Andy Nguyen discovered that the netfilter subsystem in the Linux kernel contained an out-of-bounds write in its setsockopt() implementation. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
4af31b963bddcf331a7037ea35c40e4fbfd445f815d8756856219abad1f16c71Ubuntu Security Notice 5046-1 - It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. Michael Brown discovered that the Xen netback driver in the Linux kernel did not properly handle malformed packets from a network PV frontend, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
911bcc859f7a0c9a9d1bae83c2f53e3ca1b9840869a5229252148bb51ba89399Simple Image Gallery version 1.0 suffers from an unauthenticated remote shell upload vulnerability.
b65b3e6fecc3f9f54f070d6f79325e11c357276ad648cc23b89cc1de348c8b50Ubuntu Security Notice 5045-1 - Norbert Slusarek discovered that the CAN broadcast manger protocol implementation in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to expose sensitive information. It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device initialization failure, leading to a double-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
bde5f3bf782e59c0ed151fd7c46c5d2258f7fcd96669a1026e3e26aff417fae1Red Hat Security Advisory 2021-3207-01 - This release of Red Hat Integration - Camel Quarkus - 1.8.1 tech-preview 2 serves as a replacement for tech-preview 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, denial of service, information leakage, man-in-the-middle, and traversal vulnerabilities.
45c967c8a201b1f39d4acd990e209ab0096988439ff4cec5216e3227f4f3dc4bCrossfire Server version 1.0 SetUp() remote buffer overflow exploit.
5fd5d08654c96dce896141305b739eecc4b96a438ff4c8fe04bcea3f1d164cfcRed Hat Security Advisory 2021-3205-01 - A minor version update is now available for Red Hat Camel K that includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass, code execution, denial of service, information leakage, man-in-the-middle, and traversal vulnerabilities.
2c0be2bf30994c0e78e9f0282ebe4ea1c42cf7bd92b633df388b40a2dc8c649cUbuntu Security Notice 5044-1 - It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device initialization failure, leading to a double-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device detach events, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
4c707db347e5e85dd8a2e478b9d34805f370899a49b0eb92b09d5abeb6293712Crime Records Management System version 1.0 suffers from a remote SQL injection vulnerability.
aab3ec0698141d1863877cdc50d2978c56680677d5a902d7f0a76e715b07fdd6Hospital Management System created by kishan0725 suffers from a persistent cross site scripting vulnerability.
fba4631f14e90d73450defe4cb343ab885a20f7605579117cd8b3616832a11e4Ubuntu Security Notice 5043-1 - It was discovered that Exiv2 incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service. It was discovered that Exiv2 incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service. These issues only affected Ubuntu 20.04 LTS and Ubuntu 21.04. Various other issues were also addressed.
3ac5d046dc916ad450b4a05daee42e21ff86c2bfbdef34c36a1944a33ecff6a2COVID-19 Testing Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities. This is a variant of the original discovery of SQL injection in this version as discovered by Rohit Burke in May of 2021.
4695735f83547741a3f18518c8125d1cef31a63355faaf9bf5a07a8dcf639bf2Ubuntu Security Notice 5042-1 - It was discovered that HAProxy incorrectly handled the HTTP/2 protocol. A remote attacker could possibly use this issue to bypass restrictions.
94f2382720f2438c1b7b3b9cfbfd4ec38d7056358dc4406a6cd5f058990a3ebd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed