Red Hat Security Advisory 2023-5447-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.
064208411f350866ed68312f72f0c474f0a2ecea1dbbc546d9f0284e9cdd0f9b
Red Hat Security Advisory 2023-5426-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.3.1 ESR. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
3ed2e8b6e60bd86bf45ecb7063e1303618ab239fe54fef1762deaf1e7cd91dc9
Red Hat Security Advisory 2023-5434-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.3.1 ESR. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
55db75551df5d65e91a6232d3bdc80d7143a4b523a4393db03a03d549d5795a5
Red Hat Security Advisory 2023-5433-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.3.1 ESR. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
589cdb160249a0f528723deb3c68b24bc099f0389f2dd4febd03ebee3943e30c
Red Hat Security Advisory 2023-5436-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.3.1 ESR. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
6339c521f9e98fb44f54c17ce1a387455c69f23a324f7501179f40edd8642711
Red Hat Security Advisory 2023-5427-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.3.1 ESR. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
101c5a877dbb65a92114af1914da0d90b33ae2e09be9be75b77217517042eab7
Red Hat Security Advisory 2023-5437-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.3.1 ESR. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
73fdd0ab3c21072c6023907937d5f5aeeba2e0da2ef4f9dc655ceec1f207953c
Red Hat Security Advisory 2023-5440-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.3.1 ESR. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
d01e31cf97229873790d6cb5c16cd2ec3e8214970386bbec7ae1d19571dd0ed8
Ubuntu Security Notice 6404-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Ronald Crane discovered that Firefox did not properly manage memory when non-HTTPS Alternate Services is enabled. An attacker could potentially exploit this issue to cause a denial of service.
80e259f32649d187ed2b81e37bfeb771bc0fd9ede345d9a72f6856ac28f0c3ec
Electrolink FM/DAB/TV Transmitter allows access to an unprotected endpoint that allows an MPFS File System binary image upload without authentication. The MPFS2 file system module provides a light-weight read-only file system that can be stored in external EEPROM, external serial Flash, or internal Flash program memory. This file system serves as the basis for the HTTP2 web server module, but is also used by the SNMP module and is available to other applications that require basic read-only storage capabilities. This can be exploited to overwrite the flash program memory that holds the web server's main interfaces and execute arbitrary code.
ac5f10b56496b87847c741037481ca75bcd2e582224891a5fdf49e523b421ad3
This Metasploit module exploits a PHP environment variable manipulation vulnerability affecting Juniper SRX firewalls and EX switches. The affected Juniper devices running FreeBSD and every FreeBSD process can access their stdin by opening /dev/fd/0. The exploit also makes use of two useful PHP features. The first being auto_prepend_file which causes the provided file to be added using the require function. The second PHP function is allow_url_include which allows the use of URL-aware fopen wrappers. By enabling allow_url_include, the exploit can use any protocol wrapper with auto_prepend_file. The module then uses data:// to provide a file inline which includes the base64 encoded PHP payload. By default this exploit returns a session confined to a FreeBSD jail with limited functionality. There is a datastore option JAIL_BREAK, that when set to true, will steal the necessary tokens from a user authenticated to the J-Web application, in order to overwrite the root password hash. If there is no user authenticated to the J-Web application this method will not work. The module then authenticates with the new root password over SSH and then rewrites the original root password hash to /etc/master.passwd.
23552b23e1cc0e2022181944f8894c8f7203e6893e7d1127561c3ffd867b9517
Debian Linux Security Advisory 5509-1 - A buffer overflow in VP8 media stream processing has been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
73d931fd3d0a9ba4c7430142c4e60873dc6b90250043fa116b8116cf5495e494
Debian Linux Security Advisory 5507-1 - Multiple security vulnerabilities were found in Jetty, a Java based web server and servlet engine.
add9ce48f70949f251aaf9dc376f273010c354d922fa240e65e58d7f6bb3685a
Debian Linux Security Advisory 5506-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code
18b459d841c3090b650f653a600f68d9946039a5cb0783b9ed0a8872fac2f6d6
Ubuntu Security Notice 6399-1 - It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTTP request Smuggling attack.
95522cf54b015802183133101cb54cb3a750d70263f84472aaa0bb06bd499190
Ubuntu Security Notice 6398-1 - It was discovered that ReadyMedia was vulnerable to DNS rebinding attacks. A remote attacker could possibly use this issue to trick the local DLNA server to leak information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that ReadyMedia incorrectly handled certain HTTP requests using chunked transport encoding. A remote attacker could possibly use this issue to cause buffer overflows, resulting in out-of-bounds reads and writes.
e6b9c23be1704ff9683c7ec1e7ebad7ae3586cc6f747aba35595f86f21361f68
Red Hat Security Advisory 2023-5361-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling, bypass, and denial of service vulnerabilities.
d17f1315e979971a3621829636966df0e1f09cfbdf28fa99e162ce75d2223793
WatchGuard Firebox Web Update Unpacker is a small utility for extracting file system images from sysa-dl update files. The unpacker has been tested on firmware for the M400 and M500 series.
1ff788e9f72e2d22db50eb39b4947e9449f4f5d2fa1b7376e688722ed6fcb12d
GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.
56029e78a99c04d52b1358094ae5074e4cd8ea9b98cf6855f57ad9af27ac9518
Red Hat Security Advisory 2023-5309-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a buffer overflow vulnerability.
eb2977aa529aec96d7933b8299cb17b054007739cd2c8bc9d8684c322b8941cd
Red Hat Security Advisory 2023-5236-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a buffer overflow vulnerability.
ea5e78c890b407a50c05b9560f02141ad75b17dcd4b00efbb6d1707672cd4aea
Red Hat Security Advisory 2023-5214-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a buffer overflow vulnerability.
c613a0c2a0e96dd2a7efdefa1cc1266b64722d48fe564a507a17ae0e41255fb2
Red Hat Security Advisory 2023-5222-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a buffer overflow vulnerability.
b43aea9374b3a7df5041103ea43adcb2dfa3d53a080a4fa63638a49e8f3bff91
Red Hat Security Advisory 2023-5197-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.15.1 ESR. Issues addressed include a buffer overflow vulnerability.
690d92298f57a5071ff1bb04547630021f6d94cf0f49cb5a8d96d206795ce14f
Red Hat Security Advisory 2023-5204-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a buffer overflow vulnerability.
091cac9220b00b2d6ff05de4a5f1e964ed1096c4a640506a7e19bd4cff1bd6e2