Ubuntu Security Notice 6005-2 - USN-6005-1 fixed vulnerabilities in Sudo. This update provides the corresponding updates for Ubuntu 16.04 LTS. Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly escaped control characters in log messages and sudoreplay output. An attacker could possibly use these issues to inject terminal control characters that alter output when being viewed.
74fc9208943e3a32ca93a64030fef69aee6cea018ebef0b7092877920e7625edUbuntu Security Notice 6110-1 - It was discovered that Jhead did not properly handle certain crafted Canon images when processing them. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service. It was discovered that Jhead did not properly handle certain crafted images when printing Canon-specific information. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service. It was discovered that Jhead did not properly handle certain crafted images when removing unknown sections. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service.
80d98d0254469a1b51c8abd253d4b4b966ea15e367a3f13db88f0323aeab0bb8Ubuntu Security Notice 6097-1 - It was discovered that Linux PTP did not properly perform a length check when forwarding a PTP message between ports. A remote attacker could possibly use this issue to access sensitive information, execute arbitrary code, or cause a denial of service.
3d7edb5a58eec77633a82d5c64512fbce172738d389e141a849d6ff7a072fbb8Debian Linux Security Advisory 5415-1 - Two security issues were discovered in LibreOffice, which could potentially result in the execution of arbitrary code when loading a malformed spreadsheet document or unacknowledged loading of linked documents within a floating frame.
b27b03556ced9e9e09210b77f8b2ed4a4c103405a522b1cd9b043b091bc1cadaDebian Linux Security Advisory 5412-1 - Several vulnerabilities were discovered in libraw, a library for reading RAW files obtained from digital photo cameras, which may result in denial of service or the execution of arbitrary code if specially crafted files are processed.
b0104fc127d3c8bfcb4c5e52e2e58cfda45af83b1d343bb53c15510a397156a2Debian Linux Security Advisory 5414-1 - Jose Gomez discovered that the Catalog API endpoint in the Docker registry implementation did not sufficiently enforce limits, which could result in denial of service.
9c8e08284137c6665e70202298f98f7ebf0978306e6991e1a98ae9ff2ff01552New MVC Shop version 1.0 suffers from remote SQL injection and missing attribute vulnerabilities.
c1b40aec9eb372ff9cd5a4cff29271a8df8d3fedfc4274f9e046058eaa80e539Simple Customer Relationship Management CRM 2023 version 1.0 suffers from a remote SQL injection vulnerability.
285e8f6ae7ee9b90299b635cefdb4e7b115a2a1bf605db59f2801bc204f4e67eIt appears that sites designed by e-Biz Technocrats Pvt.Ltd suffer from a remote SQL injection vulnerability. As they do not provide any sort of versioning with their offerings, the researcher was unable to provide affected versions. Versions as of May 11, 2023 were affected.
92cf79073e5009f343666e2a43e0a350c61dd730a3d354ea6bc3bd1d42f1ee8dJobs Portal version 3.6 appears to leave default credentials installed after installation.
f267635edf702421f090f420167604e54f42579ebdd5e8887bf5d9cdfbef0879Camaleon CMS version 2.7.0 suffers from a server-side template injection vulnerability.
34f7d878b820c06a0c255c7ff0a016c2722c19698a3424d8da2d5754b3b6daa1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed