Ubuntu Security Notice 6509-2 - USN-6509-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. It was discovered that Firefox did not properly manage memory when images were created on the canvas element. An attacker could potentially exploit this issue to obtain sensitive information. It discovered that Firefox incorrectly handled certain memory when using a MessagePort. An attacker could potentially exploit this issue to cause a denial of service. It discovered that Firefox incorrectly did not properly manage ownership in ReadableByteStreams. An attacker could potentially exploit this issue to cause a denial of service. It discovered that Firefox incorrectly did not properly manage copy operations when using Selection API in X11. An attacker could potentially exploit this issue to obtain sensitive information. Rachmat Abdul Rokhim discovered incorrectly handled parsing of relative URLS starting with "///". An attacker could potentially exploit this issue to cause a denial of service.
ad83f1762f0c9b91d83173c5919f250795adb5f0c74dd9b083106a33e56ea5bfPHPJabbers Car Rental version 3.0 suffers from multiple persistent cross site scripting vulnerabilities.
88613e2e49fa83781333027bf741fc0382e56bffb3e5b621cf78a84757587689PHPJabbers Car Rental version 3.0 suffers from a CSV injection vulnerability.
76d5aaed8fb6f55066b5e1736817c5e918c51cfd401081fba181ad61f4ba7327R Radio Network FM Transmitter version 1.07 suffers from an improper access control that allows an unauthenticated actor to directly reference the system.cgi endpoint and disclose the clear-text password of the admin user allowing authentication bypass and FM station setup access.
957fbcd8e2322bfb4df06832e6de97007a8bedfc7567ee79382899cdc5a7a54dPHPJabbers Car Rental version 3.0 suffers from a missing rate limiting control that can allow for resource exhaustion.
1e25466f2392b79cadc7889f8e530e0d2c5c8b2ee6f9c3217853e9ae88e4758bPHPJabbers Time Slots Booking Calendar version 4.0 suffers from a missing rate limiting control that can allow for resource exhaustion.
f1dfb0019c57abd3c9019650a3666922144cd5fc0bd2146660251fb2bbdc05e1Red Hat Security Advisory 2023-7633-01 - An update for rh-mariadb105-galera and rh-mariadb105-mariadb is now available for Red Hat Software Collections. Issues addressed include a null pointer vulnerability.
2165f4c4088cccb2ffaafd3edfa36139e6ace90f396a6bfcbb446462f67e2115Debian Linux Security Advisory 5571-1 - It was discovered that missing input sanitising in the HTTP API endpoint of RabbitMQ, an implementation of the AMQP protocol, could result in denial of service.
7957822e1b93b14f04419323dbc94e28eb76fa05e363e9d72f263770555fc295PHPJabbers Availability Booking Calendar version 5.0 suffers from a missing rate limiting control that can allow for resource exhaustion.
6cecb49be3b4173f435cb87183129cce9d33ac6ef6f5040530cfde4c84ed1ffbPHPJabbers Shuttle Booking Software version 2.0 suffers from a CSV injection vulnerability.
c937c34f8c7bdd3e156a5b73f2fa9b7e49ce5e0b41400346a7073e8ca4695178PHPJabbers Time Slots Booking Calendar version 4.0 suffers from multiple persistent cross site scripting vulnerabilities.
e6b45e3f61a13423e59c968e1a0aa93d94b7096aa974eb58f208e7e877969979PHPJabbers Time Slots Booking Calendar version 4.0 suffers from an html injection vulnerability.
ab9a0351616ce7e96456782c9f900796587b91b053d7a4d36f897369ad715f8dDebian Linux Security Advisory 5570-1 - It was discovered that libnghttp2, a library implementing the HTTP/2 protocol, handled request cancellation incorrectly. This could result in denial of service.
a361a8b094e0e37ca2ea5d4f587944cad91928be895d0bc0f7d06332bb7e2d37PHPJabbers Time Slots Booking Calendar version 4.0 suffers from a CSV injection vulnerability.
4fb447ace847ed92d1335bf5393fd4452d32619a1048058570afa0d0a556480dPHPJabbers Availability Booking Calendar version 5.0 suffers from an html injection vulnerability.
cd7b4eb6699c80aff2719ca9cc48facc7cb17ddb8fb173467674ec46d022b537WordPress Phlox-Pro theme version 5.14.0 suffers from a cross site scripting vulnerability.
7618323972c79291341b4369586c35cb74a9b86756872ae676d30d86b9e86120BoidCMS version 2.0.1 suffers from multiple persistent cross site scripting vulnerabilities.
dcaa9c9935f541f7f50b855e1e4653e9ae4d96b76cb68c5ebd751eabf88d14a3GaatiTrack Courier Management System version 1.0 suffers from a remote SQL injection vulnerability.
d32a123df3242fd37fdc4dbf8ce84ed24bef9916821cba9ffa99148bfc157e28ARM Mali r44p0 suffers from a use-after-free vulnerability by freeing waitqueue with elements on it.
4fea6948aa6c6c134d3f0e82d4d907da692a000feadff0b07880f486048867a4This archive contains all of the 49 exploits added to Packet Storm in November, 2023.
4561d62960af2b314e517143d1dd7755f08be850b2ef73095e45ff6f8970e680Debian Linux Security Advisory 5569-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
d5d2209b119ae9264996f7c9c9bb3d93c4f147ce270625707943898e702df953Kopage Website Builder version 4.4.15 suffers from a persistent cross site scripting vulnerability.
fbd3eb9a6b1fa373e2b967ebba1f3a131fa434d38572c561c6273ce2e1c0683aUbuntu Security Notice 6502-4 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.
80e570dc8559f7c743948b2659e5b45954e4ef183051320784503ce69438e9e4Ubuntu Security Notice 6496-2 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.
ff4c804427ae5e3ed0edbacaa2797fb161dd9c5e4ae66c5b2f114beebd29332dUbuntu Security Notice 6495-2 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Manfred Rudigier discovered that the Intel PCI-Express Gigabit Ethernet driver in the Linux kernel did not properly validate received frames that are larger than the set MTU size, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.
84d6c0fba7b7ce39226621eb2ae128d51c090c81cff449f8466be7ea9785245c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed