Intel Rapid Storage Technology User Interface and Driver version 15.9.0.1015 suffers from a dll hijacking vulnerability.
6e7d0ae7e36d2519f2a95dd01eee53eeefd5b81452a1fdfc32e7ec88cc304a15Budabot versions 0.6 through 4.0 suffer from a denial of service vulnerability.
a8620cfd1ed239f5a681eebba7f54e300e332b8a58ce2704698bd1ea6a629401Easy Outlook Express Recovery version 2.0 suffers from a denial of service vulnerability.
82cb3c42702d61ce3a30a798b37e6224448fb4750089b14e6c59554868298e79Ubuntu Security Notice 3824-1 - It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. Artem Smotrakov discovered that the HTTP client redirection handler implementation in OpenJDK did not clear potentially sensitive information in HTTP headers when following redirections to different hosts. An attacker could use this to expose sensitive information. Various other issues were also addressed.
6c5ea49388e7e87aca6197cfe70cc7c9a28214d75613f18a1201e869b8704850Mumsoft Easy Software version 2.0 suffers from a denial of service vulnerability.
2e6d3fa3ab3980ef650c389842587c04d50e541be8b89b6d86e5946e4b8c0473DomainMOD versions 4.09.03 through 4.11.01 suffer from a cross site scripting vulnerability.
4ac91c382335e4c719ecad12b7fb1d13f9831451a63236bd492da8666dd9934eHelpdezk version 1.1.1 suffers from a remote shell upload vulnerability.
4d7c2b7a7f9e0b66c40c6a479ca4b064ccdc419315c37b7f8039d533b556f8f8Warranty Tracking System version 11.06.3 suffers from a remote SQL injection vulnerability.
6b9d0c36e2b44c903b7a8825cda38efc3260a46b672d47f89e379535595683f1It was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel memory access. A local attacker could use this to expose sensitive information or possibly elevate privileges. Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). Various other issues were also addressed.
fbe29704c99306a1bca47b078a9a33c2572ec3b421ae2b3cfb6ccde48d2a5412The Everus.org Android application version 1.0.9 has a fundamental design flaw where the client can send a random phone number during the second factor flow with an arbitrary existing user id and the server send the attacker the one time password for the other user.
e46c0f54b8cf03d1272fe5737ef712ce4a51f293453a2cc14d9e32c21776b79eLinux has a broken uid/gid mapping for nested user namespaces with greater than 5 ranges.
53da54afe1913539df473ff36059802468d06980a436040ba7120c6c26f62627
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed