Ubuntu Security Notice 5952-1 - Sebastian Poeplau discovered that OpenJPEG incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS.
4be9c939d6c5718150317af06dec9d65e0170abd7bf4406fda3fcb0f764c8904Debian Linux Security Advisory 5373-1 - Dave McDaniel discovered that the SQLite3 bindings for Node.js were susceptible to the execution of arbitrary JavaScript code if a binding parameter is a crafted object.
be782c388a489c999750974e659e9b01cb240c9b62f2c79d5206b4142b32021dRed Hat Security Advisory 2023-1241-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 2.2.1 serves as a replacement for Red Hat AMQ Streams 2.2.0, and includes security and bug fixes, and enhancements. Issues addressed include an information leakage vulnerability.
ed618e43a99caf808f5a9c584476da99e701b2e08a3182ea9f3714b65fe55e8aThis Metasploit module uploads a payload to the /tmp directory in addition to a cron job to /etc/cron.d which executes the payload in the context of the root user. The core vulnerability is an arbitrary file write issue in /configWizard/keyUpload.jsp which is accessible remotely and without authentication. When you send the vulnerable endpoint a ZIP file, it will extract an attacker controlled file to a directory of the attackers choice on the target system. This issue is exploitable on FortiNAC versions 9.4 prior to 9.4.1, FortiNAC versions 9.2 prior to 9.2.6, FortiNAC versions 9.1 prior to 9.1.8, all versions of FortiNAC 8.8, all versions of FortiNAC 8.7, all versions of FortiNAC 8.6, all versions of FortiNAC 8.5, and all versions of FortiNAC 8.3.
b72056fdc9840a37268bab3325c1941ddb0082c5918cf14fec39001b268b461dUbuntu Security Notice 5953-1 - It was discovered that IPython incorrectly processed REST API POST requests. An attacker could possibly use this issue to launch a cross-site request forgery attack and leak user's sensitive information. This issue only affected Ubuntu 14.04 ESM. It was discovered that IPython did not properly manage cross user temporary files. A local attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM.
491c99dac5302ab0b0478161e426746932c4dea52271650ae6aa5cd67871fce7Ubuntu Security Notice 5951-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the NVMe driver in the Linux kernel did not properly handle reset events in some situations. A local attacker could use this to cause a denial of service.
5d323e9a21a3485713966ef0df059371a85e0f0291d7700527ffdd48d8df43cbRed Hat Security Advisory 2023-1158-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.31. Issues addressed include a denial of service vulnerability.
a19feccbce0161454f9c6187a8a2db5cc8dbc554c88b7361d92fab7112e0b0fcWordPress Profile Builder plugin versions 3.9.0 and below suffer from a missing authorization vulnerability in wppb_toolbox_usermeta_handler().
674779c65bb18dfaab0a0fa556d1fd53cb7d2ec2c26b72c39119b97e5ee59e4cRed Hat Security Advisory 2023-1221-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include null pointer and use-after-free vulnerabilities.
67033ed311bb77798e7878a53252ab230558d0e05abd31f6ce01c2f1f8d1f1e5Red Hat Security Advisory 2023-1199-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include buffer overflow, double free, and use-after-free vulnerabilities.
4e40b595047797d81adf804c2f45bc97a61c115d639ef1d1e21d8aa98767fd4bProof of concept details for Oracle database versions 12.1.0.2, 12.2.0.1, 18c, and 19c that had a PDB isolation vulnerability allowing viewing of metadata for a different database within the same container.
7a77b45fcc76d5afb91f7f9e5267626d1904eb000933f05496369762ff8b6fb4Ubuntu Security Notice 5950-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel did not properly handle VLAN headers in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
1e4f349bdc847921f3cb129b36ff261d904ef30c69ec58ba085d37c2caee0280Red Hat Security Advisory 2023-1202-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service, integer overflow, and use-after-free vulnerabilities.
81d3d8b27a6fa2c0db23de409ae6c3197b8bebc077e6199e84504e85d6fae24fRed Hat Security Advisory 2023-1211-01 - The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Issues addressed include denial of service and use-after-free vulnerabilities.
5396afc103b8ffb5326b7ab62ff38a74445264e3e9eb7ae9126d459719b4a406Red Hat Security Advisory 2023-1220-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.
e53ffa2eceed586cffecd0faa5f72c6a01b9454118272a764afd09e366e45fd1Red Hat Security Advisory 2023-1200-01 - The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.
fb5b662c33ee92a64bb84971f213cd6f3c7fd87ed32100cc565d248ff7070eafRed Hat Security Advisory 2023-1203-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include denial of service, integer overflow, and use-after-free vulnerabilities.
a3d141685ff20e1c646ed2d89ddee00216895375b045979acf44b06ec5599787
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed