Ubuntu Security Notice 4989-1 - It was discovered that BlueZ incorrectly checked certain permissions when pairing. A local attacker could possibly use this issue to impersonate devices. Jay LV discovered that BlueZ incorrectly handled redundant disconnect MGMT events. A local attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Various other issues were also addressed.
9bddaf7808213fef5017a3935246b0caThis Metasploit module exploits an authenticated command injection vulnerability in the /cgi-bin/pakfire.cgi web page of IPFire devices running versions 2.25 Core Update 156 and prior to execute arbitrary code as the root user.
69d36ee1b60ffec6d31a6ebc94e2dc1eAn unauthenticated server-side request forgery vulnerability exists in SAP Hybris acceleratorservices. This means that anyone accessing this extension is able to use it to make arbitrary HTTP requests, bypassing network restrictions. Versions affected include 1808, 1811, 1905, and 2005.
69fa7d47d7943e9c390416ebee975337Ubuntu Security Notice 4987-1 - It was discovered that ExifTool did not properly sanitize user data for the DjVu file format. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code.
0f6aa21e3994b529d9e4f766ebc03576Ubuntu Security Notice 4971-2 - USN-4971-1 fixed several vulnerabilities in libwebp. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that libwebp incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause libwebp to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
b82d64cb41adba3b71d4830ad200f0c4GravCMS version 1.10.7 unauthenticated arbitrary YAML write/update exploit. This is a variant exploit of the original discovery made by Mehmet Ince in April of 2021.
d339a4b0bbbddf85756e2cdfe1e8e8edThere is a vulnerability in jscript9 that could potentially be exploited to execute arbitrary code when viewing an attacker-controlled website in Internet Explorer. The vulnerability has been confirmed on Windows 10 64-bit with the latest security patches applied.
7bf1477df1aec690e996f9ebbce9b10csqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
5d549a9d48f57591c03e5e02ad82cd9fUbuntu Security Notice 4937-2 - USN-4937-1 fixed a vulnerability in GNOME Autoar. The update caused a regression when extracting certain archives. This update fixes the problem. Ondrej Holy discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into extracting a specially crafted archive, a remote attacker could create files in arbitrary locations, possibly leading to code execution. Various other issues were also addressed.
56203d8395d3d051ed05e8cd62776087Ubuntu Security Notice 4983-1 - Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly enforce limits for pointer operations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Piotr Krysiuk and Benedict Schlueter discovered that the eBPF implementation in the Linux kernel performed out of bounds speculation on pointer arithmetic. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
18944e6d71f08e1228485e41148d89d4Ubuntu Security Notice 4978-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, re-enable camera devices without an additional permission prompt, spoof the browser UI, or execute arbitrary code. It was discovered that filenames printed from private browsing mode were incorrectly retained in preferences. A local attacker could potentially exploit this to obtain sensitive information. Various other issues were also addressed.
01e79350aca3fc8a59ec16c81063b717Ubuntu Security Notice 4975-1 - It was discovered that the Django URLValidator function incorrectly handled newlines and tabs. A remote attacker could possibly use this issue to perform a header injection attack. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. Rasmus Lerchedahl Petersen and Rasmus Wriedt Larsen discovered that Django incorrectly handled path sanitation in admindocs. A remote attacker could possibly use this issue to determine the existence of arbitrary files and in certain configurations obtain their contents. Various other issues were also addressed.
8ff3e55f0ad94b7ed7a4b571a6382af7This Metasploit module exploits a SQL injection vulnerability in Cacti versions 1.2.12 and below. An admin can exploit the filter variable within color.php to pull arbitrary values as well as conduct stacked queries. With stacked queries, the path_php_binary value is changed within the settings table to a payload, and an update is called to execute the payload. After calling the payload, the value is reset.
96f2d2ce45330fd71491a45ad435fbe4Ubuntu Security Notice 4971-1 - It was discovered that libwebp incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause libwebp to crash, resulting in a denial of service, or possibly execute arbitrary code.
5bf683a898c535b77a9103e8e89306abUbuntu Security Notice 4968-2 - USN-4968-1 fixed a vulnerability in LZ4. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that LZ4 incorrectly handled certain memory operations. If a user or automated system were tricked into uncompressing a specially- crafted LZ4 file, a remote attacker could use this issue to cause LZ4 to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
f1c32f0c11f52077faf51bfa590dfe58IPS Community Suite versions 4.5.4.2 and below suffer from a PHP code injection vulnerability. The vulnerability exists because the IPS\cms\modules\front\pages\_builder::previewBlock() method allows to pass arbitrary content to the IPS\_Theme::runProcessFunction() method, which will be used in a call to the eval() PHP function. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires an account with permission to manage the sidebar (such as a Moderator or Administrator) and the "cms" application to be enabled.
1b4fb4e5987be3d21bd6ca2f13378d32Ubuntu Security Notice 4967-2 - USN-4967-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx incorrectly handled responses to the DNS resolver. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
80cc8e13b352e34dd9a56edc56696000QNAP MusicStation and MalwareRemover are affected by arbitrary file upload and command injection vulnerabilities, leading to pre-authentication remote command execution with root privileges on the NAS.
e0f4de64c7524a918a49796c1ab9986eUbuntu Security Notice 4968-1 - It was discovered that LZ4 incorrectly handled certain memory operations. If a user or automated system were tricked into uncompressing a specially- crafted LZ4 file, a remote attacker could use this issue to cause LZ4 to crash, resulting in a denial of service, or possibly execute arbitrary code.
b71409af01196b5e8a73a4a839432e0eUbuntu Security Notice 4967-1 - Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx incorrectly handled responses to the DNS resolver. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code.
b350ad62ada4bdd5b64bf7a6677cd315Gentoo Linux Security Advisory 202105-37 - A vulnerability in Nextcloud Desktop Client could allow a remote attacker to execute arbitrary commands. Versions less than 3.1.3 are affected.
c7630b6a9fdf5f2c71a54516e91e77d9Gentoo Linux Security Advisory 202105-36 - Multiple vulnerabilities have been found in cURL, the worst of which could result in the arbitrary execution of code. Versions less than 7.77.0 are affected.
94180abd6fb5ce62d4b9cd723e72a93dGentoo Linux Security Advisory 202105-35 - Multiple vulnerabilities have been found in OpenSSH, the worst of which could allow a remote attacker to execute arbitrary code. Versions less than 8.5_p1 are affected.
1dd240d43ba302be00dec5fbadf0f4d0Gentoo Linux Security Advisory 202105-28 - Multiple vulnerabilities have been found in MariaDB, the worst of which could result in the arbitrary execution of code. Versions less than 10.5.10 are affected.
c7a5a1e3b925ece6bf7fcd32de0bc0b3Gentoo Linux Security Advisory 202105-27 - Multiple vulnerabilities have been found in MySQL, the worst of which could result in the arbitrary execution of code. Versions less than 8.0.24 are affected.
b139d317926a806af6609e73f9dc58e1
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed