Gentoo Linux Security Advisory 202402-14 - Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution. Versions greater than or equal to 5.15.12_p20240122 are affected.
f750ece2412bd442b32f28c4f91c17860985bcc25963c561ef6f01fd67d8ff64Gentoo Linux Security Advisory 202402-13 - A vulnerability has been discovered in TACACS+ which could lead to remote code execution. Versions less than or equal to 4.0.4.27a-r3 are affected.
04638808355566c54197cb75af68f1998cbd5ed25d7e8f0a438f1ae5fb0072afJFrog Artifactory versions prior to 7.25.4 suffer from a remote blind SQL injection vulnerability.
0dc96d8c4641266fce6becf3c5ad80a2e19a76708111b79b7cd09269f93269b7Ubuntu Security Notice 6626-3 - Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service.
c4f05b80ddac576aade0f7ae79e18a25f3e6427f2d9176a2bd74aec2add4db82Ubuntu Security Notice 6628-2 - Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service.
8b210c8c777d4cc501999ec7007ed1d81cb230f6a188fd0f09171622aadeb0baUbuntu Security Notice 6638-1 - Marc Beatove discovered buffer overflows exit in EDK2. An attacker on the local network could potentially use this to impact availability or possibly cause remote code execution. It was discovered that a buffer overflows exists in EDK2's Network Package An attacker on the local network could potentially use these to impact availability or possibly cause remote code execution.
cb517471393f2b25d84672292a8731ab62b9d85dbfaf6f8ff61eb3870a2e1cb5Ubuntu Security Notice 6636-1 - It was discovered that ClamAV incorrectly handled parsing certain OLE2 files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Amit Schendel discovered that the ClamAV ClamD service incorrectly handled the VirusEvent feature. An attacker able to connect to ClamD could possibly use this issue to execute arbitrary code.
4233521b1bfeb5ef13d5d7a96d44be5ec9fab356eb2b34b1c3a131adc45c3065Metabase version 0.46.6 pre-authentication remote code execution exploit.
12ec4ccc18bfbb1b00d57a614e06d901073104741529ac741a8598bcfc795479Proof of concept code for a flaw in DS Wireless Communication (DWC) with DWC_VERSION_3 and DWC_VERSION_11 that allows remote attackers to execute arbitrary code on a game-playing client's machine via a modified GPCM message.
1e92f7059d41e8a56d3136af0c61aed8923d09536167ec279c2c6f0c765af5a1Adapt CMS version 3.0.3 suffers from persistent cross site scripting and remote shell upload vulnerabilities.
ec4109d350da52c327fa8e68529d724cdbaf75ad4605a394f2c19b7289932d0aUbuntu Security Notice 6626-2 - Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service.
f604bb78b46c5c78f8d5c3eebf5d47fd8329d33d9d972d5425768f75ed48b1e8Ubuntu Security Notice 6633-1 - Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered that Bind incorrectly handled parsing large DNS messages. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Bind incorrectly handled validating DNSSEC messages. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service.
054b5c6621a2c15204c6e7c406399951136064dab698608de345f5ebc5be679dUbuntu Security Notice 6632-1 - David Benjamin discovered that OpenSSL incorrectly handled excessively long X9.42 DH keys. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, leading to a denial of service. Bahaa Naamneh discovered that OpenSSL incorrectly handled certain malformed PKCS12 files. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service.
3abb323919f13a3d84d1a0cd64fcc14e25be794245741c0876d6749101772303Ubuntu Security Notice 6631-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
4b6f4fc061a2d62f4bfc4c023b3a9687f579682d0d0d93b1e1032a14339c54daAn issue was discovered on WyreStorm Apollo VX20 versions prior to 1.3.58. Remote attackers can restart the device via a /device/reboot HTTP GET request.
71ed0ed4b76f256b8bd1404c82d84f6ea9cb5e1dc7d524c924f1e48e87fda240Complaint Management System version 2.0 suffers from multiple remote SQL injection vulnerabilities.
7d59fd41c98ba13cc28a26570e58f683a451359e694067648261bbca1fbe2342IBM i Access Client Solutions (ACS) versions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 suffer from a remote credential theft vulnerability.
964bea5b3a06403a9b60507182c010125d6a43a4aeb3c4908a6fba63b7df0c99Ubuntu Security Notice 6628-1 - Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service.
a52607ded902da64c49c773da7fa6fd61683abc0bc5e94297c83cad64b281932Online Nurse Hiring System version 1.0 suffers from a remote time-based SQL injection vulnerability.
fd5be2e764f735e1ef4c43bc361ad2809efa26a662efb41dbedb2d00e771f328Rail Pass Management System version 1.0 suffers from a remote time-based SQL injection vulnerability.
2b693817570fe3a35773eacbfa7f21cab22c9c8e1f9c999e2cbb0f1bb12f6fcfWordPress Augmented-Reality plugin suffers from a remote code execution vulnerability. It is unclear which versions are affected.
c682681fe983347d98d6612c60ba471e9a15008367d394d8d6c0e2e6da56e3d3WordPress Seotheme plugin suffers from a remote shell upload vulnerability. It is unclear which versions are affected.
1ade388b04da4022b843bad94d8d596ef14c15bcdc9e5ca5ea07315175b097cdKiTTY versions 0.76.1.13 and below suffer from a command injection vulnerability when getting a remote file through scp. It appears to leverage an ANSI escape sequence issue which is quite an interesting vector of attack.
9f28adde33c5791a14e7705f8844a344ce30e9443338e16ab264e1393fd4e9a8Ubuntu Security Notice 6626-1 - Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service.
abb47a750300846b247f677ef4f175df1919ba753b831f8a512ec32984686bf4Ubuntu Security Notice 6592-2 - USN-6592-1 fixed vulnerabilities in libssh. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that libssh incorrectly handled the ProxyCommand and the ProxyJump features. A remote attacker could possibly use this issue to inject malicious code into the command of the features mentioned through the hostname parameter.
8b05812f1564de798f6fac3b6ba6391af039f74309ab8408b47cb1ef70eee3fa
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed