Debian Linux Security Advisory 5490-1 - Multiple security vulnerabilities have been discovered in aom, the AV1 Video Codec Library. Buffer overflows, use-after-free and NULL pointer dereferences may cause a denial of service or other unspecified impact if a malformed multimedia file is processed.
8ba33ab80d40dac132d57ded1be8556885c107ca006139f2b381bd0beb235f46This Metasploit module exploits a command injection vulnerability on the SolarView Compact version 6.00 web application via the vulnerable endpoint downloader.php. After exploitation, an attacker will have full access with the same user privileges under which the webserver is running (typically as user contec).
d0437fdd852a45a2f8dcde9836a0c763b4e6b928a9997b6532fb7346909945a8WordPress Newsletter plugin versions 7.8.9 and below suffer from a persistent cross site scripting vulnerability.
1647b2f1a0b7a2c28299cdc2b857ac2b05ca6d2c0eb7932b4732186e526399f9Ubuntu Security Notice 6345-1 - It was discovered that SoX incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, an attacker could possibly use this issue to cause a denial of service.
25d2d7854f35a2e1ddb139d09739f6da00e60391d203d01ae41ee980b45abcb5Ubuntu Security Notice 6348-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.
21bd7ad16821bcaedade2c6fb31460d77707aeb86f94702a8dbdf11003cb7e00Ubuntu Security Notice 6347-1 - William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service. It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information.
659842a89750627e93b06b2c5f9ccce1e7754119391c220f3384990e97e4add3Ubuntu Security Notice 6346-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.
e422ea5f7081bc0200e85b80da4c8a9f6df414eaf7dc501f340da0bb9e378a29Ubuntu Security Notice 6344-1 - Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the f2fs file system in the Linux kernel, leading to a null pointer dereference vulnerability. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service.
b07fb1eb36412b00d7edf10557e2e523d0814242a2dfb475128c7625f4e5a6ceThe openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.
033889da66178d5ce63d802c6a41cce8bcc08d09ae02e256f365f4daca8a1899Red Hat Security Advisory 2023-4986-01 - The Red Hat OpenShift Distributed Tracing 2.9 container images have been released. Users of Red Hat OpenShift Distributed Tracing 2.8 container images are advised to upgrade to these updated images, which contain backported patches to correct security issues, fix bugs, and include further enhancements. You can find images updated by this advisory in Red Hat Container Catalog. Issues addressed include a denial of service vulnerability.
12d08e8305fdcf37f527a0e72351ae2fa5375af40ae93a1ba83b224d7b2fbc2cWindows still suffers from issues related to the replacement of the system drive letter during impersonation. This can be abused to trick privilege processes to load configuration files and other resources from untrusted locations leading to elevation of privilege.
51212fb8ba211343dbd84b024c9c604426cec77c9b3e2b2de253af6449695b28Ubuntu Security Notice 6343-1 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code.
7110047976f0ec67dc61de4540495873aa7a04b2a42b9e6129b9fe9d882af93fRed Hat Security Advisory 2023-4898-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.67.
c7cbd44d8d78dd5449c9a6942fe114f8d57b41b4247252575a9e7af95abe33ceOpenCart CMS version 4.0.2.2 suffers from a login brute forcing vulnerability.
b54188eea3b579af367697033d69f13c48b6fe101e916d04c6af3026173005c6Ubuntu Security Notice 6342-1 - Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. Zheng Zhang discovered that the device-mapper implementation in the Linux kernel did not properly handle locking during table_clear operations. A local attacker could use this to cause a denial of service.
11c061734d9794d4249b0df7d3dad9790f54d598352a33e528c8fae23b780348Ubuntu Security Notice 6341-1 - Jordy Zomer and Alexandra Sandulescu discovered that syscalls invoking the do_prlimit function in the Linux kernel did not properly handle speculative execution barriers. A local attacker could use this to expose sensitive information. It was discovered that a use-after-free vulnerability existed in the IEEE 1394 implementation in the Linux kernel. A privileged attacker could use this to cause a denial of service or possibly execute arbitrary code.
ca34fa3d447279b67b01ba5d2440f9e87fb69131a520e1fce87446a60f8869f2Ubuntu Security Notice 6340-1 - Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service. Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
81bd54266a02c8d1951f5552a2dce659d1ccd3a9fc39bd072510487c34b3e54eCleaning Business Software version 1.0 suffers from a cross site scripting vulnerability.
c5ea50014b67cc11e0c0b3185751be75d3336bcad1a0a54a1f669095e1ec2589Event Booking Calendar version 4.0 suffers from a cross site scripting vulnerability.
32c73154ac96e99d3a4e6c304cd5e6f09a5a9afcb2892ee40f8a36c71c285475Ubuntu Security Notice 6339-1 - It was discovered that the NTFS file system implementation in the Linux kernel did not properly validate MFT flags in certain situations. An attacker could use this to construct a malicious NTFS image that, when mounted and operated on, could cause a denial of service. Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
491b72b3d8f313572073602181b37b8870c0766ba938f4f836eb334119fd4c46Ubuntu Security Notice 6338-1 - Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the f2fs file system in the Linux kernel, leading to a null pointer dereference vulnerability. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service.
2ee8f4f89be7aba20da789b2af9e753495f65e05ad1798b5dda1c97c9e1c8903Red Hat Security Advisory 2023-4982-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.6 images.
b9023400cec5412855af688ab8ee78059b127eabc4f5cf42938b74354d4cde03Firefox version 117 suffers from a file creation denial of service vulnerability.
0d270254e544e127717e08d6202c874bd08cb13e7feeb36cff908777b6a11ecaRed Hat Security Advisory 2023-4980-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a bypass vulnerability.
4d76dd3d9f82fddaf0599bc382e2d6eed14fffb6dfc2c812a8e24bdf5039bc17Cinema Booking System version 1.0 suffers from a cross site scripting vulnerability.
4c518d51c080d46429c43f3ab924e7162e0c7de2c2a4500d99b2db55b3a2682c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed