Debian Linux Security Advisory 5475-1 - Daniel Moghimi discovered Gather Data Sampling (GDS), a hardware vulnerability for Intel CPUs which allows unprivileged speculative access to data which was previously stored in vector registers. This mitigation requires updated CPU microcode provided in the intel-microcode package. Daniel Trujillo, Johannes Wikner and Kaveh Razavi discovered INCEPTION, also known as Speculative Return Stack Overflow (SRSO), a transient execution attack that leaks arbitrary data on all AMD Zen CPUs. An attacker can mis-train the CPU BTB to predict non-architectural CALL instructions in kernel space and use this to control the speculative target of a subsequent kernel RET, potentially leading to information disclosure via a speculative side-channel.
95ac8bf618237ec9a9702db5e01782fb41ac590afd3c1d06d81109f4cc731eebDebian Linux Security Advisory 5474-1 - This update ships updated CPU microcode for some types of Intel CPUs and provides mitigations for security vulnerabilities.
4a22e3b631a399258cd26d74fcd8d2415119e5dababff03ad6715692ca4596f2Ubuntu Security Notice 6278-2 - USN-6278-1 fixed several vulnerabilities in .NET. This update provides the corresponding updates for Ubuntu 22.04 LTS. It was discovered that .NET did properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution.
bbe5ad0ccef22ad3d5b80f2a669f69b1767e2bc58e7c496afd4da28a17cdf5c5Ubuntu Security Notice 6277-2 - USN-6277-1 fixed vulnerabilities in Dompdf. This update provides the corresponding updates for Ubuntu 22.04 LTS. It was discovered that Dompdf was not properly validating untrusted input when processing HTML content under certain circumstances. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS.
55b650e84007cb533cc2bd901cb3161d898f7f8ae6c2010791e5bc8b83edcd28Ubuntu Security Notice 6282-1 - Jackson Henry discovered that Velocity Tools incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code.
f5d8dcd9b2dd7d1004589d8aff05de5a8c1772762dcd3a85a846a7c637cfc409TP-Link Archer AX21 suffers from an unauthenticated remote command injection vulnerability.
3a9629d61be6e575bf18f1cc2f133b5c87c5e0b5ced016b0eb855848bbf529bbsystemd version 246 suffers from a local root privilege escalation vulnerability.
5c18cab732f4f9e274da14d6344836a1cdf72bc01779fa89312ba4b4814d364bMaltrail version 0.53 suffers from an unauthenticated remote code execution vulnerability.
70b042d50fdc203d8e1986d293b79d29dfbe257b66f324c957458fd97107fff0Request-Baskets version 1.2.1 suffers from a server-side request forgery vulnerability.
f32cbf78ec0368d17fe9a3fa63a3bcf777dff16a82a61c9159b7c34f9fef48d4OutSystems Service Studio version 11.53.30 suffers from a dll hijacking vulnerability.
a77f3edb50d1e6d881a2ff4679d75b1fbc5bc424de1e7da54048c4da8ca7768ai2soft CMS version 2.0 suffers from an insecure direct object reference vulnerability.
48afd0aeeb59726c12ef1abae5cfcc2036e6d2681d0c5fd0d8cd571736fdbaafhelloGTX Travel Portal CRM version 1.6 suffers from an insecure direct object reference vulnerability.
fa186723eec9812586e497af961b4b5be1cd14d98077f993c3b0b8368f6e71ebFlatApp Premium Admin Dashboard version 1.0 suffers from a remote SQL injection vulnerability.
deec843c62adc12e90ea257c3f06b78dcaa25e7c790383dfc05d81a866cdc246Greeva version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
b35f41c4c4a5fde37a02896ee6ff4bdc5b0b9febbb72dbac07c93be400a6311dEasy Web Portal version 2.1.1 suffers from a cross site scripting vulnerability.
6397c61d970ef88574da63ee2eb42632064a20d598a4b4b3b620f6129c055f26Easy Password Manager version 1.1 suffers from an administrative information disclosure vulnerability.
2687e8a418f8f4fc898b49f86c9caa7c95533498c6bc19add0698de463a19d32Easy Member Pro version 3.0 suffers from an insecure direct object reference vulnerability.
8809a4b95b16a4f5fbf87146e060d190e12ef0c9e56b7c8e91573e4612644856DigaSell Digital Store PHP Script version 1.0.0 suffers from a cross site scripting vulnerability.
f72dfd55d23408ab5429974dee598db6c2f5f4c1ad279051decdd75964ab240b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed