Linux USB usbnet tells minidrivers to unbind while netdev is still up, causing use-after-free conditions.
a79f67a4ff4419f1ee030e5d31da09ffc097f7a7aff75a313677c344131a2bc4Ubuntu Security Notice 5946-1 - Lai Han discovered that XStream incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that XStream incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
ab634e70322a3fa103bdf1f9fbef6f814dbfae127fcb8b168ad6c551929ecd91Ubuntu Security Notice 5947-1 - Fabien Potencier discovered that Twig was not properly enforcing sandbox policies when dealing with objects automatically cast to strings by PHP. An attacker could possibly use this issue to expose sensitive information. This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. Marlon Starkloff discovered that Twig was not properly enforcing closure constraints in some of its array filtering functions. An attacker could possibly use this issue to execute arbitrary code. This issue was only fixed in Ubuntu 20.04 ESM.
7a722306f91b4b68b54cf4c80bd0a21077ab7a7fe2101b19ae983b91763a9031Ubuntu Security Notice 5945-1 - It was discovered that Protocol Buffers did not properly validate field com.google.protobuf.UnknownFieldSet in protobuf-java. An attacker could possibly use this issue to perform a denial of service attack. This issue only affected protobuf Ubuntu 22.04 LTS and Ubuntu 22.10. It was discovered that Protocol Buffers did not properly parse certain symbols. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
4fb3ee1e380b754859ef1c4f7b8fd0cc38909e4f1842b4e0583271c30d636ea3Ubuntu Security Notice 5943-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Johan Carlsson discovered that Thunderbird did not properly implement CSP policy on a header when using iframes. An attacker could potentially exploits this to exfiltrate data.
859da6042faf89a056033a58de2955c904821993b08e8e20d961d88955336897Debian Linux Security Advisory 5372-1 - Multiple vulnerabilities were discovered in rails, the Ruby based server-side MVC web application framework, which could result in XSS, data disclosure and open redirect.
44ed6f4160efe547c9a47f4f62db177c265c289c98a029bb8114b3fa4bca4f1fUbuntu Security Notice 5941-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel did not properly handle VLAN headers in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
535271c1ae7b7bcb16adbc05fc82419f67a3f4ba4c0899e15d7b181c03349e95Ubuntu Security Notice 5940-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the NVMe driver in the Linux kernel did not properly handle reset events in some situations. A local attacker could use this to cause a denial of service.
2d4bea0496f1459f3977332b1c41c2155e5e5c4347f8a903f871180fc72ec871Fastly suffers from the poor practice of sending a temporary password in plaintext.
09181b45538cae9f3688cd0f1f65f20913277a3c96827c11f9df3ad8004ab8bcShopify suffers from a cross site scripting vulnerability.
dcca389f2f44bc6e6960d4aefe61cbb9c3906a55351986f2a658754795ce9f62
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed