ASUS ASMB8 iKVM firmware versions 1.14.51 and below suffers from a flaw where SNMPv2 can be used with write access to introduce arbitrary extensions to achieve remote code execution as root. The researchers also discovered a hardcoded administrative account.
a23c3b2021225bfb676a55bbdeafbcf1689dc045c5b50ecbfacebfc7ffe2014bABUS Security Camera version TVIP 20000-21150 suffers from local file inclusion, hardcoded credential, and command injection vulnerabilities. When coupled together, they can be leveraged to achieve remote access as root via ssh.
92decaa3308d461393dc637c13861ced7bcb4cd43a2c333235f9835ee562ecb9kbase_csf_kcpu_queue_enqueue() locks the kctx->csf.kcpu_queues, looks up a pointer from inside that structure, then drops the lock before continuing to use the kbase_kcpu_command_queue that was looked up. This is a classic use-after-free pattern, where the lookup of a pointer is protected but the protective lock is then released without first acquiring any other lock or reference to keep the referenced object alive.
4fd61c0109d183f3b2a909d608ec4f7ebeb118f98b4d057a01a280c10f5a5339Ubuntu Security Notice 5890-1 - Qian Chen discovered that Open vSwitch incorrectly handled certain Organization Specific TLVs. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code.
632ff18e4ea88d5168bceca5ac0c2179a3affa3912b41a94689b768014af5532Ubuntu Security Notice 5892-1 - It was discovered that NSS incorrectly handled client authentication without a user certificate in the database. A remote attacker could possibly use this issue to cause a NSS client to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10. Christian Holler discovered that NSS incorrectly handled certain PKCS 12 certificated bundles. A remote attacker could use this issue to cause NSS to crash, leading to a denial of service, or possibly execute arbitrary code.
08e1514e5eeec5f74d4365784fc07384f881ccfce7ae98e9d80175769c3a1622Ubuntu Security Notice 5893-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
39f3fda6f69b52e2205f43902470d0e182b4efbc8287c37b578e711226062258Ubuntu Security Notice 5891-1 - Harry Sintonen discovered that curl incorrectly handled HSTS support when multiple URLs are requested serially. A remote attacker could possibly use this issue to cause curl to use unencrypted connections. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. Harry Sintonen discovered that curl incorrectly handled HSTS support when multiple URLs are requested in parallel. A remote attacker could possibly use this issue to cause curl to use unencrypted connections. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10.
d371bf8267eb19b51304352594e37658d2609e6b7c0e94b671100ea3cedb53beUbuntu Security Notice 5889-1 - It was discovered that ZoneMinder was not properly sanitizing URL parameters for certain views. An attacker could possibly use this issue to perform a cross-site scripting attack. This issue was only fixed in Ubuntu 16.04 ESM. It was discovered that ZoneMinder was not properly sanitizing stored user input later printed to the user in certain views. An attacker could possibly use this issue to perform a cross-site scripting attack. This issue was only fixed in Ubuntu 16.04 ESM.
6b120da55eab087c0cb072933998f2bda4b9791a794906828b299c06d119142dUbuntu Security Notice 5887-1 - Simon Scannell discovered that ClamAV incorrectly handled parsing HFS+ files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or execute arbitrary code. Simon Scannell discovered that ClamAV incorrectly handled parsing DMG files. A remote attacker could possibly use this issue to expose sensitive information.
30d0e5fa8fc60d8b3a9bade4aa193276d3da4ee86a87f963a16ee548f2905a89Ubuntu Security Notice 5886-1 - Erik C. Bjorge discovered that some Intel Atom and Intel Xeon Scalable Processors did not properly implement access controls for out-of-band management. This may allow a privileged network-adjacent user to potentially escalate privileges. Cfir Cohen, Erdem Aktas, Felix Wilhelm, James Forshaw, Josh Eads, Nagaraju Kodalapura Nagabhushana Rao, Przemyslaw Duda, Liron Shacham and Ron Anderson discovered that some Intel Xeon Processors used incorrect default permissions in some memory controller configurations when using Intel Software Guard Extensions. This may allow a privileged local user to potentially escalate privileges.
5e6f8a9b89dc2296c9a7a52d72eea7ce2c945e6fc8092669cef070563935da15Red Hat Security Advisory 2023-0918-01 - Service Binding manages the data plane for applications and backing services.
a4a0b61597e4539af186d0870a584294b79b29427a59239b69994540bab168aeUbuntu Security Notice 5885-1 - Ronald Crane discovered integer overflow vulnerabilities in the Apache Portable Runtime that could potentially result in memory corruption. A remote attacker could possibly use these issues to cause a denial of service or execute arbitrary code.
09ed22efc5f270093119425953b0c1273a45985966262768677be3e29ed5c327Debian Linux Security Advisory 5364-1 - Ronald Crane discovered that missing input saniting in the apr_base64 functions of apr-util, the Apache Portable Runtime utility library, may result in denial of service or potentially the execution of arbitrary code.
0fd080fc2d20d8613ace2e272ac779ee75f49f96590d76bbadc9811f312aedf2Debian Linux Security Advisory 5363-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in denial of service or incorrect validation of BCrypt hashes.
7ae7c33c3e28b6f24a8453dc72dcd9277d8782ff1546367e81b1eee017a28724pfBlockerNG version 2.1.4_26 remote code execution exploit.
4ac7bffe74c29e0dabbff18d552da8d3e73678fb8ed2b4a6a73be8d67499aebcDebian Linux Security Advisory 5362-1 - An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c.
a6c42c4fa46b453dd5a470c4e086922ae874af1bd2bd96fd5186bf71571228ebSimple Food Ordering System version 1.0 suffers from a cross site scripting vulnerability.
d45b72ba3cbe274c827044256c4b4168a57d0681e2452019badcd0d14e196de2Debian Linux Security Advisory 5361-1 - Several flaws were found in tiffcrop, a program distributed by tiff, the Tag Image File Format (TIFF) library and tools. A specially crafted tiff file can lead to an out-of-bounds write or read resulting in a denial of service.
1404aec50e3d5d5f0e7677de3be642069da3ce8f1fbe90f9a1854a9dd500dc50Music Gallery Site version 1.0 suffers from multiple remote SQL injection vulnerabilities.
9704f940761214dcdecce1c26ad4d0916f8ff37567c16827a4d79794fdb77dc3Music Gallery Site version 1.0 suffers from a missing authentication vulnerability that allows for privilege escalation.
fa792fe11043726d6d6e1175130d9b2d4eaddaca348d07b29980ca82930472c4Arm Mali suffers from an insufficient cache invalidation for non-page-aligned user buffer imports.
1cc19cb79a91228a44e5c6196c91a498b37c74f153ea14e278fe6327355cc218Debian Linux Security Advisory 5360-1 - Xi Lu discovered that missing input sanitising in Emacs (in etags, the Ruby mode and htmlfontify) could result in the execution of arbitrary shell commands.
82d11ef9e76f7318d8a66038c6614675b087dfdc2b8d50aad0fe55d3dd74b5c7Employee Task Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.
61c6766d769ec7043a81a96c62d74e65955f769b66aaff8f4bfc3a5b20cefeb4Employee Task Management System version 1.0 suffers from a privilege escalation vulnerability due to a broken access control where a lower privileged user's cookie can be leveraged to takeover an administrative account.
b1783a8753bc4111f4b0d303376dc5a00d0d4803612a9778ff19e0890bd6ed0aDebian Linux Security Advisory 5359-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
7843617dec4bb3e700e21f91ba5248a0b767d9fd5d3e9747c378549fa4f68f46
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed