RWS WorldServer versions 11.7.3 and below suffer from a session token enumeration vulnerability.
3809eddfb426d1ed940f1b902726114b7c7322dfe9d241fc6e98fd22830832caUbuntu Security Notice 6237-1 - Hiroki Kurosawa discovered that curl incorrectly handled validating certain certificate wildcards. A remote attacker could possibly use this issue to spoof certain website certificates using IDN hosts. Hiroki Kurosawa discovered that curl incorrectly handled callbacks when certain options are set by applications. This could cause applications using curl to misbehave, resulting in information disclosure, or a denial of service.
51f46d8ba4e11574eb483e508710565644dc207c352aed8e601c8ec28e6a4ba4Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This Metasploit module will use the vulnerability to create a new admin user that will be used to upload a Openfire management plugin weaponized with a java native payload that triggers remote code execution. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the first version on the 4.8 branch, which is version 4.8.0.
88a0702601cff01264e02916f842525d503acf8b450db38e6b24d4a2d9099b89PaulPrinting CMS suffers from persistent cross site scripting vulnerabilities.
0b9b7ad7b52dff7dadc73e6b15ebce81609bbccc522be48093c9fc76d4869227Red Hat Security Advisory 2023-4053-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.45. Issues addressed include a code execution vulnerability.
3bcde00c10f50e0c04e8bb156e955aa18c0b0fde3d60fb4c86dca74a55ed295eShowMojo MojoBox Digital Lockbox with firmware versions prior to 1.4 are vulnerable to authentication bypass. The implementation of the lock opening mechanism via Bluetooth Low Energy (BLE) is vulnerable to replay attacks.
c8d01ab621c05b5cf222dd8cb734378695bdd49996ea9fd01e1440dcdf9d4afcAures Booking and POS Terminal suffers from a local privilege escalation vulnerability.
65dcbce0dd25b1ee5a8f8ed1f420757b81a899961e2fd8df51f43e586fd4d3f1This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
200ebe147f6cb3f101fd0cdf9e02442af7ddca298dffd9f456878e7ccac676e8Ubuntu Security Notice 6236-1 - It was discovered that ConnMan could be made to write out of bounds. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that ConnMan could be made to leak sensitive information via the gdhcp component. A remote attacker could possibly use this issue to obtain information for further exploitation. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
f3894c0008a42ac92888785f910724c4ae5b50e31e7b89bdf6b252564b1bdb6fWebile version 1.0.1 suffers from multiple cross site scripting vulnerabilities.
9f5ef29f2e536ba47a2d55d09865dd5fd682e893f3576420ebd9b11e81f44a03Dooblou WiFi File Explorer version 1.13.3 suffers from multiple cross site scripting vulnerabilities.
fc057810667f574cf1a766dc21c16490b2720f260231453db7f897daf835beddRed Hat Security Advisory 2023-4204-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters. After deploying the VolSync operator, it can create and maintain copies of your persistent data.
e28b9f4d75c6a5705f4b1069ef08aac3955a1d0c7eb2e93e2d4ebfbb62fbc557PaulPrinting CMS suffers from a cross site scripting vulnerability.
1476838dfeb8caf84a49a3c37d8d86599c7d06983852e43569841ef23d18583aRed Hat Security Advisory 2023-4201-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.
a7d7554b6d74914a196337b5c2553010ed7ed00bbfd369756b272b6f2aa01588Tiva Events Calender version 1.4 suffers from a persistent cross site scripting vulnerability.
ff6d43136930eb7be361f52eebe6e20e440999b2b18d5e0ec023055d03babdcdActive Super Shop CMS version 2.5 suffers from an html injection vulnerability.
c721b298b72ab93ba44d36855084d2b6d6fc5a1941dd49801fe8154a10186b28Red Hat Security Advisory 2023-4202-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.
f83c9132ee29579547e8f9c92f9007ae3c552152caee5d0e4d8338bfb5ae1760Boom CMS version 8.0.7 suffers from a cross site scripting vulnerability.
946b502817cdfae4ddafbe5d6ea5c8846de4a8be41c8ba1e4f42c00f6ea8bdedMicrosoft Office 365 version 18.2305.1222.0 suffers from a remote code execution vulnerability when a malicious link is clicked on in a Word file.
7b4fc08e37b6434887181c5603d0fcdb5ef2c0caef143f547da4b1a8d70b9799Red Hat Security Advisory 2023-4200-01 - A new release for Red Hat Build of OptaPlanner 8.38.0 for Quarkus 2.13.8 including security updates is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a denial of service vulnerability.
bc405a6019830ee64b8cccb664b61b110b2fc08ca6c32796b1b791ffae0bb212The call for papers for Hardwear.io 2023 in the Netherlands is now open. It will take place November 2nd through the 3rd, 2023 at the Marriott Hotel, The Hague, Netherlands.
ec87fd1f62c43c5094a8b7edcbb92181ee748aea83102c2abf02a405cf32899bUbuntu Security Notice 6233-1 - It was discovered that YAJL was not properly performing bounds checks when decoding a string with escape sequences. If a user or automated system using YAJL were tricked into processing specially crafted input, an attacker could possibly use this issue to cause a denial of service. It was discovered that YAJL was not properly handling memory allocation when dealing with large inputs, which could lead to heap memory corruption. If a user or automated system using YAJL were tricked into running a specially crafted large input, an attacker could possibly use this issue to cause a denial of service.
dc76af79630bbfeaaf462528d36963309713ef6633d5dd1d737257cd112afad5Clip Share version 4.1.4 suffers from a cross site scripting vulnerability.
f104b1e9de39e7d0bb70da284aab85d83380acd95357f1cdeaf43197d30dc724Ciuis CRM version 1.0.7 suffers from an add administrator vulnerability.
2b286a02c597cbb32afc9266045e6da8b1c71e5dbceb7655aed5c7f1b146456eRed Hat Security Advisory 2023-4203-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.
46c15e24854b58d292795c5f401e74c5dda9a33b793f95b1a91fc41e5a0d1e7b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed