Ubuntu Security Notice 6922-2 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Chenyuan Yang discovered that the Unsorted Block Images flash device volume management subsystem did not properly validate logical eraseblock sizes in certain situations. An attacker could possibly use this to cause a denial of service.
71b8947d41c138f27d222eb7302e5df7fb65a49f364bca58542817fdfba1fd3fUbuntu Security Notice 6936-1 - It was discovered that Apache Commons Collections allowed serialization support for unsafe classes by default. A remote attacker could possibly use this issue to execute arbitrary code.
915864c106ba1f20dec42a0e6d56fbfeba7b088c4b12b3f58c4bd561ac9b887bUbuntu Security Notice 6941-1 - It was discovered that the Python ipaddress module contained incorrect information about which IP address ranges were considered “private†or “globally reachableâ€. This could possibly result in applications applying incorrect security policies.
111b39ad42a74b48cc3d8cc88aad37bf6346b3ce048406d371b36951d2b5be53Debian Linux Security Advisory 5735-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
e94d095795272c99417722eadeff327261063340ffbc4e8f2255b1e625e40418Ubuntu Security Notice 6913-2 - USN-6913-1 fixed CVE-2022-39369 for Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This update provides the corresponding fix for Ubuntu 16.04 LTS. Filip Hejsek discovered that phpCAS was using HTTP headers to determine the service URL used to validate tickets. A remote attacker could possibly use this issue to gain access to a victim's account on a vulnerable CASified service.
3e0766c6da89db4391b9bcbf28e4bb0c96afac677b2a0f597431e1d2dba6bd3fUbuntu Security Notice 6939-1 - Phillip Szelat discovered that Exim misparses multiline MIME header filenames. A remote attacker could use this issue to bypass a MIME filename extension-blocking protection mechanism and possibly deliver executable attachments to the mailboxes of end users.
582b87650e7c0b3fca6b658c3b550c8444aa2cb4f55af6f2d339070de3ef0ea8Ubuntu Security Notice 6938-1 - It was discovered that the device input subsystem in the Linux kernel did not properly handle the case when an event code falls outside of a bitmap. A local attacker could use this to cause a denial of service. 黄æ€èª discovered that the NFC Controller Interface implementation in the Linux kernel did not properly handle certain memory allocation failure conditions, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.
2b1fe74bf4e050be2f9b24272b13e4eb597cb8e2474c9e01998d2ad12881b722Ubuntu Security Notice 6933-1 - It was discovered that ClickHouse incorrectly handled memory, leading to a heap out-of-bounds data read. An attacker could possibly use this issue to cause a denial of service, or leak sensitive information. It was discovered that ClickHouse incorrectly handled memory, leading to a heap-based buffer overflow. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code.
ccfe407715734a4d016346c0155bfaf7c8607967f3341f35c2c849c7495f9708Ubuntu Security Notice 6940-1 - Neil McPhail discovered that snapd did not properly restrict writes to the $HOME/bin path in the AppArmor profile for snaps using the home plug. An attacker who could convince a user to install a malicious snap could use this vulnerability to escape the snap sandbox. Zeyad Gouda discovered that snapd failed to properly check the file type when extracting a snap. An attacker who could convince a user to install a malicious snap containing non-regular files could then cause snapd to block indefinitely while trying to read from such files and cause a denial of service.
d46a3d5659640594182e17d14d86733ba31ca994bad3f8adcff0d5cc7890641eUbuntu Security Notice 6935-1 - It was discovered that prometheus-alertmanager didn't properly sanitize input it received through an API endpoint. An attacker with permission to send requests to this endpoint could potentially inject arbitrary code. On Ubuntu 20.04 LTS and Ubuntu 22.04 LTS, this vulnerability is only present if the UI has been explicitly activated.
d6a3e9b8116e5acb3f21e8db8eb4e45a535778840bf52a4900f350e173e8c4c9Availability Calendar version 5.0 suffers from an insecure direct object reference vulnerability.
f578b8d06b3a05f3915cca33ba682b92422bbfbe50ca861b7600dd13c13e96d3Oracle Database version 12c Release 1 suffers from an unquoted service path vulnerability.
b533a6971c60825de82d389c12a9f9c428be95357e896be93153bc99b173708dUbuntu Security Notice 6937-1 - It was discovered that OpenSSL incorrectly handled TLSv1.3 sessions when certain non-default TLS server configurations were in use. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, leading to a denial of service. It was discovered that OpenSSL incorrectly handled checking excessively long DSA keys or parameters. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, leading to a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.
c8595adc7fa4495060ec748b444e17442f4a82570c3c5f9b77fbc6213de8ea38SolarWinds Kiwi Syslog Server version 9.6.7.1 suffers from an unquoted service path vulnerability.
a6695a2298c39a962908bd59b373f1dea4e1b7e5417c6aeafd0f53e6d6a3d15fBabaji E-Commerce version 1.0 suffers from an ignored default credential vulnerability.
4d3b970b186a001d12a015789a514704d54bdf1bf48563c6aabfcf1cfd811928
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed