This Metasploit module exploits a command injection vulnerability in Vinchin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.*. Due to insufficient input validation in the checkIpExists API endpoint, an attacker can execute arbitrary commands as the web server user.
3d8e50d9f7626533b7df0f51d965d0f800628210479cd9fb5dd93a7e5ade89f2
A buffer overflow exists in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. It has been dubbed Looney Tunables. This issue allows an local attacker to use maliciously crafted GLIBC_TUNABLES when launching binaries with SUID permission to execute code in the context of the root user. This Metasploit module targets glibc packaged on Ubuntu and Debian. Fedora 37 and 38 and other distributions of linux also come packaged with versions of glibc vulnerable to CVE-2023-4911 however this module does not target them.
e48ab23fe12076a6f076606de74abf4141a72444bfb88e5c9ea8bf73a3f2b891
Debian Linux Security Advisory 5581-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape or clickjacking.
8e9ebae0bccbe4842bf36efe2bc7e6db305fad064c670f91a6bc7f76d2742daa
Red Hat Security Advisory 2023-7886-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
24a0fece622c18fe7a44ca53d8f618e921d20db98bcef9b842304f150874e048
Red Hat Security Advisory 2023-7885-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include integer overflow and remote SQL injection vulnerabilities.
6a8d45290a1026c18b076c098659a061e49cef14545a2f513022e5cfaae97ab9
Red Hat Security Advisory 2023-7884-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 8. Issues addressed include integer overflow and remote SQL injection vulnerabilities.
71d7661c625a0dc790f1aed4426234a1d2b63827de983c2b9ca8dfb682327b67
Red Hat Security Advisory 2023-7883-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include integer overflow and remote SQL injection vulnerabilities.
27f6e6d3f72873d3d1a97bdf0df810ec30ccd140e3202bd97649ec9340236739
Red Hat Security Advisory 2023-7612-03 - A new release of the Red Hat build of Quarkus is now available. This new release comes packed with a host of enhancements, bug fixes, and security fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE links in the References section. Issues addressed include a denial of service vulnerability.
500ebe066ed78afa187f9efd9f9964ae5f197e88455665dae02f13ac35b79b40
This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
910211c07255a8c5ad654391b40ee59800710dd8119dd5362de09385aa7a777c