Red Hat Security Advisory 2024-4502-03 - An update for skopeo is now available for Red Hat Enterprise Linux 9. Issues addressed include a memory leak vulnerability.
a94afecca63f546aec9181f9000dce8011dd5339615a7f14e45bbc62f97ba524Red Hat Security Advisory 2024-4501-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
0c596bbbcb5a1088f0e5ce2a90379eee58d1c211e895b0db0ee63e2d7a8b2f52Red Hat Security Advisory 2024-4500-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.
56413b8610dc0dad2e8551fbf4bc7cda8c9684fcd1a2d5c6ea4b52069b5818e3Red Hat Security Advisory 2024-4326-03 - An update is now available for Red Hat build of Quarkus. Issues addressed include a denial of service vulnerability.
f806911ed87b07a4e916c87e592f8bee2e424c9b36bb8d5171f6f3a67cd2c837Red Hat Security Advisory 2024-2106-03 - An update is now available for Red Hat build of Quarkus.
d210e27e70cd09638d510743a91f2b8bd003b40bde80b11351858951d4ce96bcWordPress PZ Frontend Manager plugin versions 1.0.5 and below suffer from a cross site request forgery vulnerability in the change user profile picture functionality.
71b1a540c9b3265fc977fa30c1fda5b93cf9333b67a049926eee9138c3fa55c1Havoc C2 version 0.7 suffers from an unauthenticated server-side request forgery vulnerability.
230b2481f9d45d3d95942d6366c578a7c8ca2b796c5c8c16549416644fe40531Atlassian Confluence suffers from a template injection vulnerability that leads to remote code execution. This repository has three go-exploit implementations of CVE-2023-22527 that execute their payload without touching disk.
efe9acf218872fcb2aaad8260c6fdae6e0f538f783ac6624c299f3a0e4254f94Ubuntu Security Notice 6896-1 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.
23031a0845782c0666fea9cf551de81c3f62aa5f01672ed9481d97357d4ec438Debian Linux Security Advisory 5729-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in authentication bypass, execution of scripts in directories not directly reachable by any URL, server-side request forgery or denial of service.
eb3189e905bc36ecd2fc5d02a5e9ced5c23c59fc1c76baa032f550292bf26979Ubuntu Security Notice 6895-1 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A privileged attacker could possibly use this to to cause a denial of service.
13204fe1d646093191f86b432d013bd53e9fab0b9ef81134435e8e12af260d6aUbuntu Security Notice 6864-3 - It was discovered that the Intel Data Streaming and Intel Analytics Accelerator drivers in the Linux kernel allowed direct access to the devices for unprivileged users and virtual machines. A local attacker could use this to cause a denial of service. A security issue was discovered in the Linux kernel. An attacker could possibly use it to compromise the system.
3afccd52c60657160f5c19fffd7c6f30cfc9f572eb40fadf161cb1114d83f29aUbuntu Security Notice 6885-2 - USN-6885-1 fixed vulnerabilities in Apache HTTP Server. One of the security fixes introduced a regression when proxying requests to a HTTP/2 server. This update fixes the problem. Marc Stern discovered that the Apache HTTP Server incorrectly handled serving WebSocket protocol upgrades over HTTP/2 connections. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Orange Tsai discovered that the Apache HTTP Server mod_proxy module incorrectly sent certain request URLs with incorrect encodings to backends. A remote attacker could possibly use this issue to bypass authentication. Orange Tsai discovered that the Apache HTTP Server mod_rewrite module incorrectly handled certain substitutions. A remote attacker could possibly use this issue to execute scripts in directories not directly reachable by any URL, or cause a denial of service. Some environments may require using the new UnsafeAllow3F flag to handle unsafe substitutions. Orange Tsai discovered that the Apache HTTP Server incorrectly handled certain response headers. A remote attacker could possibly use this issue to obtain sensitive information, execute local scripts, or perform SSRF attacks. Orange Tsai discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. It was discovered that the Apache HTTP Server incorrectly handled certain handlers configured via AddType. A remote attacker could possibly use this issue to obtain source code.
09a87e1b0ca03b35feb4d66d7489813a4fc3939cea0c49c3c31bf9e7662b2f1fUbuntu Security Notice 6893-1 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
c921ec1fdc787bcf1c8e45327ee5c68db46fe1646615a3ebdea7f0e104640d54Ubuntu Security Notice 6894-1 - Muqing Liu and neoni discovered that Apport incorrectly handled detecting if an executable was replaced after a crash. A local attacker could possibly use this issue to execute arbitrary code as the root user. Gerrit Venema discovered that Apport incorrectly handled connections to Apport sockets inside containers. A local attacker could possibly use this issue to connect to arbitrary sockets as the root user.
49657c9f208951940a5882e6ed621f3a8835ab9be322277e1a813b58651c0404Ubuntu Security Notice 6888-2 - USN-6888-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 18.04 LTS. Elias Myllymäki discovered that Django incorrectly handled certain inputs with a large number of brackets. A remote attacker could possibly use this issue to cause Django to consume resources or stop responding, resulting in a denial of service.
8a338c088c8fff298fd87665108b1cf592bf62ff0ad1865965cfb6584411d929Red Hat Security Advisory 2024-4522-03 - An update is now available for Red Hat Ansible Automation Platform 2.4. Issues addressed include a denial of service vulnerability.
28ccebccb98bb155f87c657d443cb16c764f5f569081626bd914c8726a5e92bdRed Hat Security Advisory 2024-4520-03 - The Migration Toolkit for Containers 1.7.16 is now available. Issues addressed include a memory exhaustion vulnerability.
fb8c217f13f0cfcb7a0aa7331a8cdc3487e937065e0608d656d8b145b5eef50dRed Hat Security Advisory 2024-4329-03 - Red Hat OpenShift Container Platform release 4.14.32 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a bypass vulnerability.
f265e789ea629c567733fc7ed753006ebc39965d9df2ea89d231a26bfc7c883aWireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
5ec6028df29068d889c98489bf194a884b00831106fea1e921fea3c65f2003f5This Metasploit module exploits an authenticated administrator-level vulnerability in Atlassian Confluence, tracked as CVE-2024-21683. The vulnerability exists due to the Rhino script engine parser evaluating tainted data from uploaded text files. This facilitates arbitrary code execution. This exploit will authenticate, validate user privileges, extract the underlying host OS information, then trigger remote code execution. All versions of Confluence prior to 7.17 are affected, as are many versions up to 8.9.0.
b198d9755cf50ac9c6b86be9526d83c12bdaeab6e989721de64dd0ef6781f8d3LumisXP versions 15.0.x through 16.1.x suffer from a cross site scripting vulnerability in XsltResultControllerHtml.jsp.
44811fffdad55f59cab99ee680cea0158c35b26606a7a72215c8b74fff752970LumisXP versions 15.0.x through 16.1.x suffer from a cross site scripting vulnerability in UrlAccessibilityEvaluation.jsp.
62722fa4e4796c8ac819f4f74bff3b88e4c3207619569dd0af373cca85ccd325LumisXP versions 15.0.x through 16.1.x suffer from a cross site scripting vulnerability in main.jsp
6b2f2821d4c2d0424a401ff4ad365da2713d18f6c494dadd54e7fce8dfe51786LumisXP versions 15.0.x through 16.1.x have a hardcoded privileged identifier that allows attackers to bypass authentication and access internal pages and other sensitive information.
507655a40fa21c33f270fff3ee33944627b6c9719d3c667e8ec61677948d5b35
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed