Ubuntu Security Notice 6502-4 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.
80e570dc8559f7c743948b2659e5b45954e4ef183051320784503ce69438e9e4Ubuntu Security Notice 6496-2 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.
ff4c804427ae5e3ed0edbacaa2797fb161dd9c5e4ae66c5b2f114beebd29332dRed Hat Security Advisory 2023-7616-01 - An update for postgresql is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include integer overflow and remote SQL injection vulnerabilities.
f1a92a47c86537a6e4bb8a575856c91653cd9d712e509e980c664e1b69c5c4bfWBCE CMS version 1.6.1 suffers from a remote shell upload vulnerability.
7695de4e35509e1c4db3c4076032af2a7d6631056618550d68d670c15cf66962CE Phoenix version 1.0.8.20 remote code execution exploit written in Python.
442e8d9deeb16781dd142ed87c294e9454d90653e85fe286945812163a1c322bUbuntu Security Notice 6526-1 - It was discovered that GStreamer Bad Plugins incorrectly handled certain media files. A remote attacker could use this issue to cause GStreamer Bad Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code.
8f661ded181732af95910b98657b0a3faf4c5506c2b37171c60bf8b1f2091fe8Ubuntu Security Notice 6522-1 - It was discovered that FreeRDP incorrectly handled drive redirection. If a user were tricked into connection to a malicious server, a remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly obtain sensitive information. It was discovered that FreeRDP incorrectly handled certain surface updates. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code.
865609065980f563a252153fd91a01b72cb287a6a6682e5b26f8b9c24a700046Online Student Clearance System versions 1.0 and below suffer from a remote shell upload vulnerability.
c55fe1c8bc487499e2a14d9993102c3a4e9ac0513d390be3458030a9f0aec021Red Hat Security Advisory 2023-7581-01 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8. Issues addressed include integer overflow and remote SQL injection vulnerabilities.
016a570406e63afefe6ae8254ccd957c6a32f02dc52728dc90af04750ea6b29bRed Hat Security Advisory 2023-7580-01 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include integer overflow and remote SQL injection vulnerabilities.
a9dd2e743298f4796c89a4d6f700137d3f9125a58c630a74468d3073442d31f5Red Hat Security Advisory 2023-7579-01 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include integer overflow and remote SQL injection vulnerabilities.
988ab7b475acc255c207622b7f830f16b2954de12cf327bbabba527aaec6b4e4WordPress Royal Elementor Addons and Templates plugin versions prior to 1.3.79 suffer from a remote shell upload vulnerability.
514871b05ceb1ed65e97c420f4e9a96957ce2443102fd59ba2de86664048ea50Red Hat Security Advisory 2023-7545-01 - An update for postgresql is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include integer overflow and remote SQL injection vulnerabilities.
ef62486e0023997fcdb8670faabe8546fa83bda630d7a88b522d86a987188963Ubuntu Security Notice 6508-2 - USN-6508-1 fixed vulnerabilities in poppler. The update introduced one minor regression in Ubuntu 18.04 LTS. This update fixes the problem. It was discovered that poppler incorrectly handled certain malformed PDF files. If a user or an automated system were tricked into opening a specially crafted PDF file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that poppler incorrectly handled certain malformed PDF files. If a user or an automated system were tricked into opening a specially crafted PDF file, a remote attacker could possibly use this issue to cause a denial of service.
de9a7900745ac5cd65dd9aaeea874833a2f6dc1be395f226a2947c9246003ddeUbuntu Security Notice 6520-1 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.
819987813ef542ac72c57ea8cd7eca7b0438dc7b875007bd591418d3b8391709Ubuntu Security Notice 6502-3 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.
da2732a3a740d4fca2ae7b8f3b2c756f10e54524b9befd3f0a32d934e89d8c5fUbuntu Security Notice 6518-1 - Luis Rocha discovered that AFFLIB incorrectly handled certain input files. If a user or automated system were tricked into processing a specially crafted AFF image file, a remote attacker could possibly use this issue to cause a denial of service via application crash.
a5fb3d4d285627b1644b0476b879e2715672fc5f4c0c192f9836a5599aaa0688Ubuntu Security Notice 6502-2 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.
3844c5b07f62a7f21e7da4b17678c476911376d85f2c2699a0fd527b28dae8a9Ubuntu Security Notice 6516-1 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.
e7ba5ff6d6d35068a385124ee99fb4cdf9ca4e686d62ac89918e057c43160a7bSmartNode SN200 versions 3.21.2-23021 and below suffer from a remote command execution vulnerability.
fc0d5c184e0cd12de9f88070f90cdbe9697833c1394af267f9cccc697c7a5470PopojiCMS version 2.0.1 suffers from a remote command execution vulnerability.
4690b68382524a5e307f4959595bab234771a185215635cd8de7870dc873a1c6CSZ CMS version 1.3.0 suffers from a remote command execution vulnerability. Exploit written in Python.
33d0188f47e39d24568d45575c427440ebdfcfda56b06a56f85b27b6ec1593c7CE Phoenix version 1.0.8.20 suffers from an authenticated remote command execution vulnerability.
6d51b5136e64aff8910f534f9c1e00aa232c45cb68ff0c08d5def21fa927a0d1Gentoo Linux Security Advisory 202311-11 - Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution. Versions greater than or equal to 5.15.10_p20230623 are affected.
a22a94578a7a21e61983f216e5af0590879d461fc663d27ad2e4fffa1e164182Gentoo Linux Security Advisory 202311-10 - Multiple vulnerabilities have been discovered in RenderDoc, the worst of which leads to remote code execution. Versions greater than or equal to 1.27 are affected.
bf84b86dc75bb921790e2af42326e3940b3c710e05cfe037fa3489aacb04b9fe
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed