SecurePoint UTM versions 12.x suffers from a memory leak vulnerability via the spcgi.cgi endpoint.
15ddc40a5043fe4407a10fa673fb39fdb12a08b717f9167e70ad626fbe024350Ubuntu Security Notice 6010-2 - USN-6010-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Irvan Kurniawan discovered that Firefox did not properly manage fullscreen notifications using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. An attacker could potentially exploit this issue to perform spoofing attacks. Lukas Bernhard discovered that Firefox did not properly manage memory when doing Garbage Collector compaction. An attacker could potentially exploits this issue to cause a denial of service. Zx from qriousec discovered that Firefox did not properly validate the address to free a pointer provided to the memory manager. An attacker could potentially exploits this issue to cause a denial of service. Alexis aka zoracon discovered that Firefox did not properly validate the URI received by the WebExtension during a load request. An attacker could potentially exploits this to obtain sensitive information. Trung Pham discovered that Firefox did not properly validate the filename directive in the Content-Disposition header. An attacker could possibly exploit this to perform reflected file download attacks potentially tricking users to install malware. Ameen Basha M K discovered that Firefox did not properly validate downloads of files ending in .desktop. An attacker could potentially exploits this issue to execute arbitrary code.
91b321d6bb292302d0902231bbb90982f43608fbd09b88542bb4eb7885242ffaRed Hat Security Advisory 2023-1823-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
e8f44fb74ddd743b498dc4da96280d03329e94dfb3b869f04aa7e6b2edb4a7d3Red Hat Security Advisory 2023-1809-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Issues addressed include double free and file download vulnerabilities.
dfe257d75c056b521684f9f2b2d3a47d7cc40698d11a3cd0008d1233199aee09SecurePoint UTM versions 12.x suffers from a session identifier leak vulnerability via the spcgi.cgi endpoint.
1d4cd9e39a6938ba5bad5e9bd158f7895198cb30170e4a59be88883cdba0cd69Red Hat Security Advisory 2023-1815-01 - Debezium is a distributed platform that turns your existing databases into event streams, so applications can see and respond immediately to each row-level change in the databases. Issues addressed include an information leakage vulnerability.
2eff8844a7d75ec8ab0b319a1d489a5238ea00dcd5e05f7637dfd0a486367298Red Hat Security Advisory 2023-1810-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Issues addressed include double free and file download vulnerabilities.
81ff7852b2ea95f1a40ee70d5d74d1e16790b2a800fa21a3f41fc9c3cd1d1a77This Metasploit module exploits a PHP code injection in SPIP. The vulnerability exists in the oubli parameter and allows an unauthenticated user to execute arbitrary commands with web user privileges. Branches 3.2, 4.0, 4.1 and 4.2 are concerned. Vulnerable versions are below 3.2.18, below 4.0.10, below 4.1.18 and below 4.2.1.
da36b42d35a291178bebac45397335e931352a6a022f64275dfb7fc469079f1fRed Hat Security Advisory 2023-1802-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Issues addressed include double free and file download vulnerabilities.
538f023917a5eb6868e1045cee7e0be11d7bda3fa07d93aa038d30422a8a8e2bRed Hat Security Advisory 2023-1811-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Issues addressed include double free and file download vulnerabilities.
9cb37a900ff1cfc9423cb4a8ad2c9324f0a00bb12a53f5e29650ae6816d801f4This Metasploit module combines two vulnerabilities in order achieve remote code execution in the context of the horizon user. The first vulnerability, CVE-2022-22956, is an authentication bypass in OAuth2TokenResourceController ACS which allows a remote, unauthenticated attacker to bypass the authentication mechanism and execute any operation. The second vulnerability, CVE-2022-22957, is a JDBC injection remote code execution vulnerability specifically in the DBConnectionCheckController class's dbCheck method which allows an attacker to deserialize arbitrary Java objects which can allow for remote code execution.
7c29d90e3f3e9d482ff4bcd4e44dc3c7f3847da9e1f2f563dc1812dc6362bcd4Red Hat Security Advisory 2023-1804-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Issues addressed include double free and file download vulnerabilities.
01a2a96c3e0e8201e6334f23dce9c534e30ab319bb471b3431fd6e2a2f81d955Red Hat Security Advisory 2023-1803-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Issues addressed include double free and file download vulnerabilities.
ea6d658d9101df85c0af033c0333d2761b6794fbd21adf9254e0165d5f27593dWordPress Weaver Xtreme theme versions 5.0.7 and below and Weaver Show Posts plugin versions 1.6 and below suffer from a persistent cross site scripting vulnerability.
b0172ec77c6215204d9915dd71ebcb20dcc8714211ffcb31f41fff852f6ba6fdRed Hat Security Advisory 2023-1806-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Issues addressed include double free and file download vulnerabilities.
048779c73b2a45ea1802c3a92b25e01ce1f3c46d68f08c26ec67d3987d95fa96Red Hat Security Advisory 2023-1805-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Issues addressed include double free and file download vulnerabilities.
0399db37c143a0249e18af01f7d4eb3b0ab31384dc02e04cbb6816a10a3c58a6CentOS Stream 9 has a missing kernel security fix for a tun double-free amongst other missing fixes. Included is a local root exploit to demonstrate the issue.
ff7d7021860395c29340e572b9c37574d2458d361ce7c71f08cc837f0834b69e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed