Ubuntu Security Notice 6509-2 - USN-6509-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. It was discovered that Firefox did not properly manage memory when images were created on the canvas element. An attacker could potentially exploit this issue to obtain sensitive information. It discovered that Firefox incorrectly handled certain memory when using a MessagePort. An attacker could potentially exploit this issue to cause a denial of service. It discovered that Firefox incorrectly did not properly manage ownership in ReadableByteStreams. An attacker could potentially exploit this issue to cause a denial of service. It discovered that Firefox incorrectly did not properly manage copy operations when using Selection API in X11. An attacker could potentially exploit this issue to obtain sensitive information. Rachmat Abdul Rokhim discovered incorrectly handled parsing of relative URLS starting with "///". An attacker could potentially exploit this issue to cause a denial of service.
ad83f1762f0c9b91d83173c5919f250795adb5f0c74dd9b083106a33e56ea5bf
PHPJabbers Car Rental version 3.0 suffers from multiple persistent cross site scripting vulnerabilities.
88613e2e49fa83781333027bf741fc0382e56bffb3e5b621cf78a84757587689
PHPJabbers Car Rental version 3.0 suffers from a CSV injection vulnerability.
76d5aaed8fb6f55066b5e1736817c5e918c51cfd401081fba181ad61f4ba7327
R Radio Network FM Transmitter version 1.07 suffers from an improper access control that allows an unauthenticated actor to directly reference the system.cgi endpoint and disclose the clear-text password of the admin user allowing authentication bypass and FM station setup access.
957fbcd8e2322bfb4df06832e6de97007a8bedfc7567ee79382899cdc5a7a54d
PHPJabbers Car Rental version 3.0 suffers from a missing rate limiting control that can allow for resource exhaustion.
1e25466f2392b79cadc7889f8e530e0d2c5c8b2ee6f9c3217853e9ae88e4758b
PHPJabbers Time Slots Booking Calendar version 4.0 suffers from a missing rate limiting control that can allow for resource exhaustion.
f1dfb0019c57abd3c9019650a3666922144cd5fc0bd2146660251fb2bbdc05e1
Red Hat Security Advisory 2023-7633-01 - An update for rh-mariadb105-galera and rh-mariadb105-mariadb is now available for Red Hat Software Collections. Issues addressed include a null pointer vulnerability.
2165f4c4088cccb2ffaafd3edfa36139e6ace90f396a6bfcbb446462f67e2115
Debian Linux Security Advisory 5571-1 - It was discovered that missing input sanitising in the HTTP API endpoint of RabbitMQ, an implementation of the AMQP protocol, could result in denial of service.
7957822e1b93b14f04419323dbc94e28eb76fa05e363e9d72f263770555fc295
PHPJabbers Availability Booking Calendar version 5.0 suffers from a missing rate limiting control that can allow for resource exhaustion.
6cecb49be3b4173f435cb87183129cce9d33ac6ef6f5040530cfde4c84ed1ffb
PHPJabbers Shuttle Booking Software version 2.0 suffers from a CSV injection vulnerability.
c937c34f8c7bdd3e156a5b73f2fa9b7e49ce5e0b41400346a7073e8ca4695178
PHPJabbers Time Slots Booking Calendar version 4.0 suffers from multiple persistent cross site scripting vulnerabilities.
e6b45e3f61a13423e59c968e1a0aa93d94b7096aa974eb58f208e7e877969979
PHPJabbers Time Slots Booking Calendar version 4.0 suffers from an html injection vulnerability.
ab9a0351616ce7e96456782c9f900796587b91b053d7a4d36f897369ad715f8d
Debian Linux Security Advisory 5570-1 - It was discovered that libnghttp2, a library implementing the HTTP/2 protocol, handled request cancellation incorrectly. This could result in denial of service.
a361a8b094e0e37ca2ea5d4f587944cad91928be895d0bc0f7d06332bb7e2d37
PHPJabbers Time Slots Booking Calendar version 4.0 suffers from a CSV injection vulnerability.
4fb447ace847ed92d1335bf5393fd4452d32619a1048058570afa0d0a556480d
PHPJabbers Availability Booking Calendar version 5.0 suffers from an html injection vulnerability.
cd7b4eb6699c80aff2719ca9cc48facc7cb17ddb8fb173467674ec46d022b537
WordPress Phlox-Pro theme version 5.14.0 suffers from a cross site scripting vulnerability.
7618323972c79291341b4369586c35cb74a9b86756872ae676d30d86b9e86120
BoidCMS version 2.0.1 suffers from multiple persistent cross site scripting vulnerabilities.
dcaa9c9935f541f7f50b855e1e4653e9ae4d96b76cb68c5ebd751eabf88d14a3
GaatiTrack Courier Management System version 1.0 suffers from a remote SQL injection vulnerability.
d32a123df3242fd37fdc4dbf8ce84ed24bef9916821cba9ffa99148bfc157e28
ARM Mali r44p0 suffers from a use-after-free vulnerability by freeing waitqueue with elements on it.
4fea6948aa6c6c134d3f0e82d4d907da692a000feadff0b07880f486048867a4
This archive contains all of the 49 exploits added to Packet Storm in November, 2023.
4561d62960af2b314e517143d1dd7755f08be850b2ef73095e45ff6f8970e680
Debian Linux Security Advisory 5569-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
d5d2209b119ae9264996f7c9c9bb3d93c4f147ce270625707943898e702df953
Kopage Website Builder version 4.4.15 suffers from a persistent cross site scripting vulnerability.
fbd3eb9a6b1fa373e2b967ebba1f3a131fa434d38572c561c6273ce2e1c0683a
Ubuntu Security Notice 6502-4 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.
80e570dc8559f7c743948b2659e5b45954e4ef183051320784503ce69438e9e4
Ubuntu Security Notice 6496-2 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.
ff4c804427ae5e3ed0edbacaa2797fb161dd9c5e4ae66c5b2f114beebd29332d
Ubuntu Security Notice 6495-2 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Manfred Rudigier discovered that the Intel PCI-Express Gigabit Ethernet driver in the Linux kernel did not properly validate received frames that are larger than the set MTU size, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.
84d6c0fba7b7ce39226621eb2ae128d51c090c81cff449f8466be7ea9785245c