PHPJabbers Time Slots Booking Calendar version 4.0 suffers from a CSV injection vulnerability.
4fb447ace847ed92d1335bf5393fd4452d32619a1048058570afa0d0a556480dPHPJabbers Availability Booking Calendar version 5.0 suffers from an html injection vulnerability.
cd7b4eb6699c80aff2719ca9cc48facc7cb17ddb8fb173467674ec46d022b537WordPress Phlox-Pro theme version 5.14.0 suffers from a cross site scripting vulnerability.
7618323972c79291341b4369586c35cb74a9b86756872ae676d30d86b9e86120BoidCMS version 2.0.1 suffers from multiple persistent cross site scripting vulnerabilities.
dcaa9c9935f541f7f50b855e1e4653e9ae4d96b76cb68c5ebd751eabf88d14a3GaatiTrack Courier Management System version 1.0 suffers from a remote SQL injection vulnerability.
d32a123df3242fd37fdc4dbf8ce84ed24bef9916821cba9ffa99148bfc157e28ARM Mali r44p0 suffers from a use-after-free vulnerability by freeing waitqueue with elements on it.
4fea6948aa6c6c134d3f0e82d4d907da692a000feadff0b07880f486048867a4This archive contains all of the 49 exploits added to Packet Storm in November, 2023.
4561d62960af2b314e517143d1dd7755f08be850b2ef73095e45ff6f8970e680Debian Linux Security Advisory 5569-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
d5d2209b119ae9264996f7c9c9bb3d93c4f147ce270625707943898e702df953Kopage Website Builder version 4.4.15 suffers from a persistent cross site scripting vulnerability.
fbd3eb9a6b1fa373e2b967ebba1f3a131fa434d38572c561c6273ce2e1c0683aUbuntu Security Notice 6502-4 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.
80e570dc8559f7c743948b2659e5b45954e4ef183051320784503ce69438e9e4Ubuntu Security Notice 6496-2 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.
ff4c804427ae5e3ed0edbacaa2797fb161dd9c5e4ae66c5b2f114beebd29332dUbuntu Security Notice 6495-2 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Manfred Rudigier discovered that the Intel PCI-Express Gigabit Ethernet driver in the Linux kernel did not properly validate received frames that are larger than the set MTU size, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.
84d6c0fba7b7ce39226621eb2ae128d51c090c81cff449f8466be7ea9785245cUbuntu Security Notice 6494-2 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service or possibly expose sensitive information.
f60fcecace1faaeb9fc2bd6e186bb143ebb3802e541e9c577ab37e5ad12177f5Red Hat Security Advisory 2023-7617-02 - Red Hat Build of Apache Camel for Quarkus 3.2.0 is now available.
b0eb559d37a45d9046b03d7e02bde85dce163b8bed1ee33099ddf4b37967b04bRed Hat Security Advisory 2023-7616-01 - An update for postgresql is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include integer overflow and remote SQL injection vulnerabilities.
f1a92a47c86537a6e4bb8a575856c91653cd9d712e509e980c664e1b69c5c4bfRed Hat Security Advisory 2023-7341-01 - An update is now available for Red Hat Quay 3.
f55aa5deb57499044501ca4f7d2d6a11d53e22111af0d638e4e639a3a0403a67WBCE CMS version 1.6.1 suffers from a remote shell upload vulnerability.
7695de4e35509e1c4db3c4076032af2a7d6631056618550d68d670c15cf66962CE Phoenix version 1.0.8.20 remote code execution exploit written in Python.
442e8d9deeb16781dd142ed87c294e9454d90653e85fe286945812163a1c322bUbuntu Security Notice 6527-1 - Carter Kozak discovered that OpenJDK, when compiling with AVX-512 instruction support enabled, could produce code that resulted in memory corruption in certain situations. An attacker targeting applications built in this way could possibly use this to cause a denial of service or execute arbitrary code. In Ubuntu, OpenJDK defaults to not using AVX-512 instructions. It was discovered that OpenJDK did not properly perform PKIX certification path validation in certain situations. An attacker could use this to cause a denial of service.
8b53cd17533fb9bc0359dbea211ffd58d2a6093b9d0a6c6e5c468b53d234aca1Ubuntu Security Notice 6528-1 - It was discovered that the HotSpot VM implementation in OpenJDK did not properly validate bytecode blocks in certain situations. An attacker could possibly use this to cause a denial of service. Carter Kozak discovered that OpenJDK, when compiling with AVX-512 instruction support enabled, could produce code that resulted in memory corruption in certain situations. An attacker targeting applications built in this way could possibly use this to cause a denial of service or execute arbitrary code. In Ubuntu, OpenJDK defaults to not using AVX-512 instructions.
99f46c03cbddc34da590a17abcaef6ee63b5b00b5c7801b35a79c57940ab3450Ubuntu Security Notice 6526-1 - It was discovered that GStreamer Bad Plugins incorrectly handled certain media files. A remote attacker could use this issue to cause GStreamer Bad Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code.
8f661ded181732af95910b98657b0a3faf4c5506c2b37171c60bf8b1f2091fe8Ubuntu Security Notice 6519-2 - USN-6519-1 added IMDSv2 support to EC2 hibagent. This update provides the corresponding update for Ubuntu 16.04 LTS. The EC2 hibagent package has been updated to add IMDSv2 support, as IMDSv1 uses an insecure protocol and is no longer recommended.
024464774f5ad6a8ef0d73dbedf9ba568379c0a46dcf950ee24cd4ff9b3a441bUbuntu Security Notice 6525-1 - Nicky Mouha discovered that pysha incorrectly handled certain SHA-3 operations. An attacker could possibly use this issue to cause pysha3 to crash, resulting in a denial of service, or possibly execute arbitrary code.
eb66b00b1d47d9411c1e48b06db7fbf3770b8270dffc1fb3d733e39237b10423Ubuntu Security Notice 6524-1 - Nicky Mouha discovered that PyPy incorrectly handled certain SHA-3 operations. An attacker could possibly use this issue to cause PyPy to crash, resulting in a denial of service, or possibly execute arbitrary code.
216267c9b12cf55f9938b0da711b5f1427ec8e13108e03df548bdaf2e53dce85Ubuntu Security Notice 6522-1 - It was discovered that FreeRDP incorrectly handled drive redirection. If a user were tricked into connection to a malicious server, a remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly obtain sensitive information. It was discovered that FreeRDP incorrectly handled certain surface updates. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code.
865609065980f563a252153fd91a01b72cb287a6a6682e5b26f8b9c24a700046
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed