Red Hat Security Advisory 2023-5447-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.
064208411f350866ed68312f72f0c474f0a2ecea1dbbc546d9f0284e9cdd0f9bRed Hat Security Advisory 2023-5426-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.3.1 ESR. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
3ed2e8b6e60bd86bf45ecb7063e1303618ab239fe54fef1762deaf1e7cd91dc9Red Hat Security Advisory 2023-5434-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.3.1 ESR. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
55db75551df5d65e91a6232d3bdc80d7143a4b523a4393db03a03d549d5795a5Red Hat Security Advisory 2023-5433-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.3.1 ESR. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
589cdb160249a0f528723deb3c68b24bc099f0389f2dd4febd03ebee3943e30cRed Hat Security Advisory 2023-5436-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.3.1 ESR. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
6339c521f9e98fb44f54c17ce1a387455c69f23a324f7501179f40edd8642711Red Hat Security Advisory 2023-5427-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.3.1 ESR. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
101c5a877dbb65a92114af1914da0d90b33ae2e09be9be75b77217517042eab7Red Hat Security Advisory 2023-5437-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.3.1 ESR. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
73fdd0ab3c21072c6023907937d5f5aeeba2e0da2ef4f9dc655ceec1f207953cRed Hat Security Advisory 2023-5440-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.3.1 ESR. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
d01e31cf97229873790d6cb5c16cd2ec3e8214970386bbec7ae1d19571dd0ed8Ubuntu Security Notice 6404-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Ronald Crane discovered that Firefox did not properly manage memory when non-HTTPS Alternate Services is enabled. An attacker could potentially exploit this issue to cause a denial of service.
80e259f32649d187ed2b81e37bfeb771bc0fd9ede345d9a72f6856ac28f0c3ecElectrolink FM/DAB/TV Transmitter allows access to an unprotected endpoint that allows an MPFS File System binary image upload without authentication. The MPFS2 file system module provides a light-weight read-only file system that can be stored in external EEPROM, external serial Flash, or internal Flash program memory. This file system serves as the basis for the HTTP2 web server module, but is also used by the SNMP module and is available to other applications that require basic read-only storage capabilities. This can be exploited to overwrite the flash program memory that holds the web server's main interfaces and execute arbitrary code.
ac5f10b56496b87847c741037481ca75bcd2e582224891a5fdf49e523b421ad3This Metasploit module exploits a PHP environment variable manipulation vulnerability affecting Juniper SRX firewalls and EX switches. The affected Juniper devices running FreeBSD and every FreeBSD process can access their stdin by opening /dev/fd/0. The exploit also makes use of two useful PHP features. The first being auto_prepend_file which causes the provided file to be added using the require function. The second PHP function is allow_url_include which allows the use of URL-aware fopen wrappers. By enabling allow_url_include, the exploit can use any protocol wrapper with auto_prepend_file. The module then uses data:// to provide a file inline which includes the base64 encoded PHP payload. By default this exploit returns a session confined to a FreeBSD jail with limited functionality. There is a datastore option JAIL_BREAK, that when set to true, will steal the necessary tokens from a user authenticated to the J-Web application, in order to overwrite the root password hash. If there is no user authenticated to the J-Web application this method will not work. The module then authenticates with the new root password over SSH and then rewrites the original root password hash to /etc/master.passwd.
23552b23e1cc0e2022181944f8894c8f7203e6893e7d1127561c3ffd867b9517Debian Linux Security Advisory 5509-1 - A buffer overflow in VP8 media stream processing has been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
73d931fd3d0a9ba4c7430142c4e60873dc6b90250043fa116b8116cf5495e494Debian Linux Security Advisory 5507-1 - Multiple security vulnerabilities were found in Jetty, a Java based web server and servlet engine.
add9ce48f70949f251aaf9dc376f273010c354d922fa240e65e58d7f6bb3685aDebian Linux Security Advisory 5506-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code
18b459d841c3090b650f653a600f68d9946039a5cb0783b9ed0a8872fac2f6d6Ubuntu Security Notice 6399-1 - It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTTP request Smuggling attack.
95522cf54b015802183133101cb54cb3a750d70263f84472aaa0bb06bd499190Ubuntu Security Notice 6398-1 - It was discovered that ReadyMedia was vulnerable to DNS rebinding attacks. A remote attacker could possibly use this issue to trick the local DLNA server to leak information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that ReadyMedia incorrectly handled certain HTTP requests using chunked transport encoding. A remote attacker could possibly use this issue to cause buffer overflows, resulting in out-of-bounds reads and writes.
e6b9c23be1704ff9683c7ec1e7ebad7ae3586cc6f747aba35595f86f21361f68Red Hat Security Advisory 2023-5361-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling, bypass, and denial of service vulnerabilities.
d17f1315e979971a3621829636966df0e1f09cfbdf28fa99e162ce75d2223793WatchGuard Firebox Web Update Unpacker is a small utility for extracting file system images from sysa-dl update files. The unpacker has been tested on firmware for the M400 and M500 series.
1ff788e9f72e2d22db50eb39b4947e9449f4f5d2fa1b7376e688722ed6fcb12dGNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.
56029e78a99c04d52b1358094ae5074e4cd8ea9b98cf6855f57ad9af27ac9518Red Hat Security Advisory 2023-5309-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a buffer overflow vulnerability.
eb2977aa529aec96d7933b8299cb17b054007739cd2c8bc9d8684c322b8941cdRed Hat Security Advisory 2023-5236-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a buffer overflow vulnerability.
ea5e78c890b407a50c05b9560f02141ad75b17dcd4b00efbb6d1707672cd4aeaRed Hat Security Advisory 2023-5214-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a buffer overflow vulnerability.
c613a0c2a0e96dd2a7efdefa1cc1266b64722d48fe564a507a17ae0e41255fb2Red Hat Security Advisory 2023-5222-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a buffer overflow vulnerability.
b43aea9374b3a7df5041103ea43adcb2dfa3d53a080a4fa63638a49e8f3bff91Red Hat Security Advisory 2023-5197-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.15.1 ESR. Issues addressed include a buffer overflow vulnerability.
690d92298f57a5071ff1bb04547630021f6d94cf0f49cb5a8d96d206795ce14fRed Hat Security Advisory 2023-5204-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a buffer overflow vulnerability.
091cac9220b00b2d6ff05de4a5f1e964ed1096c4a640506a7e19bd4cff1bd6e2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed