Ubuntu Security Notice 5359-1 - Danilo Ramos discovered that rsync incorrectly handled memory when performing certain zlib deflating operations. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code.
d86fd6c18100320089eb6c892b3934a7fd83a90dab64630caba832caecfe673fUbuntu Security Notice 5356-1 - Alexandre Bartel discovered that DOSBox incorrectly handled long lines in certain files. An attacker could possibly use this issue to execute arbitrary code. Alexandre Bartel discovered that DOSBox incorrectly performed access control over certain directories. An attacker could possibly use this issue to execute arbitrary code.
e3839ee571468680b81112957309e74a8af6ee0fa66b2e646caf9672ba1cf90fUbuntu Security Notice 5358-1 - It was discovered that the network traffic control implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the IPsec implementation in the Linux kernel did not properly allocate enough memory when performing ESP transformations, leading to a heap-based buffer overflow. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
6014beb1c2288fa564666e3a8cc2728d4f9100f4d4f9d8585a4f7e619cce7702Ubuntu Security Notice 5357-1 - It was discovered that the IPsec implementation in the Linux kernel did not properly allocate enough memory when performing ESP transformations, leading to a heap-based buffer overflow. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
d5cfae3dd3a1ace57560baad4ec8506d71d870b74dea62b48667b6febe4c77dbUbuntu Security Notice 5355-2 - USN-5355-1 fixed a vulnerability in zlib. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Danilo Ramos discovered that zlib incorrectly handled memory when performing certain deflating operations. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code.
bd7bd9de57a4bed18909c272ff1654178c42449228d7c6020d29b7ecf83a4081Ubuntu Security Notice 5355-1 - Danilo Ramos discovered that zlib incorrectly handled memory when performing certain deflating operations. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code.
23634ab2e48f0bdf4e10ce11f4dbd2b9a409a2e06ec401c9576d2434ceac9f05Ubuntu Security Notice 5350-1 - It was discovered that Chromium incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
7c7a4c167fe50a7b42bf84126d0d09be27e52d593b977b8cbe1af81c3d7b11a1Ubuntu Security Notice 5353-1 - It was discovered that the IPsec implementation in the Linux kernel did not properly allocate enough memory when performing ESP transformations, leading to a heap-based buffer overflow. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
406d29aa368301ce542b4f6f12fd32301120acf9aa904fef9458e3370d29fa8dFingerprint Attendance version 1.0 allows for an arbitrary password reset of any user.
349d72455afa61c19576dd3b35d2b351fb9e9242b3dc49747aede103705ebd0bUbuntu Security Notice 5348-1 - David Gnedt and Thomas Konrad discovered that Smarty was incorrectly sanitizing the paths present in the templates. An attacker could possibly use this use to read arbitrary files when controlling the executed template. It was discovered that Smarty was incorrectly sanitizing the paths present in the templates. An attacker could possibly use this use to read arbitrary files when controlling the executed template.
0772a4f586431a77ce7e420bfb608884c2576b38b6bef725c3a3b511a53168bdUbuntu Security Notice 5321-3 - USN-5321-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, bypass security restrictions, obtain sensitive information, or execute arbitrary code. A TOCTOU bug was discovered when verifying addon signatures during install. A local attacker could potentially exploit this to trick a user into installing an addon with an invalid signature.
3d7bc90a79a0814602089234f5c04c4d39f5707208f69d54d7ec8df656aa52b2Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. Nick Gregory discovered that the Linux kernel incorrectly handled network offload functionality. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
2192c199581e31d17ad1f82ccb72319fb36da887cc27a4431990dced1f3967d7Ubuntu Security Notice 5345-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, obtain sensitive information, cause undefined behaviour, spoof the browser UI, or execute arbitrary code. It was discovered that extensions of a particular type could auto-update themselves and bypass the prompt that requests permissions. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to bypass security restrictions.
158e67eea2f1566d437c34e7e51105fbd18e6d48a7076eb1db7f2932c00300c5Foxit PDF Editor (iOS) version 11.3.1 suffers from an arbitrary file upload vulnerability.
eee6585def5e7c7d4e32865c6af95620ceb8365f388cac02687c0e833289acfaImpressCMS versions 1.4.2 and below pre-authentication SQL injection to remote code execution exploit. User input passed through the "groups" POST parameter to the /include/findusers.php script is not properly sanitized before being passed to the icms_member_Handler::getUserCountByGroupLink() and icms_member_Handler::getUsersByGroupLink() methods. These methods use the first argument to construct a SQL query without proper validation, and this can be exploited by remote attackers to e.g. read sensitive data from the "users" database table through boolean-based SQL Injection attacks. The application uses PDO as a database driver, which allows for stacked SQL queries, as such this vulnerability could be exploited to e.g. create a new admin user and execute arbitrary PHP code.
576e64698cc9d7062dccead415b9bdbbe2c02e4ae86258cd980164b5e56355ccUbuntu Security Notice 5340-1 - Kyaw Min Thein discovered that CKEditor incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affects Ubuntu 18.04 LTS. Micha Bentkowski discovered that CKEditor incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
9cd0120842dd043b5e493d3eb8821794d81f1b61c1e795bb4c60d255fb26b0b3WordPress Amministrazione Aperta plugin version 3.7.3 suffers from an arbitrary file read vulnerability.
1af5cdbca2fba34e20952246b62d1c6ea3c147e377bb3da4d6af9bc7e3a8b828ImpressCMS versions 1.4.2 and below suffer from a path traversal vulnerability that can allow for arbitrary file deletion.
54cb7c2588875cdae13b83017043e25037564efb357fe49a475251f02139a0d4Ubuntu Security Notice 5337-1 - It was discovered that the BPF verifier in the Linux kernel did not properly restrict pointer types in certain situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges.
4dff7bdfe15d8b868bc4461cfd70105479202ceeccf3bca61cd797c093e0dd5aWordPress iQ Block Country plugin version 1.2.13 suffers from an arbitrary file deletion vulnerability.
f0010d1dc3064386061b5ec573e0ad6624d9a232d481f124beeca9af833a6844Ubuntu Security Notice 5334-1 - It was discovered that man-db incorrectly handled permission changing operations in its daily cron job, and was therefore affected by a race condition. An attacker could possibly use this issue to escalate privileges and execute arbitrary code.
add317a5b70e25176f9c2f5d18c0835076f10094c0aa267e733a69d170fd2acdUbuntu Security Notice 5331-1 - It was discovered that tcpdump incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. It was discovered that tcpdump incorrectly handled certain captured data. An attacker could possibly use this issue to cause a denial of service.
1d5f8cad45dcdb42f66dccd02e8ff366a5939d04f5522deaf7673ae1a91d5ad3Ubuntu Security Notice 5325-1 - Sam Foxman discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this issue to regain dropped privileges. It was discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
2815342c4cdaeae4ab9c8827097fde4fdda0fb158320b2765458587fe19ecd13Ubuntu Security Notice 5324-1 - It was discovered that libxml2 incorrectly handled certain XML files. An attacker could use this issue to cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code.
1c5149aad5b6facae2ac354370493c1b521e49e3b4342c008109ec12f8ec6a06Ubuntu Security Notice 5323-1 - It was discovered that NBD incorrectly handled name length fields. A remote attacker could use this issue to cause NBD to crash, resulting in a denial of service, or possibly execute arbitrary code.
77d0e6f999cc44c9d85a24c4876e5d030dfba11e02ef908b0cee49add8818def
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed