Debian Linux Security Advisory 5728-1 - Phillip Szelat discovered that Exim, a mail transport agent, does not properly parse a multiline RFC 2231 header filename, allowing a remote attacker to bypass a $mime_filename based extension-blocking protection mechanism.
1319bc5df5d7620705633184f3bea1c784792378da27d5aeafbceffa69f5379fDebian Linux Security Advisory 5727-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or privilege escalation.
2523385fae70cf9d7e1b9deceb6dd134ddad7cc34eb85646a5da5277f602c176WordPress Poll Maker plugin version 5.3.2 suffers from a remote SQL injection vulnerability.
412661be72a0f1455977b2bc649510ea25f659ce8916ac1617c93065fb279cc6Ubuntu Security Notice 6891-1 - It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 18.04 LTS. It was discovered that Python incorrectly used regular expressions vulnerable to catastrophic backtracking. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS.
fbe8fb1e1da71de79cf48d36a39bf43a4be9940567b335a2187326de0f10f8feUbuntu Security Notice 6892-1 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.
1be86e553b162ce9d9fd8fc31873fb51eaca06565f561d7ea634d412de51ed92Ubuntu Security Notice 6868-2 - Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
b3f1c888d3af0efd0c3b38e488343d19363e379f35a4e3ceb4e6c3fc7f27c109Ubuntu Security Notice 6866-3 - It was discovered that the ext4 file system implementation in the Linux kernel did not properly validate data state on write operations. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service. It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.
cd531bd98e8b9bc6399b28fcdad6313e6b25ed3910dd56bf9af73db0843fc2b2ESET NOD32 Antivirus version 17.2.7.0 suffers from an unquoted service path vulnerability.
15433b833752badf84eb655e3ab8d18cc641b65960b6406504c020083f4be3fbRed Hat Security Advisory 2024-4505-03 - Moderate: An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Issues addressed include a denial of service vulnerability.
be785a878ed47b4c2ae5564f1a2a87714e37677e651795f85498ddac810ebb0cRed Hat Security Advisory 2024-4504-03 - An update for httpd is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a HTTP response splitting vulnerability.
ef9737cf760d7226130a844b4c1b6d25b6065b271e03de2f85945bb59a0e734dRed Hat Security Advisory 2024-4499-03 - An update for ruby is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.
edebc8f5afe8726b51356da3155f8e6a70bc190c6c176f409446deb659378f5aRed Hat Security Advisory 2024-4464-03 - Red Hat Advanced Cluster Management for Kubernetes 2.10.4 General Availability release images, which apply security fixes and fix bugs. Issues addressed include a denial of service vulnerability.
84e08de1926cc6019639e72cc8e05ee0fd58b75b6ea1b0816b3adc945ee2ed83Red Hat Security Advisory 2024-4462-03 - An update for ghostscript is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a code execution vulnerability.
df6ac4e6527d489ea345f44f1cbc77c7a75c3237cada3a412c94b5454206114eRed Hat Security Advisory 2024-4460-03 - An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.
d28a3b9ac11b67eb628452afa330ddead45cea49f0e9c771b9ba40d7d5cd1b38Red Hat Security Advisory 2024-4457-03 - An update for openssh is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.
19e854189f84add142987e31e415aaf6c71b0ca17400f7114bed60097201c3e6Red Hat Security Advisory 2024-4456-03 - An update for python3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include a traversal vulnerability.
4a9d9ea60dde4871c0b87e63a05eeadf708c75248213361a2e0527c8176cd4b5Red Hat Security Advisory 2024-4455-03 - Red Hat OpenShift Virtualization release 4.16.0 is now available with updates to packages and images that fix several bugs and add enhancements.
bc67c065b1a06b75ccaaa2758f02c4f131706248451c64dc4e25d90cdf8f1755Red Hat Security Advisory 2024-4321-03 - Red Hat OpenShift Container Platform release 4.15.21 is now available with updates to packages and images that fix several bugs and add enhancements.
d107cf3bafce3721d58cf74a69589eec0969a694b678432ff9feef150a95d648Red Hat Security Advisory 2024-2096-03 - Moderate: Logging for Red Hat OpenShift - 5.9.1.
b1da92ef4236fd816a8ea918eafff23fe20f4e61db11341b28a584844f50f0faUbuntu Security Notice 6890-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. It was discovered that Firefox did not properly manage certain memory operations in the NSS. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code.
f15b11906373e1b7a6004445dd8950a42b25db0fbd2a71c72c0958a58395f972Gentoo Linux Security Advisory 202407-25 - Multiple vulnerabilities have been discovered in Buildah, the worst of which could lead to privilege escalation. Versions greater than or equal to 1.35.3 are affected.
0793deb8132335b967a1d75288ab156d742b15aa3f18d3454f2dc00333d65d32Ubuntu Security Notice 6889-1 - It was discovered that .NET did not properly handle object deserialization. An attacker could possibly use this issue to cause a denial of service. Radek Zikmund discovered that .NET did not properly manage memory. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. It was discovered that .NET did not properly parse X.509 Content and ObjectIdentifiers. An attacker could possibly use this issue to cause a denial of service.
29def484475a15637303447dfc4e604fe477491195eb731024cf2e3f24efc492Gentoo Linux Security Advisory 202407-24 - A vulnerability has been discovered in HarfBuzz, which can lead to a denial of service. Versions greater than or equal to 7.1.0 are affected.
74f06b80cd0efe5d042d7a1d3f1a2a43b832ade8aadfb58650abdc211a2b92a1Ubuntu Security Notice 6881-1 - It was discovered that Exim did not enforce STARTTLS sync point on client side. An attacker could possibly use this issue to perform response injection during MTA SMTP sending.
162d61add82fe3079c065037c1d951484e3fd36df8236a2a6f66fe6e8598f9e4Ubuntu Security Notice 6888-1 - Elias Myllymäki discovered that Django incorrectly handled certain inputs with a large number of brackets. A remote attacker could possibly use this issue to cause Django to consume resources or stop responding, resulting in a denial of service. It was discovered that Django incorrectly handled authenticating users with unusable passwords. A remote attacker could possibly use this issue to perform a timing attack and enumerate users.
791881defe2727ac18e86e4442d15acbdda888780823a86fc853564c05acb3de
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed