovered that SQLite incorrectly handled INTERSEC query processing. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code.
ee761ef6e19d379bce5560d3dfb6533fa06c67a12017651e03a872648746a6fb
Red Hat Security Advisory 2022-6741-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a privilege escalation vulnerability.
058d93ee15c69d7a7c5f8f0f0aece4f72c2f05b24cb23c11dc1b8bae327307e0
A remote code execution vulnerability exists in qdPM versions 9.1 and below. An attacker can upload a malicious PHP code file via the profile photo functionality by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature thus allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884.
41d2d18aa9196d7f57810fe954d8362f8c6f3662e5ba2a143d334cd07ac9b371
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
22c5dc6dfc7500db94b6f8a48775f72b5149d0a372b8552ed7666016ee79edf0
Joomla AdsManager extension version 3.2.0 suffers from a remote SQL injection vulnerability.
d94efabfad9904e592ec82124c03316f4ce8b774ae57879750a98a1445884262
Bus Pass Management System version 1.0 suffers from a cross site scripting vulnerability.
54b5f2852b454991cb45a80382823090c9ab28550870d5b5a1a6ae83964d87e3
Ubuntu Security Notice 5646-1 - Tobias Stoeckmann discovered that libXi did not properly manage memory when handling X server responses. A remote attacker could use this issue to cause libXi to crash, resulting in a denial of service.
46c4a791137670f7e5bdbac84f1b17ad4b368c2214d2709f79e8c9bd7c67e379
Sippts is a set of tools to audit VoIP servers and devices using SIP protocol. It is programmed in Python script and it allows us to check the security of a VoIP server using SIP protocol, over UDP, TCP and TLS protocols.
3ede5028958a1effbe95fce1926ba0492f4dc037dcfa74011730bc24129aa41b
Ubuntu Security Notice 5645-1 - Jacob Champion discovered that PostgreSQL incorrectly handled SSL certificate verification and encryption. A remote attacker could possibly use this issue to inject arbitrary SQL queries when a connection is first established. Tom Lane discovered that PostgreSQL incorrect handled certain array subscripting calculations. An authenticated attacker could possibly use this issue to overwrite server memory and escalate privileges.
fa94546c58f17991b5a646049ec8ec30cd923dd7fcf8ea2301f30eeeb7d86f13
Online Examination System version 1.0 suffers from a remote SQL injection vulnerability.
dba8c93e85cd1df6195d39d4a331df0a884b158c86b28ffa00bd3dea43e7b6ba
Joomla EDocman extension version 1.23.3 suffers from a cross site scripting vulnerability.
7b56a9d176668a085432fd6441efba2f1cb355a86dd6f94e9c5fcdce3437fd1e
Online Examination System version 1.0 suffers from a cross site scripting vulnerability.
2cedda0df4347ed510cf540f0c12e96dc76e73743d9ba1ef37fba000b2d31b53
This tool packs up to 4KB of compressed shellcode into an executable binary, near-instantly. The output file will always have the same MD5 hash: 3cebbe60d91ce760409bbe513593e401. Currently, only Linux x86-64 is supported. It would be trivial to port this technique to other platforms, although each version would end up with a different MD5.
1401bc41094d6c399524f490182dedc77295916d73ec25d4c7ea3751f754d6cc
Debian Linux Security Advisory 5223-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
eaccf2c4f13785f27ea55d281296ec9a704251dbe2c16cc511b155f0d5dbc78f
Debian Linux Security Advisory 5224-1 - Two vulnerabilities were discovered in poppler, a PDF rendering library, which could result in denial of service or the execution of arbitrary code if a malformed PDF file or JBIG2 image is processed.
fff5c555e685acd923ce1cd2043a40d9c2db36d0eed0627070038e954e24e95c
Debian Linux Security Advisory 5225-1 - A security issue was discovered in Chromium, which could result in the execution of arbitrary code.
98a8f68e6eeb765491847e5b3440d501a6818cac4dc84af5724f091a2bc33174
Debian Linux Security Advisory 5226-1 - Two security issues were discovered in pcs, a corosync and pacemaker configuration tool.
6063675b6309f8ba39ab444e7fce5c743b477418ff598c15909fc9e571447b45
Debian Linux Security Advisory 5227-1 - It was discovered that Gson, a Java library that can be used to convert Java Objects into their JSON representations and vice versa, was vulnerable to a de- serialization flaw. An application would de-serialize untrusted data without sufficiently verifying that the resulting data will be valid, letting the attacker to control the state or the flow of the execution. This can lead to a denial of service or even the execution of arbitrary code.
b6af2512c97e2e986859b67b105cb3eb62cba8bf639bf250fd2d00129989f97f
Debian Linux Security Advisory 5228-1 - Several vulnerabilities were discovered in gdk-pixbuf, the GDK Pixbuf library.
2779b19645046756f046040b839f7910204298a4f8304bb68cd29482f89ab133
Debian Linux Security Advisory 5229-1 - Two vulnerabilities were discovered in FreeCAD, a CAD/CAM program, which could result in the execution of arbitrary shell commands when opening a malformed file.
e221b714aa252c043fe261bba268b9bb76b8a4565c7895307eb7ff13412d67b8
Debian Linux Security Advisory 5230-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
8340f3ab3bae220f6698fed84dcfba3c97ba7964c3362899da056ede5c1f36ab
Debian Linux Security Advisory 5231-1 - Several vulnerabilities were discovered in ConnMan, a network manager for embedded devices, which could result in denial of service or the execution of arbitrary code.
ce4def7ac6b137a13c8cf721dd5db4140415515ed52baee6a0d76baf78234bf0
Debian Linux Security Advisory 5232-1 - It was discovered that the wordexp() function of tinygltf, a library to load/save glTF (GL Transmission Format) files was susceptible to command execution when processing untrusted files.
6d3bf5420ed67b1fc16a49e517a64ee582d74c3582eaa12ad4ef5cb2c1800fce
Debian Linux Security Advisory 5233-1 - Maher Azzouzi discovered that missing input sanitising in the Enlightenment window manager may result in local privilege escalation to root.
038bc6131b6fd2cfa407d7ba8198b1856f3aa45cd0d7b1b66c8e56e410074926