Debian Linux Security Advisory 5664-1 - Jetty 9 is a Java based web server and servlet engine. It was discovered that remote attackers may leave many HTTP/2 connections in ESTABLISHED state (not closed), TCP congested and idle. Eventually the server will stop accepting new connections from valid clients which can cause a denial of service.
f811fdb59918d1ff6c0f69e7c41be61c5a9681f083aca6ccdb106ccc1fb89b43Ubuntu Security Notice 6729-2 - USN-6729-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks.
48e8f6ab38e454ffe37a65ae74aa96cb5b3942a28276a0cc0f3a974d4716ae83Ubuntu Security Notice 6726-3 - Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service. It was discovered that the IPv6 implementation of the Linux kernel did not properly manage route cache memory usage. A remote attacker could use this to cause a denial of service.
fbdef91004d190c96cf4e043eaae82ae1153ee17c38e14e93c908daa2a909e66Ubuntu Security Notice 6726-2 - Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service. It was discovered that the IPv6 implementation of the Linux kernel did not properly manage route cache memory usage. A remote attacker could use this to cause a denial of service.
729c2c491401a2ba3cbcc24fc7e792dce6e1d41caac420160758655bfe67ca27Ubuntu Security Notice 6725-2 - Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate certain data structure fields when parsing lease contexts, leading to an out-of-bounds read vulnerability. A remote attacker could use this to cause a denial of service or possibly expose sensitive information. Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel, leading to a use-after-free vulnerability. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code.
6d7cd6326721629b499ff1a4ed3916c1134b9cf7a03933ebb2aad8ffbd18a71dCentreon version 23.10-1.el8 suffers from a remote authenticated SQL injection vulnerability.
ccd137a9553629c65cb1fcc131008c98cf86b7038c922afa5586765db2092434Ubuntu Security Notice 6735-1 - It was discovered that Node.js incorrectly handled the use of invalid public keys while creating an x509 certificate. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.10. It was discovered that Node.js incorrectly handled the use of CRLF sequences to delimit HTTP requests. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain unauthorised access. This issue only affected Ubuntu 23.10.
68173f83f0f09f1ae43ac3a78cd02b33b6ccf09520b2e1d1d103a308c74bddd3Ubuntu Security Notice 6733-1 - It was discovered that GnuTLS had a timing side-channel when performing certain ECDSA operations. A remote attacker could possibly use this issue to recover sensitive information. It was discovered that GnuTLS incorrectly handled verifying certain PEM bundles. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.10.
dfebcedb7a860d4a621a8d974617128c42cd5bb110089a91567169351a2f584dUbuntu Security Notice 6732-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
de34dd341ebb6d403b4c828166ceeda34879902207f833c29fa8ffd18d7ee2adThis Metasploit exploit module leverages an improperly controlled modification of dynamically-determined object attributes vulnerability (CVE-2023-43177) to achieve unauthenticated remote code execution. This affects CrushFTP versions prior to 10.5.1. It is possible to set some user's session properties by sending an HTTP request with specially crafted Header key-value pairs. This enables an unauthenticated attacker to access files anywhere on the server file system and steal the session cookies of valid authenticated users. The attack consists in hijacking a user's session and escalates privileges to obtain full control of the target. Remote code execution is obtained by abusing the dynamic SQL driver loading and configuration testing feature.
fc2503cafa5ba3115896a3dc2baf8a4ded20d177d35f6003c3053acbcc5a8f5aGLPI versions 10.x.x suffers from a remote command execution vulnerability via the shell commands plugin.
0937b05f1fb5c8e26650b3ff3036018e86cdfd467308fd6c3e1b37d5aa588d9cBMC Compuware iStrobe Web version 20.13 suffers from a remote shell upload vulnerability.
3c3484f8fcc75a92702655ca438887e9feb947e1b2bba0fc5284d6ea230f3db7Kruxton version 1.0 suffers from a remote SQL injection vulnerability.
9848e498414e8e0e14e12064a9a285c3bc570dd55bd67b2940d83dc1a77c56cdKruxton version 1.0 suffers from a remote shell upload vulnerability.
eac82a8882065fad4041f5e76566b23a349a9bac77c6028731f1d06a43bc4ca4WBCE version 1.6.0 suffers from a remote SQL injection vulnerability.
18873adacfde1b4805b4a6b105109b6e4a03d0a85a9440207f1364a7e3ae897bAMPLE BILLS version 0.1 suffers from a remote SQL injection vulnerability.
d20b6ec27d1eeff141c08bd7cfa9127bb8953085c6f65df0d3f8a8e79abd9901Moodle version 3.10.1 suffers from a remote time-based SQL injection vulnerability.
e3ce711f4b8356d012259f34f7f227e8907a46d0f7af6bb3c35ce4c0de5a0e57Online Fire Reporting System version 1.2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
9342b7d21282ed54ce4702c6cda7276732332887ecb951f160125d0470ad7553Stock Management System version 1.0 suffers from a remote SQL injection vulnerability.
ee8f6806eb002eeb79308e1f582300e6c9e5c6963aed8ff7b5b730994fc80298Ubuntu Security Notice 6729-1 - Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. Keran Mu and Jianjun Chen discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks.
b6b856a665b8ccd0c761b17ac9d0990bb16f01e11f4e9c76e440d6681ef8b0fdUbuntu Security Notice 6727-2 - USN-6727-1 fixed vulnerabilities in NSS. The update introduced a regression when trying to load security modules on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This update fixes the problem. It was discovered that NSS incorrectly handled padding when checking PKCS#1 certificates. A remote attacker could possibly use this issue to perform Bleichenbacher-like attacks and recover private data. This issue only affected Ubuntu 20.04 LTS. It was discovered that NSS had a timing side-channel when performing RSA decryption. A remote attacker could possibly use this issue to recover private data. It was discovered that NSS had a timing side-channel when using certain NIST curves. A remote attacker could possibly use this issue to recover private data. The NSS package contained outdated CA certificates. This update refreshes the NSS package to version 3.98 which includes the latest CA certificate bundle and other security improvements.
98f7aae4d30d1b37976aae71c2f8f3d1c09fb49865d4abec3139169342e9663aTor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.
8f2bdf90e63380781235aa7d604e159570f283ecee674670873d8bb7052c8e07Ubuntu Security Notice 6727-1 - It was discovered that NSS incorrectly handled padding when checking PKCS#1 certificates. A remote attacker could possibly use this issue to perform Bleichenbacher-like attacks and recover private data. This issue only affected Ubuntu 20.04 LTS. It was discovered that NSS had a timing side-channel when performing RSA decryption. A remote attacker could possibly use this issue to recover private data.
2c691be3dfb8ed61396b4eb86ac7b035f8344a516e272f6ffb13c26ac0186bd9Ubuntu Security Notice 6728-2 - USN-6728-1 fixed vulnerabilities in Squid. The fix for CVE-2023-5824 caused Squid to crash in certain environments on Ubuntu 20.04 LTS. The problematic fix has been reverted pending further investigation. Joshua Rogers discovered that Squid incorrectly handled collapsed forwarding. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Joshua Rogers discovered that Squid incorrectly handled certain structural elements. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled Cache Manager error responses. A remote trusted client can possibly use this issue to cause Squid to crash, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled the HTTP Chunked decoder. A remote attacker could possibly use this issue to cause Squid to stop responding, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled HTTP header parsing. A remote trusted client can possibly use this issue to cause Squid to crash, resulting in a denial of service.
0856df025bfcd57e31eb05d1faef083bd5b30608db5b6bb659433042ad64ad67Ubuntu Security Notice 6728-1 - Joshua Rogers discovered that Squid incorrectly handled collapsed forwarding. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Joshua Rogers discovered that Squid incorrectly handled certain structural elements. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service.
c9a980c32c2ef96069eee9285fdd53c5aa4c12d940c776810cbfff41a398c101
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed