Red Hat Security Advisory 2023-7783-03 - An update for postgresql is now available for Red Hat Enterprise Linux 7. Issues addressed include an integer overflow vulnerability.
039e3e24fcb541e6ed64e793f6ef119f751b6dcc0eded1249bf425b4a52ab596
Red Hat Security Advisory 2023-7782-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support. Issues addressed include an information leakage vulnerability.
83eddbc394ef4a5281e91dcdb603e46604864a86e73aba1967ff7989fe51c06f
Red Hat Security Advisory 2023-7778-03 - An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Issues addressed include an integer overflow vulnerability.
eef77b51344762d501e75d6d01ddc25ae1e8827920b5105f4169c74c9a0d7c72
Red Hat Security Advisory 2023-7720-03 - An update is now available for RHOL-5.8-RHEL-9. Issues addressed include a file disclosure vulnerability.
401f1162137dbb0a7ffbce061a025152764d87b7bf9f5d8603653b008df94cc2
Red Hat Security Advisory 2023-7691-03 - Red Hat OpenShift Container Platform release 4.11.55 is now available with updates to packages and images that fix several bugs and add enhancements.
e3052bcc3795f17b1f3b573dc1125d5a16fee0bd1d2e9ef2ae0b01feac0c4c23
Red Hat Security Advisory 2023-7690-03 - Red Hat OpenShift Container Platform release 4.11.55 is now available with updates to packages and images that fix several bugs and add enhancements.
f94fcb6da8acca58b1764c13cd51b1b32df0aae7743905cc4eff74b9063c8738
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
c86b107d52957be8d1db2d23617afb792307282d5164cf7d89fce10fcfc99454
Debian Linux Security Advisory 5577-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
c5ff8727b2a35a81281356fbaac0341a385b77c155b5b3bcff91bf3678d631d9
Ubuntu Security Notice 6555-2 - USN-6555-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled XKB button actions. An attacker could possibly use this issue to cause the X Server to crash, execute arbitrary code, or escalate privileges.
47dd680a597c860005fcb5faa12fa286b608ad37685f4dcde9e7e3d72589df43
Ubuntu Security Notice 6555-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled XKB button actions. An attacker could possibly use this issue to cause the X Server to crash, execute arbitrary code, or escalate privileges. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the RRChangeOutputProperty and RRChangeProviderProperty APIs. An attacker could possibly use this issue to cause the X Server to crash, or obtain sensitive information.
863c07bd808ab957e6fd16cdd167d2b0776d0a5422b1772f41e19758588b5ead
Proof of concept exploit for a new technique to escape from the Chrome V8 sandbox.
b533a0e53256fe5313af052c54741bea5b40ff4a27c155aca589938f876681db
Proof of concept exploit for CVE-2023-3079 that leverages a type confusion in V8 in Google Chrome versions prior to 114.0.5735.110. This issue allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This variant of the exploit applies a new technique to escape the sandbox.
07a757d77758a5b7ba1152485d4c44678d2993d2b1ba08c1da2c0301b12a31d5
Chrome V8 proof of concept exploit for CVE-2021-21220. The specific flaw exists within the implementation of XOR operation when executed within JIT compiled code.
4a0c5ace29bab9077fd3cb6f30e1b337ebb1207166906d4dc66f459257476092
Proof of concept exploit for CVE-2023-3079 that leverages a type confusion in V8 in Google Chrome versions prior to 114.0.5735.110. This issue allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.
c7ac9c003e88739db826c7b7f01e6f701dd02bd677b93702334ae6f89f6455d0
The Microsoft Windows Kernel has an issue with bad locking in registry virtualization that can result in race conditions.
8cf51c7afd8e880ffabc644d09f791fed4bac36689d7102f629eb746b2c13124
Ubuntu Security Notice 6549-3 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information.
a27df7c8ef284709fac99b7a805f0a2f50c5a350c3192cd02415e52215389439
Debian Linux Security Advisory 5576-1 - Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server, which may result in privilege escalation if the X server is running privileged.
02e7defbebaae0b355ce0347a45f3a3e36a998c50aabf68a9166432de62acb8b
PDF24 Creator versions 11.15.1 and below suffer from a local privilege escalation vulnerability via the MSI installer.
968fc9fb4051bc72306845d86156cb25074805a3bb032972995cac553c60f125
Apple Security Advisory 12-11-2023-8 - watchOS 10.2 addresses code execution and out of bounds read vulnerabilities.
5fda3cc8809e71bea3d25867809cf9d068e304b8e2950bb4b4cf9b310babd050
Apple Security Advisory 12-11-2023-7 - tvOS 17.2 addresses code execution and out of bounds read vulnerabilities.
051e144c8244346f3524af69231431144bd8aa4841e62b2f7ee5fefa336cf8b6
One Identity Password Manager versions prior to 5.13.1 suffer from a kiosk escape privilege escalation vulnerability.
697a67d1e739daefce9d6501eb44b5bb45d5475a33e15ead624f4ab3c2df62f5
Ubuntu Security Notice 6548-3 - It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service.
120c17f35edd8b18aeee9eb3372d6cffa7d573732996da27cab1c7ba15173788
Ubuntu Security Notice 6534-3 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information.
46fe3ed898cda446e97504fb5ef391931ee2a4a498ea914b4c39e38c4d5ea98d
Apple Security Advisory 12-11-2023-6 - macOS Monterey 12.7.2 addresses code execution and out of bounds read vulnerabilities.
47693b1e56b39bf58b15b599187bfd3d6db3be270bed76ffa65b4c827a66fea8
Ubuntu Security Notice 6553-1 - Nina Jensen discovered that Pydantic incorrectly handled user input in the date and datetime fields. An attacker could possibly use this issue to cause a denial of service via application crash.
d441f55bc0bebfe2c6b2b074564f5eee8dbe6779166a466fab510cb5ecfcb39b