Ubuntu Security Notice 5796-2 - USN-5796-1 fixed a vulnerability in w3m. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that w3m incorrectly handled certain HTML files. A remote attacker could use this issue to cause w3m to crash, resulting in a denial of service, or possibly execute arbitrary code.
b9c5a65178fc16d7ea8bdc9dac52b8482a42a04ade627517fab36bce1d340e2fUbuntu Security Notice 5797-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
7d038cf5cf0d352110b29efd7ebf03b7f41defff9ed3da1235cfdddef29584cdUbuntu Security Notice 5796-1 - It was discovered that w3m incorrectly handled certain HTML files. A remote attacker could use this issue to cause w3m to crash, resulting in a denial of service, or possibly execute arbitrary code.
fb2509db5276c7a38c4ef42d1e8b9433e8888d4644fe4c183980aac1d032ff8aUbuntu Security Notice 5793-2 - It was discovered that the io_uring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
d675040336f5a36e7ca116ff8ee729cb2ab25769ff6dae5749e51445e04f8c2cUbuntu Security Notice 5782-3 - USN-5782-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. It was discovered that Firefox was using an out-of-date libusrsctp library. An attacker could possibly use this library to perform a reentrancy issue on Firefox. Nika Layzell discovered that Firefox was not performing a check on paste received from cross-processes. An attacker could potentially exploit this to obtain sensitive information. Pete Freitag discovered that Firefox did not implement the unsafe-hashes CSP directive. An attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject an executable script. Matthias Zoellner discovered that Firefox was not keeping the filename ending intact when using the drag-and-drop event. An attacker could possibly use this issue to add a file with a malicious extension, leading to execute arbitrary code. Hafiizh discovered that Firefox was not handling fullscreen notifications when the browser window goes into fullscreen mode. An attacker could possibly use this issue to spoof the user and obtain sensitive information. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code.
b30a2968ea71adaa4d74717a784dc2aa83b0f4ff631d0b31a605118d8157a40aUbuntu Security Notice 5792-2 - Mingwei Zhang discovered that the KVM implementation for AMD processors in the Linux kernel did not properly handle cache coherency with Secure Encrypted Virtualization. A local attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
61a76824088434d45265841359f97a71f6e3346100e4081fc6a5ddb1b292354eUbuntu Security Notice 5791-2 - It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering.
af31e2f0f32d49436b8b155fc82a87ba9e92d354b8a376c8215264292ec1c748Ubuntu Security Notice 5787-2 - USN-5787-1 fixed vulnerabilities in Libksba. This update provides the corresponding updates for Ubuntu 16.04 ESM and Ubuntu 14.04 ESM. It was discovered that Libksba incorrectly handled parsing CRL signatures. A remote attacker could use this issue to cause Libksba to crash, resulting in a denial of service, or possibly execute arbitrary code.
82286b86067d6fc4fa31cac9d371a0b0f0692d36a900f8a50b11f9aed2f7b2c0Ubuntu Security Notice 5794-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
f94cebf0ea6c3ab3da6d1994df82f1a6cfce5dea6344042ba9c85491090964a9Ubuntu Security Notice 5793-1 - It was discovered that the io_uring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
91ba98c3c9637a1d31736093e5bfd37579c41aaa5e5abbbbc4396e2e20bfe7e1Ubuntu Security Notice 5792-1 - Mingwei Zhang discovered that the KVM implementation for AMD processors in the Linux kernel did not properly handle cache coherency with Secure Encrypted Virtualization. A local attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
0d471b882265b05e21d7d5364395548bdfdb7aabb60f28ba0290bf97ec7175cbUbuntu Security Notice 5791-1 - It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering.
c620604793b568d88ed5f96e800d17e391508664ad2fb783107dcfa6afb9a3f2Ubuntu Security Notice 5790-1 - It was discovered that the BPF verifier in the Linux kernel did not properly handle internal data structures. A local attacker could use this to expose sensitive information. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
1d9560d5aef2cc859cd9a37a38fc80172a6ac7361f6977f86ca4cee9c00d13a5Ubuntu Security Notice 5788-1 - Hiroki Kurosawa discovered that curl incorrectly handled HSTS support when certain hostnames included IDN characters. A remote attacker could possibly use this issue to cause curl to use unencrypted connections. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. It was discovered that curl incorrectly handled denials when using HTTP proxies. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code.
3ef92df63b6493af5d8bf8786dd0e272eec83c93043b706adf9ec6157dddd4d6Ubuntu Security Notice 5789-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
5e4425ebefc70941701f4366636f5c56c410100f8702999238e1ca79db767665Ubuntu Security Notice 5787-1 - It was discovered that Libksba incorrectly handled parsing CRL signatures. A remote attacker could use this issue to cause Libksba to crash, resulting in a denial of service, or possibly execute arbitrary code.
0e5e030200ca6713e581aa4a294aafe60e1493612474cf24fbd553357caa714bsqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
aa00e08007bfdb06a362a0c2798073af8e7053a97ead8ed7cca86393a94ec2e1Ubuntu Security Notice 5784-1 - It was discovered that usbredir incorrectly handled memory when serializing large amounts of data in the case of a slow or blocked destination. An attacker could possibly use this issue to cause applications using usbredir to crash, resulting in a denial of service, or possibly execute arbitrary code.
fd9ca84cec540a3bb0ec35959fdd292910f6e20932d87e2810d41a6d6bcc8550Debian Linux Security Advisory 5308-1 - Vulnerabilities have been discovered in the WebKitGTK web engine. hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. Maddie Stone discovered that processing maliciously crafted web content may lead to arbitrary code execution. KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. Multiple other issues were also addressed.
14928aa1c41eb7f7fba504e112497c87923df5cb9caf334ac3fa7072e2ab78aaGentoo Linux Security Advisory 202212-6 - Multiple vulnerabilities have been found in OpenSSH, the worst of which could result in arbitrary code execution. Versions less than 9.1_p1 are affected.
5db7a1ed97ab0d3504acdf44a7a7f54e486cb86675f0f836c6f3e8061991af24Debian Linux Security Advisory 5306-1 - Several vulnerabilities were discovered in gerbv, a Gerber file viewer, which could result in the execution of arbitrary code, denial of service or information disclosure if a specially crafted file is processed.
7896eb7f39ff77b06df66ff231f2b139698bb7e0c2257720b0e8cb19f5d9616dDebian Linux Security Advisory 5305-1 - An integer overflow flaw was discovered in the CRL signature parser in libksba, an X.509 and CMS support library, which could result in denial of service or the execution of arbitrary code.
843e53a80f0ad2baa47a3b31ceb1888ec6e137e08eb3fb471504684ad2c01fb9Gentoo Linux Security Advisory 202212-5 - Multiple vulnerabilities have been discovered in NSS, the worst of which could result in arbitrary code execution. Versions less than 3.79.2 are affected.
10fe54de09cf75cfbd19ff3734222038fd66ca90411aa4d32356162278df5737Gentoo Linux Security Advisory 202212-1 - Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. Versions less than 7.86.0 are affected.
e297fe6f1bca3eb09660ab5922cdfac1c9a3279734e9e89e74cc758a3e08ac46Gentoo Linux Security Advisory 202212-4 - A vulnerability has been discovered in LibreOffice which could result in arbitrary script execution via crafted links. Versions less than 7.3.6.2 are affected.
c757bfd0b13c85743fac5ea3a50c244e50525de1937a71683492a2382b84ea44
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed