Ubuntu Security Notice 5617-1 - It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. Julien Grall discovered that Xen incorrectly handled memory barriers on ARM-based systems. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information or escalate privileges.
650005c21b26b7970b9035b36b8dca3aa7d9fbba307cbcf7d4eded34c754cfb8Ubuntu Security Notice 5613-2 - USN-5613-1 fixed vulnerabilities in Vim. Unfortunately that update failed to include binary packages for some architectures. This update fixes that regression. It was discovered that Vim was not properly performing bounds checks when executing spell suggestion commands. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that Vim was using freed memory when dealing with regular expressions through its old regular expression engine. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution. It was discovered that Vim was not properly performing checks on name of lambda functions. An attacker could possibly use this issue to cause a denial of service. This issue affected only Ubuntu 22.04 LTS. It was discovered that Vim was incorrectly performing bounds checks when processing invalid commands with composing characters in Ex mode. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that Vim was not properly processing latin1 data when issuing Ex commands. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that Vim was not properly performing memory management when dealing with invalid regular expression patterns in buffers. An attacker could possibly use this issue to cause a denial of service. It was discovered that Vim was not properly processing invalid bytes when performing spell check operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
002c02114fee54074c33b853c60e7bab399be235d6002d18845e35b96a8f5d54VIAVIWEB Wallpaper Admin suffers from remote shell upload and remote SQL injection vulnerabilities.
2adfb8f70f50742a66bf5ad5b7a1bccff06637cf13ee52a9534547c07ead30edUbuntu Security Notice 5616-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.
480c1cb29e7c2e73e7609ec70dbc18c52181780c5a281e11ecbd77c9689870c2SoX versions 14.4.2 and below suffer from a division by zero attack when handling WAV files, resulting in denial of service vulnerability and possibly loss of data.
de24687825a9cff7e5ad1404c4b0d0dc865d45066f152f4d7a7a508384aca180Red Hat Security Advisory 2022-6551-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include denial of service, information leakage, privilege escalation, and use-after-free vulnerabilities.
b6b288369992a125e61cf713243fbc771ddaa180c88cffe38888b1fae6e5a6e9PhotoSync version 4.7 suffers from a local file inclusion vulnerability.
f5e6b3cd183e91afacf647b3547160e0d93026087e059f1843c8761cd5e32985Owlfiles File Manager version 12.0.1 suffers from local file inclusion and path traversal vulnerabilities.
5e1df728b64bebf1797218fca034b9eeed532e773c31131307d679d65b406b40Red Hat Security Advisory 2022-6541-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include file overwrite and traversal vulnerabilities.
31e06af192874dd30d3a85b7cb09c29d3a3dcfb884ab079d8e1ed05690b96675OpenCart 3.x Newsletter Custom Popup module version 4.0 suffers from a remote blind SQL injection vulnerability.
4463bea9399b42e27cadceb696475f29a869f99cd0cfa6c5ded3a40898daf09cWordPress GetYourGuide Ticketing plugin version 1.0.1 suffers from a persistent cross site scripting vulnerability.
dd8e52981b226511a35efc2482778941e5de97075699192860753ae706085694Genesys PureConnect as of their build on 08-October-2020 suffers from a cross site scripting vulnerability.
2232d00fcafe4584b543e46f696b904d45b43d8ecf53a41949a52a39eaffc149
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed