WordPress Gallery version 2.3.6 suffers from a persistent cross site scripting vulnerability.
9990f27141fa50dbcf6dae3361bc6d4c2338d73c0a6e1ad8744bba827135491cUbuntu Security Notice 6851-2 - USN-6851-1 fixed vulnerabilities in Netplan. The update lead to the discovery of a regression in netplan which caused systemctl enable to fail on systems without dbus. This update fixes the problem.
82cee2b35b1e5d0b5b6cdefbfdecf0f769fea60436a4592b512991e19f2bec06Ubuntu Security Notice 6844-2 - USN-6844-1 fixed vulnerabilities in the CUPS package. The update lead to the discovery of a regression in CUPS with regards to how the cupsd daemon handles Listen configuration directive. This update fixes the problem. Rory McNamara discovered that when starting the cupsd server with a Listen configuration item, the cupsd process fails to validate if bind call passed. An attacker could possibly trick cupsd to perform an arbitrary chmod of the provided argument, providing world-writable access to the target.
2d4b6837a5473d1bcb1c6e80862c93fdeacfe8e036cefcc287b3d6d444af72d5Red Hat Security Advisory 2024-4212-03 - An update for golang is now available for Red Hat Enterprise Linux 9.
c536dc515d6d63ea938cd0ad2a5a0a049b4575b7f758f2246928de68ef739ebbRed Hat Security Advisory 2024-4211-03 - An update for kernel is now available for Red Hat Enterprise Linux 8. Issues addressed include double free, memory leak, null pointer, spoofing, and use-after-free vulnerabilities.
1371ac36bc148dc61e35201a09acf72512a7984de48d7d6416e8beed509acffaRed Hat Security Advisory 2024-4210-03 - An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.9 for RHEL 8. Issues addressed include a denial of service vulnerability.
f4bf9b4b1acaf95665d6f131d2cc812ba2f539cc7b1072609e42181dbf692f4eRed Hat Security Advisory 2024-4209-03 - An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.2 for RHEL 8. Issues addressed include a denial of service vulnerability.
c131c74abd3aa69c24313328deb03b78c721e5c15345b0bfac9703c52e84be30The PowerVR driver does not sanitize ZS-Buffer / MSAA scratch firmware addresses.
c2daa30504b0e8c789700f2b12ba70633fcac40fa494865c6f36f0fc4494835bUbuntu Security Notice 6859-1 - It was discovered that OpenSSH incorrectly handled signal management. A remote attacker could use this issue to bypass authentication and remotely access systems without proper credentials.
bcfd1b7ff658bbf12659082b47acf8efddd6d98fb26b5263228f3aa943bdcaa6Debian Linux Security Advisory 5724-1 - The Qualys Threat Research Unit (TRU) discovered that OpenSSH, an implementation of the SSH protocol suite, is prone to a signal handler race condition. If a client does not authenticate within LoginGraceTime seconds (120 by default), then sshd's SIGALRM handler is called asynchronously and calls various functions that are not async-signal-safe. A remote unauthenticated attacker can take advantage of this flaw to execute arbitrary code with root privileges. This flaw affects sshd in its default configuration.
5e87f7e6953882200bcca86b932c1100ae34b3674c68208e709aa0522427b2f9Gentoo Linux Security Advisory 202407-8 - Multiple vulnerabilities have been discovered in GNU Emacs and Org Mode, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 26.3-r16:26 are affected.
21e015a898ac7f1d5a6eb054d0058e45054a588c3a6600d711b60ae099daae5aGentoo Linux Security Advisory 202407-7 - A vulnerability has been discovered in cpio, which can lead to arbitrary code execution. Versions greater than or equal to 2.13-r1 are affected.
e20c4abc5e7c436bdee6268fc5dfb6f62a3c64d05b62800a8a445c86432c78bcThis archive contains all of the 65 exploits added to Packet Storm in June, 2024.
6b8363c7550af80f944a838328e0d44ec8c298374dff3f3acb6c4e80bc9bbd1dQualys has discovered a a signal handler race condition vulnerability in OpenSSH's server, sshd. If a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously, but this signal handler calls various functions that are not async-signal-safe - for example, syslog(). This race condition affects sshd in its default configuration.
7826092019b763740fb3de1d429e43d078262e82a1ebe5f37c468e1d5ea080c4This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
dd8bd002a379b5d499dfb050dd1fa9af8029e80461f4bb6c523c49973f5a39f3Ubuntu Security Notice 6858-1 - It was discovered that eSpeak NG did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code.
b4e4adc488d96044e90d1118bf391482740248127a9712daf429decebd0051dfGentoo Linux Security Advisory 202407-6 - Multiple vulnerabilities have been discovered in cryptography, the worst of which could lead to a denial of service. Versions greater than or equal to 42.0.4 are affected.
f8620483b3b729d77ad368cacfffca0d4fba7017da142ea0d7b075a566f1f717Gentoo Linux Security Advisory 202407-5 - A vulnerability has been discovered in SSSD, which can lead to arbitrary code execution. Versions greater than or equal to 2.5.2-r1 are affected.
78863cd9f2256e75b7be1dbcffe0eba58f8403147ba315de156c3b25ec386cb6Simple Laboratory Management System version 1.0 suffers from a remote time-based SQL injection vulnerability.
a3e1c655f937eff9ebf2da2b353c83e263683a3967db2f21f5ca4143cdf81204Ubuntu Security Notice 6855-1 - Mansour Gashasbi discovered that libcdio incorrectly handled certain memory operations when parsing an ISO file, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.
00050c8509097ce19c76d6a92ba7dc869c0e9ef151f2531257842f3d54d03f9fGentoo Linux Security Advisory 202406-6 - Multiple vulnerabilities have been discovered in GStreamer and GStreamer Plugins, the worst of which could lead to code execution. Versions greater than or equal to 1.22.11-r1 are affected.
fec3a8343a74b9d1fe7699008262c7399508766a646b2c0ee811200f5afffa94Azon Dominator Affiliate Marketing Script suffers from a remote SQL injection vulnerability.
948d6760bf02f4b346c3cc86879bf4dbca5d1715bf86d80951f180deacf66adaGentoo Linux Security Advisory 202407-2 - A vulnerability has been discovered in SDL_ttf, which can lead to arbitrary memory writes. Versions greater than or equal to 2.20.0 are affected.
cf6c23c65466d430a6abe30ac22947508be6d87b0ad3ea87daef29078ade3161Gentoo Linux Security Advisory 202407-4 - A vulnerability has been discovered in Pixman, which can lead to a heap buffer overflow. Versions greater than or equal to 0.42.2 are affected.
4ec34af770f05436d1f7cdeeb63d88663079e0b8ce91cfef93e1dbb733faafeeGentoo Linux Security Advisory 202407-3 - A vulnerability has been discovered in Liferea, which can lead to remote code execution. Versions greater than or equal to 1.12.10 are affected.
0858d5d56d91223cf873493729d2d66ce9e88639f0d9056844858758a17a8500
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed