Ubuntu Security Notice 6656-2 - USN-6656-1 fixed several vulnerabilities in PostgreSQL. This update provides the corresponding updates for Ubuntu 16.04 LTS It was discovered that PostgreSQL incorrectly handled dropping privileges when handling REFRESH MATERIALIZED VIEW CONCURRENTLY commands. If a user or automatic system were tricked into running a specially crafted command, a remote attacker could possibly use this issue to execute arbitrary SQL functions.
f45b11c7e2648a6365c7c0c4a04b1f4fe6c6106dd3b6d76e794be3a2d298a00a
Ubuntu Security Notice 6689-1 - It was discovered that Rack incorrectly parse some headers. An attacker could possibly use this issue to cause a denial of service.
181f1f7f4d6954f69249e0e6a3f58ba172952686bbf375b6655f6255942c39b3
Ubuntu Security Notice 6690-1 - Timothy Redaelli and Haresh Khandelwal discovered that Open vSwitch incorrectly handled certain crafted Geneve packets when hardware offloading via the netlink path is enabled. A remote attacker could possibly use this issue to cause Open vSwitch to crash, leading to a denial of service. It was discovered that Open vSwitch incorrectly handled certain ICMPv6 Neighbor Advertisement packets. A remote attacker could possibly use this issue to redirect traffic to arbitrary IP addresses.
c48aa2b70b96e75c736131cbd6e784fb35739c48c114c1dc28b66d826cb192ed
Ubuntu Security Notice 6688-1 - Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service. It was discovered that the Habana's AI Processors driver in the Linux kernel did not properly initialize certain data structures before passing them to user space. A local attacker could use this to expose sensitive information.
14e46adfe602e3381472cca2694960e60b4f66b2adf1e14c5cefabbd3a423e8c
Ubuntu Security Notice 6681-2 - Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly validate inode types while performing garbage collection. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service. It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service.
497cdba15e2474c05f61de47875a39a3f760923ca11ee79f7167211274bac41c
Ubuntu Security Notice 6658-2 - USN-6658-1 fixed a vulnerability in libxml2. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. It was discovered that libxml2 incorrectly handled certain XML documents. A remote attacker could possibly use this issue to cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code.
2a750c69f6b035fa2c99f3825916f5c17d092b9f9cd726a59615137e53c334da
NorthStar C2 agent version 1.0 applies insufficient sanitization on agent registration routes, allowing an unauthenticated attacker to send multiple malicious agent registration requests to the teamserver to incrementally build a functioning javascript payload in the logs web page. This cross site scripting payload can be leveraged to execute commands on NorthStar C2 agents.
e3d03b1bb5d42cd9ee527169a57dc6bfa52c6c6b50d4e1a990a6c9443e01b3b1
Red Hat Security Advisory 2024-1270-03 - An update for docker is now available for Red Hat Enterprise Linux 7 Extras.
2036f840f1181bee598bcb0a04303156535c327e7791c9fce8936c9985014048
Red Hat Security Advisory 2024-1269-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Issues addressed include null pointer, out of bounds write, and use-after-free vulnerabilities.
0dca2b95d83f2e06fcd70d43d60fe031ceb4425e7cba49254273efdce77b6b5f
Red Hat Security Advisory 2024-1268-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Issues addressed include null pointer, out of bounds write, and use-after-free vulnerabilities.
a345f643b8091f2ef476dc55be42211ec4686a71622f968e79555da9a6b7b6f0
Red Hat Security Advisory 2024-1253-03 - An update for kpatch-patch-5_14_0-70_64_1, kpatch-patch-5_14_0-70_70_1, kpatch-patch-5_14_0-70_75_1, kpatch-patch-5_14_0-70_80_1, and kpatch-patch-5_14_0-70_85_1 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include privilege escalation and use-after-free vulnerabilities.
617ece46c41b05791b1be764d0835032147659b14ce52b66d5869faff9182db3
Red Hat Security Advisory 2024-1251-03 - An update for kpatch-patch-5_14_0-362_13_1, kpatch-patch-5_14_0-362_18_1, and kpatch-patch-5_14_0-362_8_1 is now available for Red Hat Enterprise Linux 9.
33eaeaf4d2ff76f66df7e43e1e9f8e3ffe605cce7bfa0653ec87d936fc17be23
Red Hat Security Advisory 2024-1250-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include memory exhaustion, null pointer, out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.
1a8fb1156681ea9fffde120cc80c4918fc32db13b323665272dc5e45827f8bb9
Red Hat Security Advisory 2024-1249-03 - An update for kernel is now available for Red Hat Enterprise Linux 7. Issues addressed include a use-after-free vulnerability.
9a00ee476e03d2f43da0c6966b2d73fa610f76843974de7d3d16950948e41e11
Red Hat Security Advisory 2024-1248-03 - An update for kernel is now available for Red Hat Enterprise Linux 9. Issues addressed include null pointer, out of bounds access, out of bounds read, out of bounds write, privilege escalation, and use-after-free vulnerabilities.
e8cee96a94ad07c9429b0bfe0fc3b41b26d6aecb31ef509f3a03f7021e1d0f40
Red Hat Security Advisory 2024-1244-03 - An update for rhc-worker-script is now available for Red Hat Enterprise Linux 7. Issues addressed include a denial of service vulnerability.
479c61ab5118a47bf1cdbb9dcdebb20f54468e590079986493f3ddab93629463
Red Hat Security Advisory 2024-1241-03 - An update for postgresql is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
81d2e122dc4f561137a9b81b946b42b852b49443e32cf555393ddaa2ef23712c
Red Hat Security Advisory 2024-1240-03 - An update for postgresql is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
6b964382136a6cad5b64f9d306d6ae21eafe4cae72e58a1b42de308fd2dea2d7
Human Resource Management System version 1.0 suffers from a remote SQL injection vulnerability. Original discovery of SQL injection in this version is attributed to Abdulhakim Oner in March of 2023.
fe2afefb91ff4eaa074c0f4b68fb13bdd541d5861e3a3b9d46706cb51d0cc9e0