Red Hat Security Advisory 2023-7754-03 - An update for pixman is now available for Red Hat Enterprise Linux 9. Issues addressed include integer overflow and out of bounds write vulnerabilities.
422121bbe68cb57b2583983697e5c320b2bec4226bc5dffc45c5e2fd784e7e80Red Hat Security Advisory 2023-7753-03 - An update for fence-agents is now available for Red Hat Enterprise Linux 9.
025fc9b2686920fcba00b908a1666dc1627fd40f9ae850ad5d53441e878a3c8fRed Hat Security Advisory 2023-7749-03 - An update for kernel is now available for Red Hat Enterprise Linux 9. Issues addressed include information leakage and use-after-free vulnerabilities.
89c9ce31ac110eaf650b92f8b97227e0751fc532f28bd34f126c96758196db90Red Hat Security Advisory 2023-7747-03 - An update for libxml2 is now available for Red Hat Enterprise Linux 9. Issues addressed include a buffer overflow vulnerability.
cf0ed73dffc335484b496c5c29643c9bc05b7f3be3c4430ae99015d46b35e1a2Red Hat Security Advisory 2023-7744-03 - An update for tracker-miners is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
3e7fe43466f72c6f0d67960515abcfa3f36aa007811572d672e26307990d38d0Red Hat Security Advisory 2023-7743-03 - An update for curl is now available for Red Hat Enterprise Linux 7. Issues addressed include a use-after-free vulnerability.
61dbe3d2b3594ca5695aedfacb1df711d9c810c40b51103802dcc2651ee85a6eRed Hat Security Advisory 2023-7741-03 - Updated container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog.
7512722cb5e94873c6897a5a05abf1e45455bf98605f8f2e63b3eb12e35b7c2dRed Hat Security Advisory 2023-7740-03 - An update is now available for Red Hat Ceph Storage 6.1 in the Red Hat Ecosystem Catalog.
5d82bed8484e234264b5bc783bdb9dc2eb4c1f71d3d03151c68d1d28e8894dc2Red Hat Security Advisory 2023-7739-03 - An update for tracker-miners is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
7889b26e96376a4ab0f5e8c6acbf254739c935b68a56ab6669db28254b8ec64fRed Hat Security Advisory 2023-7734-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Issues addressed include a use-after-free vulnerability.
629a3646f89618b95254e2abe6f30f00794f39e87a2c1be33f8125d99651fc94Red Hat Security Advisory 2023-7733-03 - An update for tracker-miners is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
6105620b16edee7d72c70b935b05ec32624f557c3d9089eaea0b13996bce1929Red Hat Security Advisory 2023-7732-03 - An update for tracker-miners is now available for Red Hat Enterprise Linux 8.
6306d36952e660dab6622fd658553c267c05e40281a8975775e460427bd6b992Red Hat Security Advisory 2023-7731-03 - An update for tracker-miners is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
464e1d70069a6429f185d11166773b81e0ed4322af55c39101d5414101d1b118Red Hat Security Advisory 2023-7687-03 - Red Hat OpenShift Container Platform release 4.13.26 is now available with updates to packages and images that fix several bugs and add enhancements.
0b002d3258cdc6ba405b0ae41f34a41123e640f5739792380adab8c3e09087ceRed Hat Security Advisory 2023-7682-03 - Red Hat OpenShift Container Platform release 4.14.6 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.
725ab647e9e422223841ef39b96f7776daf201798486e2ca721db480fe6144e0Red Hat Security Advisory 2023-7681-03 - Red Hat OpenShift Container Platform release 4.14.6 is now available with updates to packages and images that fix several bugs. Issues addressed include a denial of service vulnerability.
421f04c897a1e92dfc7130e342d97b0c6ef393789b827ada9b758e9e14c52768Apache Struts versions 2.0.0 through 2.3.37 (EOL), 2.5.0 through 2.5.32, and 6.0.0 through 6.3.0 suffer from an issues where an attacker can manipulate file upload parameters to enable a path traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform remote code execution.
3eabd0d7746d3af616a6a03f2fad7d9609f5c2a795390784bc379146a76826adDebian Linux Security Advisory 5575-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine.
fb2b3e50ddbe9455517494418af65058e060ac8c36d2bcce67a49bffceb3b808Debian Linux Security Advisory 5574-1 - Reginaldo Silva discovered two security vulnerabilities in LibreOffice, which could result in the execution of arbitrary scripts or Gstreamer plugins when opening a malformed file.
213eb449b719ea3918fe5b9547405966d36fc8f530f2d761e55375d63d105631This Metasploit module exploits a remote code execution vulnerability in Splunk Enterprise. The affected versions include 9.0.x before 9.0.7 and 9.1.x before 9.1.2. The exploitation process leverages a weakness in the XSLT transformation functionality of Splunk. Successful exploitation requires valid credentials, typically admin:changeme by default. The exploit involves uploading a malicious XSLT file to the target system. This file, when processed by the vulnerable Splunk server, leads to the execution of arbitrary code. The module then utilizes the runshellscript capability in Splunk to execute the payload, which can be tailored to establish a reverse shell. This provides the attacker with remote control over the compromised Splunk instance. The module is designed to work seamlessly, ensuring successful exploitation under the right conditions.
ea31fbcf387f710ebb5a4b9243ec8009edb093af5bce5d17f8b759e679c83bdfUbuntu Security Notice 6550-1 - It was discovered that Smarty, that is integrated in the PostfixAdmin code, was not properly sanitizing user input when generating templates. An attacker could, through PHP injection, possibly use this issue to execute arbitrary code. It was discovered that Moment.js, that is integrated in the PostfixAdmin code, was using an inefficient parsing algorithm when processing date strings in the RFC 2822 standard. An attacker could possibly use this issue to cause a denial of service.
63590f2a95686afe65ce57bda6bffeb19c1b4db5f13381940d89cd04952491fdUbuntu Security Notice 6549-1 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information.
0a9053db00b3d18766045707f877cd0acf8a50d5ecb0aa473dcdada6eba1c983Ubuntu Security Notice 6548-1 - It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service.
b151f8b1c0e89b126e52b50cb36a0892dbb13b53ad032fb9ccca75e4147b0865Ubuntu Security Notice 6547-1 - it was discovered that Python incorrectly handled null bytes when normalizing pathnames. An attacker could possibly use this issue to bypass certain filename checks.
8c7bb5b6bcb90779a8426f3dd40d8e11e83442d02ec24171e656ecd3e87d2dccUbuntu Security Notice 6546-1 - Reginaldo Silva discovered that LibreOffice incorrectly handled filenames when passing embedded videos to GStreamer. If a user were tricked into opening a specially crafted file, a remote attacker could possibly use this issue to execute arbitrary GStreamer plugins. Reginaldo Silva discovered that LibreOffice incorrectly handled certain non-typical hyperlinks. If a user were tricked into opening a specially crafted file, a remote attacker could possibly use this issue to execute arbitrary scripts.
01fab37c05cd681d38f4c0f1e488e1ac1bd4fefddc1383235b51249b5b081a76
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed