Ubuntu Security Notice 4897-2 - USN-4897-1 fixed several vulnerabilities in Pygments. This update provides the corresponding update for Ubuntu 14.04 LTS. Ben Caller discovered that Pygments incorrectly handled parsing certain files. If a user or automated system were tricked into parsing a specially crafted file, a remote attacker could cause Pygments to hang or consume resources, resulting in a denial of service.
0229f770d8874a0513c2166bf3e303d5654a0a18244de156ea9264cde333f0cd
Ubuntu Security Notice 6287-1 - Simon Ferquel discovered that the Go yaml package incorrectly handled certain YAML documents. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause the system to crash, resulting in a denial of service. It was discovered that the Go yaml package incorrectly handled certain large YAML documents. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause the system to crash, resulting in a denial of service.
ff302540a68948d05ae6233fae6500513305acbb977068850f9628c22134174e
Ubuntu Security Notice 6280-1 - It was discovered that PyPDF2 incorrectly handled PDF files with certain markers. If a user or automated system were tricked into processing a specially crafted file, an attacker could possibly use this issue to consume system resources, resulting in a denial of service.
1bea4c8076bd6e5ab60c9f0179df73b1cf5eeb858149ac4a60e59726f0ba0fc9
Ubuntu Security Notice 6286-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. It was discovered that some Intel Xeon Processors did not properly restrict error injection for Intel SGX or Intel TDX. A local privileged user could use this to further escalate their privileges.
c0c75d64309f39dd0c71d8e92d6ad8cf29041158c1a43956be78cc32f0d30aa2
Debian Linux Security Advisory 5476-1 - Multiple vulnerabilities were discovered in the RealMedia demuxers for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.
45d6e8fe829f87a9d45b74ad980ae09595dfedfcd4a24f1d353c0ff0b264dcaf
jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.
f10e3bf405f1fc962e8bef1980943cec5018e07f66ce5260c0f04edd579c6bff
Ubuntu Security Notice 6283-1 - Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service. Zheng Zhang discovered that the device-mapper implementation in the Linux kernel did not properly handle locking during table_clear operations. A local attacker could use this to cause a denial of service.
d89ea852ace9ebfc7bd58b09a638e52edb508a4626f5a1fe5c5fc2bf4bbdc318
Ubuntu Security Notice 6284-1 - It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service. Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux kernel did not properly validate arguments to ioctl in some situations. A local attacker could possibly use this to cause a denial of service.
ec651fa855268fc14d26e263a73563801aeb8755bc99a7ff2e1209758b7c0a17
Ubuntu Security Notice 6285-1 - It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information. Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges.
c7303f43ba77d16cc931ee8b1c0d2f16d00a561cedb386fa837bfed417cd59f3
Advantech EKI-1524-CE series, EKI-1522 series,and EKI-1521 series versions 1.21 and below and 1.24 and below suffer from cross site scripting vulnerabilities.
c3a6cbea79ff546db8165bd3b5e329dfc66aec81cd06ea79d913dda8ae9f889b
Phoenix Contact TC Router 3002T-4G* versions prior to 2.0.2, TC Cloud Client 1002-4G* versions prior to 2.07.2, and Cloud Client 1101T-TX/TX versions prior to 2.06.10 suffer from cross site scripting and memory consumption vulnerabilities.
a587bb9bbd0a7bc6b304a09099ebed341f33e4b48fa43bcad73ec180522c55d2
This is a Metasploit module for enumerating public Azure services by validating legitimate subdomains through various DNS record queries. This cloud reconnaissance module rapidly identifies API services, storage accounts, key vaults, databases, and more!
ccd5eff55c0f2d978fd9aeb246beff5116650ca8cf92390516addb006dcf5583
Qualys scanners use the ssh-rsa algorithm for pubkey signing in its attempt of SSH login. Modern SSHD servers reject pubkey login with ssh-rsa, so Qualys is unable to scan up-to-date Linux e.g. Debian12 or RHEL9. Qualys does not check the list of pubkey signing algorithms accepted by SSHD servers, and therefore cannot notify about any insecure ones.
9cc12364accc88c8da5dc14fcda696933b5a5d17343558cadfdb7480fa60e6fa
Red Hat Security Advisory 2023-4627-01 - Migration Toolkit for Applications 6.2.0 Images. Issues addressed include a denial of service vulnerability.
528c9d58b6e45e077bc24566369ae07e0edd29ac2d852cf5fcdab7f12d8ed270
Red Hat Security Advisory 2023-4625-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.
523284018ab36eaf368af6109e2b337f6b0d5a8bd5908b3fe50a6989ebeb6a7e
Red Hat Security Advisory 2023-4623-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.
8d3e367ab18305b5a0b96bb1244608306a68e1e59432663f9a25f0f05f5c0e6a
Red Hat Security Advisory 2023-4624-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a memory leak vulnerability.
e0f5c7eca180931c2dd41e9bf1359f55373aefa75a8399a487be13af264d36ef
BookingWizz version 6.0.1 suffers from an information leakage vulnerability.
14dc808fba0c29bec381b92941a79a68db7e7dccd2b66351dfa0ae504f014329
E-commerce Growisei CMS version 2.0 appears to leave default credentials installed after installation.
b549c22479bc881ac0ce28a4c4ceea4ae7a1618e0f8e14ffc39e65010f3dc20f
DBCInfoTech CMS version 2.0 suffers from an unauthenticated administrator reinstall vulnerability.
ee4695049fa78cdc4416bf9c9d888b2f016dd969d8de33f1716e9c35a8c42a9f
Education Time Indonesian School CRM version 1.7 suffers from a cross site scripting vulnerability.
77618beacec0c289a4aea53e4b0a7defb69006eae75c7aa9569481269ddcd23d
Eden CMS version 1.02 suffers from a cross site scripting vulnerability.
630fc795c3e5190be18343a06f18966cff7b4b647a208473387fd510f0ff5a90
Ecommerce Responsive version 1.2 suffers from an insecure direct object reference vulnerability.
564898b789a9a93cde9f20cbbc717b9082bd02138f74c6c760f6a3b3ee5915e6
E-Biz CMS version 2.0 suffers from a cross site request forgery vulnerability.
0051b3ec1334ec05af6d228c8a79d4a9b5645a0e801b6a2ea22a9b8fb0623d1d
EasyPX CMS version 06.02.04 suffers from a cross site scripting vulnerability.
a3f28c088ff341f6a0fa5681eaba61ef33b9b9c90cbf2bcc812fbe88658d9da3