Debian Linux Security Advisory 4899-2 - The Dynamic Code Evolution Virtual Machine (DCE VM), an alternative VM for OpenJDK 11 with enhanced class redefinition, has been updated for compatibility with OpenJDK 11.0.11.
f70ba620a0f91af5f16feb81d31fee9120de509e3d414a516cbeb63fb061c53cDebian Linux Security Advisory 4909-1 - Several vulnerabilities were discovered in BIND, a DNS server implementation.
cc2264904e48cc7cf43a7849bdc0b950295b34a952297af0c847735cf51a4c53Debian Linux Security Advisory 4910-1 - A vulnerability was discovered in libimage-exiftool-perl, a library and program to read and write meta information in multimedia files, which may result in execution of arbitrary code if a malformed DjVu file is processed.
3419aba9a6fab049b77f3b1d22f66ca6cb8054769858407b273adc18f878b239Debian Linux Security Advisory 4911-1 - Several vulnerabilities have been discovered in the chromium web browser.
9deddc747716a9eff5ebd513469e72f12768fb8e205c29e0ae517708389745cbDebian Linux Security Advisory 4912-1 - The Qualys Research Labs reported several vulnerabilities in Exim, a mail transport agent, which could result in local privilege escalation and remote code execution.
986ef7b5faca7b5ab9eda7cfc9036602582d7c35963a2717cb60fd735a20e638Debian Linux Security Advisory 4913-1 - Jemery Galindo discovered an out-of-bounds memory access in Hivex, a library to parse Windows Registry hive files.
d5975d6183305aa7875bda6e752956e293def2561c07d0ff9a6e81105723d04cDebian Linux Security Advisory 4914-1 - A buffer overflow was discovered in Graphviz, which could potentially result in the execution of arbitrary code when processing a malformed file.
5e62c3aecd9f57c1900b6a2895922bf1fbc5c8e2c7146e715c7a80bbfdd3ed22Debian Linux Security Advisory 4915-1 - Multiple security issues have been discovered in the PostgreSQL database system, which could result in the execution of arbitrary code or disclosure of memory content.
749e89fc19223613bc0b6d01019d6a1ee0542a88c8aab17b2b1997127d5c70d6Debian Linux Security Advisory 4916-1 - Multiple security issues were found in Prosody, a lightweight Jabber/XMPP server, which could result in denial of service or information disclosure.
cb46dc40512c3421c85d51fd617a841d7e020b87c87e4b6e511a33c6a0457ddaDebian Linux Security Advisory 4916-2 - The update for prosody released as DSA 4916-1 introduced a regression in websocket support. Updated prosody packages are now available to correct this issue.
dc006cd45dc6b2832b43551e25922ce746feecf07bca993f55194aa3fa68da82Debian Linux Security Advisory 4917-1 - Several vulnerabilities have been discovered in the chromium web browser.
f6da704e89650adf1400be4cf1e03dfd6ea356481e8c080e1b7405b82d00e77eDebian Linux Security Advisory 4918-1 - Improper pathname handling in ruby-rack-cors, a middleware that makes Rack-based apps CORS compatible, may result in access to private resources.
aad43033fd2d923343981ed3f9f6cf6e629a5e445a969a1991a2feeb576f243cDebian Linux Security Advisory 4919-1 - Jasper Lievisse Adriaanse reported an integer overflow flaw in lz4, a fast LZ compression algorithm library, resulting in memory corruption.
41bb61b640cc01e826c9c253f58731d34427a40e6f793f86f7d008054e749c91Debian Linux Security Advisory 4920-1 - Roman Fiedler reported that missing length validation in various functions provided by libx11, the X11 client-side library, allow to inject X11 protocol commands on X clients, leading to authentication bypass, denial of service or potentially the execution of arbitrary code.
4394a56178b38b24b98deb1792eadb7d5bae57faddf795c0673c26d8cf9b1b4fDebian Linux Security Advisory 4921-1 - Luis Merino, Markus Vervier and Eric Sesterhenn discovered an off-by-one in Nginx, a high-performance web and reverse proxy server, which could result in denial of service and potentially the execution of arbitrary code.
09f330ad84d8d271d1fb4c1e34cc1a82845cc410ad88e9e1ad526b84cb5e3cecDebian Linux Security Advisory 4922-1 - Amir Sarabadani and Kunal Mehta discovered that the import functionality of Hyperkitty, the web user interface to access Mailman 3 archives, did not restrict the visibility of private archives during the import, i.e. that during the import of a private Mailman 2 archive the archive was publicly accessible until the import completed.
285e96294fff62bc4ef42f9493107e61acf632573049b66584b40c1760babad2Debian Linux Security Advisory 4923-1 - Vulnerabilities have been discovered in the webkit2gtk web engine.
107386cc474594875c7686aa1fdf20fd6c91795fe2bf2fa5c4f38b265efe74eaTrixbox version 2.8.0.4 has an OS command injection vulnerability that can be leveraged via shell metacharacters in the lang parameter to /maint/modules/home/index.php.
aaabb057afb92bb25d1dc9037d5a6c0fb333f4768b0c90b7a44651f47b7bcfa7Trixbox version 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.
fb3bf69481578dad07624872eec1f5d1da61660965e5ddb444e9193956929ed2PHPFusion version 9.03.50 suffers from a remote code execution vulnerability.
0c1ea73a71c985e2370b23c0a29caa04d041fd12d0eccc6de21797149b8536e6Ubuntu Security Notice 4967-2 - USN-4967-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx incorrectly handled responses to the DNS resolver. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
fa9566f11a9fe7fedfd3308556728e7989e3d35072dac1fff279c3e363c3e755This paper is focused on the various ways in which threat hunting can be performed. It is based on the author's research of semi-automating the entire process by creating a tool based on machine learning and applying analytics.
6af7c1449c75828f7976e682efcd001d246afb3c611194a09d283daac934ebe6QNAP MusicStation and MalwareRemover are affected by arbitrary file upload and command injection vulnerabilities, leading to pre-authentication remote command execution with root privileges on the NAS.
dddda20f7202ce5358af06526c5259d1f75a28b841ba2fcc6fd3fd23682bb880WordPress LifterLMS plugin version 4.21.0 suffers from a persistent cross site scripting vulnerability.
20b27b98b2e22747764f7a39e413c4251aa23f2a701c00e2bc61df557d7309b3Selenium version 3.141.59 remote code execution exploit.
31a04d36d587ab0a205023d11f001f9667bf27577d83ddca22b7e833833f61a8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed