Debian Linux Security Advisory 5814-1 - A security issue was discovered in Thunderbird, which could result in the disclosure of OpenPGP encrypted messages.
f4443ed9384523d3abd4c6e094c23140071005acad52f74522bbc76a50c61b13Debian Linux Security Advisory 5813-1 - Moritz Rauch discovered that the Symfony PHP framework implemented persisted remember-me cookies incorrectly, which could result in authentication bypass.
e9c9a8326794040dd9177127445ba714c9333b88e1f6e6b41a6df5985ba53e3eSOPlanning version 1.52.01 authenticated remote code execution exploit.
aa2b0281cd44426371fcd74740cdc742a4967b78355a65e5c712e22f50b852b6Debian Linux Security Advisory 5812-1 - Multiple security issues were discovered in PostgreSQL, which may result in the execution of arbitrary code, privilege escalation or log manipulation.
abb6dfdb39e0f1210c77d3a3255391005a7200482ed21d2007d66c5cb1de9267Ubuntu Security Notice 7108-1 - Fabian Bäumer, Marcus Brinkmann, and Joerg Schwenk discovered that AsyncSSH did not properly handle the extension info message. An attacker able to intercept communications could possibly use this issue to downgrade the algorithm used for client authentication. Fabian Bäumer, Marcus Brinkmann, and Joerg Schwenk discovered that AsyncSSH did not properly handle the user authentication request message. An attacker could possibly use this issue to control the remote end of an SSH client session via packet injection/removal and shell emulation.
879c1bba1c6e49f095f223b8a2b416c8ae15269b5259350aefb2b128068cebe4Ubuntu Security Notice 7106-1 - It was discovered that Tomcat did not include the secure attribute for session cookies when using the RemoteIpFilter with requests from a reverse proxy. An attacker could possibly use this issue to leak sensitive information. It was discovered that Tomcat had a vulnerability in its FORM authentication feature, leading to an open redirect attack. An attacker could possibly use this issue to perform phishing attacks.
a7e1f25fa58014ab4990b4ca73018677dc891d2ab83b50bc02c672928853008fRed Hat Security Advisory 2024-9680-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.
5e84fedd1a55610efb37e4cd55c473c8354b2e43c61a8e55f36a6a31453cb759Red Hat Security Advisory 2024-9654-03 - An update for libsoup is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Issues addressed include a HTTP request smuggling vulnerability.
14a8714878a1421638c275067af274c146cde9a20961b22b0ac264e25c73719eRed Hat Security Advisory 2024-9653-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.
af16f2d0ab8f93277bad9bab810989371c95502791998f695a259f331e3215e3Red Hat Security Advisory 2024-9644-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.
ccba95ea7d6d262441aa0ee08c9f1e6839cd97ce7b32abadedb753c95f08a29dRed Hat Security Advisory 2024-9637-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
dd81cc0fd25b17a1982c81914b4c5a21c402a7aec9516bc2553be200b3e14972Red Hat Security Advisory 2024-9627-03 - Red Hat OpenShift Service Mesh Containers for 2.6.3. Issues addressed include a denial of service vulnerability.
68f97204f8cd7e3ac2d5e745721ad7b2f01bd97b51e704342951937d12e03cbaRed Hat Security Advisory 2024-9624-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a denial of service vulnerability.
63c7f449362d4a294c2a7f58bbbf3e1dc01ab14e30dc5b33711f1e8d8a666102Ubuntu Security Notice 7089-6 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
515b12c4124017f9c9b2a16d46a9bd62684fd3cd10bf1db6c2b42939bd7a194aUbuntu Security Notice 7112-1 - It was discovered that the GD Graphics Library did not perform proper bounds checking while handling BMP and WebP files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service.
79519e626cd3d16dd3eb3af83d09539a391326284b873a411f29ab8e922b9563Ubuntu Security Notice 7111-1 - Philippe Antoine discovered that Go incorrectly handled crafted HTTP/2 streams. An attacker could possibly use this issue to cause a denial of service. Marten Seemann discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting in a denial of service. Ameya Darshan and Jakob Ackermann discovered that Go did not properly validate the amount of memory and disk files ReadForm can consume. An attacker could possibly use this issue to cause a panic resulting in a denial of service.
8309e2cc82bec72641de9766c00b5b04be56b3f96d79c53bdc77264e677a87a9Ubuntu Security Notice 7088-5 - Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
c4e7f1b5ea3bf3722a4cbe7f2f32f3a71766382741673a08f931c00204a0c5a6Ubuntu Security Notice 7089-5 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
38c2b5bbf914d159a695ab1789496137c8c27f28f851de9815a9296aa57c2bdeUbuntu Security Notice 7071-2 - A security issue was discovered in the Linux kernel. An attacker could possibly use this to compromise the system.
4600b05a59b404330cebcee8721bbdf4b80ce45ff3349218774f16c47979b7b7Ubuntu Security Notice 7049-2 - USN-7049-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that PHP incorrectly handled parsing multipart form data. A remote attacker could possibly use this issue to inject payloads and cause PHP to ignore legitimate data.
1ef836801b877272adfe67ac7b50491e2b11f94aae8175ec4b8655236596a7edUbuntu Security Notice 7110-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
bf1a03d0be2b727fc9dee77e804300ce9b9409eafee43a69c1d54846bcfab354Siemens Energy Omnivise T3000 version 8.2 SP3 suffers from local privilege escalation, cleartext storage of passwords in configuration and log files, file system access allowing for arbitrary file download, and IP whitelist bypass.
f3ace4f4cb5b84a560a9593357976ec236f7e116327a16dffefa142cb8440217TX Text Control .NET Server For ASP.NET has an issue where it was possible to change the configured system path for reading and writing files in the underlying operating system with privileges of the user running a web application.
87daef249524395b391c7767b295ddf96c40db5d4fbd376c76c034cc5844d043Proof of concept remote code execution exploit for GravCMS 1.10.7 that leverages an arbitrary YAML write / update.
5cb1696418ca010542d02a039fd2e7ced0fb5abc292d2bf9e447350af4776e32Proof of concept remote code execution exploit for PHP-CGI that affects versions 8.1 before 8.1.29, 8.2 before 8.2.20, and 8.3 before 8.3.8.
a6b63ce9c93a3021236a9a584571d58798fe9d500b30228bb2141feca495c4d9
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed