Gentoo Linux Security Advisory 202309-17 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions greater than or equal to 113.0.5672.126 are affected.
405a8ef4f4fdb4b2e5acdfa683735dd378fbfb67d3534ee2331748e62162fc10Gentoo Linux Security Advisory 202309-16 - Multiple vulnerabilities have been discovered in wpa_supplicant and hostapd, the worst of which could result in arbitrary code execution. Versions greater than or equal to 2.10 are affected.
ab9712587015dc8f77dfbf72fe294ede502a1c143ab940b07017ea46a539360cThis Metasploit module exploits an authentication bypass vulnerability to achieve unauthenticated remote code execution against a vulnerable JetBrains TeamCity server. All versions of TeamCity prior to version 2023.05.4 are vulnerable to this issue. The vulnerability was originally discovered by SonarSource.
9b42a137d2171272114f4f82b7d3c86e4a6e0716fd13735f9ad8df778b17a4bcGentoo Linux Security Advisory 202309-11 - Multiple vulnerabilities have been found in libsndfile, the worst of which could result in arbitrary code execution. Versions greater than or equal to 1.1.0 are affected.
61d3be875284b445f1c277826c77b90685e675313e19da3b45afa72eacb5788eRed Hat Security Advisory 2023-5405-01 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include buffer overflow and code execution vulnerabilities.
61b9ae5f5834076931830deb713732d45ab5e8855b2ea683c9d5440e98b32ee8Apple Security Advisory 2023-09-21-1 - Safari 16.6.1 addresses a code execution vulnerability.
766524a7cd017ff0881465c9f9c8e4ddd7862131dbd353efe01b6bc192483827Red Hat Security Advisory 2023-5239-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include buffer overflow, code execution, and denial of service vulnerabilities.
45524df89c7207127ca092b7adc930ba289bae5163839a6e1874326b61dec625Red Hat Security Advisory 2023-5264-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include buffer overflow, code execution, and denial of service vulnerabilities.
251fc333f220982b50c672eb4d632ab062b755cde0078eae48238e56700200b0This Metasploit module exploits an unauthenticated command injection vulnerability by combining two critical vulnerabilities in Apache Airflow version 1.10.10. The first, CVE-2020-11978, is an authenticated command injection vulnerability found in one of Airflow's example DAGs, "example_trigger_target_dag", which allows any authenticated user to run arbitrary OS commands as the user running Airflow Worker/Scheduler. The second, CVE-2020-13927, is a default setting of Airflow 1.10.10 that allows unauthenticated access to Airflow's Experimental REST API to perform malicious actions such as creating the vulnerable DAG above. The two CVEs taken together allow vulnerable DAG creation and command injection, leading to unauthenticated remote code execution.
bb3e8db54407d69676a1eba8103ab6fd9b1a3d72a85765a5ca4067e046a3ef88An unauthenticated remote code execution vulnerability exists in the embedded webserver in certain Lexmark devices through 2023-02-19. The vulnerability is only exposed if, when setting up the printer or device, the user selects "Set up Later" when asked if they would like to add an Admin user. If no Admin user is created, the endpoint /cgi-bin/fax_change_faxtrace_settings is accessible without authentication. The endpoint allows the user to configure a number of different fax settings. A number of the configurable parameters on the page fail to be sanitized properly before being used in a bash eval statement, allowing for an unauthenticated user to run arbitrary commands.
55b25ea44278a5136992f906756ff24cc7e2991ab7847a6388c6522fffc7a70aAtos Unify OpenScape Session Border Controller, Atos Unify OpenScape Branch, and Atos Unify OpenScape BCF suffer from remote code execution and missing authentication vulnerabilities. Atos OpenScape SBC versions before 10 R3.3.0, Branch version 10 versions before R3.3.0, and BCF version 10 versions before 10 R10.10.0 are affected.
e2e8c6ce30a0287849087e96a892584daa40873cf0049db9a9cd2dc86e763b18Red Hat Security Advisory 2023-5178-01 - BusyBox is a binary file that combines a large number of common system utilities into a single executable file. BusyBox provides replacements for most GNU file utilities, shell utilities, and other command-line tools. Issues addressed include a code execution vulnerability.
7c72db5f7b570141670662cc2dbbef8381317a72432a3def63d5b819c76bcea1This Metasploit module exploits a buffer overflow condition in Ivanti Avalanche MDM versions prior to 6.4.1. An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in arbitrary code execution with the NT/AUTHORITY SYSTEM permissions. This vulnerability occurs during the processing of 3/5/8/100/101/102 item data types. The program tries to copy the item data using qmemcopy to a fixed size data buffer on stack. Upon successful exploitation the attacker gains full access to the target system. This vulnerability has been tested against Ivanti Avalanche MDM version 6.4.0.0 on Windows 10.
f923d88a736ee1b1d58c5f717428d9695cfc5a4107837de0f4006d0c4a042202Gentoo Linux Security Advisory 202309-7 - Multiple vulnerabilities have been discovered in Binwalk, the worst of which could result in remote code execution. Versions greater than or equal to 2.3.4 are affected.
629e63c75e19460b55c757d10748c02a2dbe303a368d8e404725f915af8384ddGentoo Linux Security Advisory 202309-6 - Multiple vulnerabilities have been discovered in Samba, the worst of which could result in root remote code execution. Versions greater than or equal to 4.18.4 are affected.
6a49581d3fdfb4a2202121f6c5b6544b859edc2a8b279089f9dbccf4ce66b153Gentoo Linux Security Advisory 202309-4 - An arbitrary file overwrite vulnerability has been discovered in RAR and UnRAR, potentially resulting in arbitrary code execution. Versions greater than or equal to 6.23 are affected.
5a06e6649971fc4849f8ff18bd2becdac0040f6dd14b63af1af82e010cf3ebcbGentoo Linux Security Advisory 202309-3 - Multiple vulnerabilities have been discovered in GPL Ghostscript, the worst of which could result in remote code execution. Versions greater than or equal to 10.01.2 are affected.
1942df8f52d75992217f8bd8dcc306d788649233f8c8deb1d563cbc9ec03f4bfApple Security Advisory 2023-09-11-3 - macOS Big Sur 11.7.10 addresses buffer overflow and code execution vulnerabilities.
e3e9525ad72dffcd0e1b6b70efe0dff251b7497e3738fa4f0c019ffb52130d79Apple Security Advisory 2023-09-11-2 - macOS Monterey 12.6.9 addresses buffer overflow and code execution vulnerabilities.
7a9898c50dc2e6d2a675c03d464d6802e44e6c13add6151062c04e94b34ac492Apple Security Advisory 2023-09-11-1 - iOS 15.7.9 and iPadOS 15.7.9 addresses buffer overflow and code execution vulnerabilities.
839671b537da476dd4b6253246cf449d2077598184f74ee49f54ce065768092dRed Hat Security Advisory 2023-5165-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. Issues addressed include code execution, denial of service, deserialization, and integer overflow vulnerabilities.
c7bacd29d694aaaaf457349ec19016b4d130ffc214bfce870fe209e62bdbdd3cThis Metasploit module exploits an authentication bypass in Ivanti Sentry which exposes API functionality which allows for code execution in the context of the root user.
ea4bf146aae20e6532518f5f14a0339f6c32348de42b3b15936e869ed48d8e04This Metasploit module exploits a vulnerability found in Online Pizza Ordering System version 1.0. By abusing the admin_class.php file, a malicious user can upload a file to the img/ directory without any authentication, which results in arbitrary code execution. The module has been tested successfully on Ubuntu 22.04.
3002ce5e2a8a96ceb421dddfd1cd12fa3676d726242592bcbe8fb80e7b19715fRed Hat Security Advisory 2023-5044-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.
82e90d2ba0cd6032ed008d6aaa2e8803b85aa597c04e711dfc6f323a0f1b3c4aRed Hat Security Advisory 2023-5046-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.
dbe2f0dec4150cab698a0c9c3bdc28e71a68d7b1a20a4a7c30418fed2ae13d62
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed