Ubuntu Security Notice 6152-1 - It was discovered that NFS client's access cache implementation in the Linux kernel caused a severe NFS performance degradation in certain conditions. This updated makes the NFS file-access stale cache behavior to be optional.
f29e08acd5a8d043053bf1ca1fd5b120469c790ed3ba354188b09ac18d444315
Debian Linux Security Advisory 5422-1 - It was discovered that jupyter-core, the core common functionality for Jupyter projects, could execute arbitrary code in the current working directory while loading configuration files.
92eaa0f716424786088307c5dd09a5fb7aefcc253fdf38062cc30c975685ec44
Movierocket version 1.0 suffers from a cross site scripting vulnerability.
9b56e1ebfbab5aa2b3472302d211417cb3c8fdc46262e889e176a7a130f49cac
Thruk Monitoring Web Interface versions 3.06 and below are affected by a path traversal vulnerability.
b4db7b0fe0d3f7cabe246d072619352071a834464862d00a3003434084b02e8c
tenshi is a log monitoring program, designed to watch one or more log files for lines matching user defined regular expressions and report on the matches. The regular expressions are assigned to queues which have an alert interval and a list of mail recipients. Queues can be set to send a notification as soon as there is a log line assigned to it, or to send periodic reports.
84ceedb32498ce8cbef6b7cb6863a15a5c8fc6187a22afd0c089497a2faecc12
This Metasploit module exploits a remote unauthenticated command injection vulnerability in the Internet Key Exchange (IKE) packet decoder over UDP port 500 on the WAN interface of several Zyxel devices. The affected devices are as follows: ATP (Firmware version 4.60 to 5.35 inclusive), USG FLEX (Firmware version 4.60 to 5.35 inclusive), VPN (Firmware version 4.60 to 5.35 inclusive), and ZyWALL/USG (Firmware version 4.60 to 4.73 inclusive). The affected devices are vulnerable in a default configuration and command execution is with root privileges.
3332119f6d5058915a969972306dbb9e73aceea251afd2cffb7a4ddeec5a1966
Red Hat Security Advisory 2023-3555-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.
986b19755c9519289e701d3940a4f30719db77ebad4d8b10af4f5d0c79d5c1a7
Codemonkey Multi Vendor Digital Product Mart version 1.0 suffers from a cross site scripting vulnerability.
0d1b5470ca6ad2fd38eefa0be2588a11e21fb07be56d2342b8d8fc349e8dc666
Scriptio version 1.4 suffers from a cross site scripting vulnerability.
356014774e8bf4e773c3e2a84d9320353c24c7f5e796128d071ff8ec2bc7cc8b
Ubuntu Security Notice 6151-1 - It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service. It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs.
5bff6da330dc165184cee9192c1fd401081ecceea14b6b785e7310528e1bba3c
EasyAnswer version 1.0.1 suffers from a cross site scripting vulnerability.
849e2953f9daeeb1ace2ae74e7f38875d456396a8e336dcd1ce41dca5d51b8f2
Red Hat Security Advisory 2023-3556-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.
06d50d58e7c8755c8119b15c2f4a8c8bdc06eeef5fe36e1b399f00931443d2a3
P2S CMS version 0.1 suffers from a cross site scripting vulnerability.
7bb6a5d8c0fb7077e0992b71833738c252f38ebb48abe398cde8f60022fba24c
Ubuntu Security Notice 6150-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
0acc6c7ad8dc0c5988138958ce21ae152b6621c4db1e8782277792c96cbaf6b5
MVC Shop version 0.5 suffers from a directory traversal vulnerability.
dc7f3b643d2fd9d01a507a4358afeee77fe7bdfb40e966c9d0c8f00fcdcd7866
PHP Live version 3.1 suffers from a cross site scripting vulnerability.
5afa26f53c21f0ac7a1f9a3408b7c32f583820f9a9ce76c738aacdbe5026646e
Ubuntu Security Notice 6149-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
7519c27c454f92e04cb3775884c6e172222ac7d28f01614d4c927139473c0e92
Acelle Email Marketing version 4.0.25 suffers from an arbitrary file upload vulnerability.
42a060ff82cd1846f13603b5df42ab433514a56f42b104907918548c7a47ce86
Ubuntu Security Notice 6147-1 - Several security issues were discovered in the SpiderMonkey JavaScript library. If a user were tricked into opening malicious JavaScript applications or processing malformed data, a remote attacker could exploit a variety of issues related to JavaScript security, including denial of service attacks, and arbitrary code execution.
5c6b6b7dc4dc6a16e2e912d60d869f15f102d2dc555b8c4d1e9010abdc65165f
Kesion CMS X version 2.0 suffers from an unauthenticated add administrator vulnerability.
de0b37cd4485d86b801c27d7ced154e311d1fc425567511f3834306f7bec9321