Ubuntu Security Notice 6228-1 - It was discovered that the XFS file system implementation in the Linux kernel did not properly perform metadata validation when mounting certain images. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service. Wei Chen discovered that the InfiniBand RDMA communication manager implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service.
8f8d865f126b85f6192802686006792982825aabae2c18b91344b0520edee04fUbuntu Security Notice 6227-1 - Several security issues were discovered in the SpiderMonkey JavaScript library. If a user were tricked into opening malicious JavaScript applications or processing malformed data, a remote attacker could exploit a variety of issues related to JavaScript security, including denial of service attacks, and arbitrary code execution.
f640fac519450266c1c770b5325b750304800d206c35f5e92462b3a60f72daedThis Metasploit module exploits an authenticated command injection vulnerability in the "restore_rrddata()" function of pfSense prior to version 2.7.0 which allows an authenticated attacker with the "WebCfg - Diagnostics: Backup and Restore" privilege to execute arbitrary operating system commands as the "root" user. This module has been tested successfully on version 2.6.0-RELEASE.
aebb2b8cda994128d286f0b5a8a2c8b51efa5ec61f35fe1de15ab837e050e5a1Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
a79f7b04cbff823e30452abf4bcb86773d8583eb62d5f71f16c09f019f8a8777Ubuntu Security Notice 6226-1 - It was discovered that SciPy did not properly manage memory operations during reference counting. An attacker could possibly use this issue to cause a denial of service. A use-after-free was discovered in SciPy when handling reference counts. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 20.04 LTS.
9d2dd1fa6cac4323e2fa67d03ab75e2f0c6c65f9af41d91cfb9e843b0eee55c2Red Hat Security Advisory 2023-4071-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.13.0 ESR. Issues addressed include a use-after-free vulnerability.
415c9f57b0e965340a3db7f751a859273ccdc98c17b9a4f8ad95d01411be1e38Red Hat Security Advisory 2023-4066-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.13.0. Issues addressed include a use-after-free vulnerability.
65df53a37c00390e86411c5ac0819ae395290de5b964807ad44432192f692613Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.
30c84fe919936a98fef5331f246c62aa2c0e4d2085b2d4511207f6a20afa3a6bUbuntu Security Notice 6225-1 - It was discovered that Knot Resolver did not correctly handle certain client options. A remote attacker could send requests to malicious domains and cause a denial of service.
8220e4a62a5327500b537f514d977f82276ff1c8308e60bf856fc2fd6cdd150aRed Hat Security Advisory 2023-4062-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.13.0. Issues addressed include a use-after-free vulnerability.
b6b913fba4587cad108af02878b1a02817ac40e8cb699ac334850662f5e3e1ffBloodBank version 1.0 suffers from an insecure direct object reference vulnerability.
49470d99541f350858916b749302badf014dd973b92f8e2e73c67585b2537da0Ubuntu Security Notice 6224-1 - It was discovered that the XFS file system implementation in the Linux kernel did not properly perform metadata validation when mounting certain images. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service. Wei Chen discovered that the InfiniBand RDMA communication manager implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service.
f593341af82820764290fe3e978ab346352c20e780a4e75238de18994e9a02e8Red Hat Security Advisory 2023-4070-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.13.0 ESR. Issues addressed include a use-after-free vulnerability.
acfc6011ff1533dde8175520fa8947e6f85d351be76f8e36ee4f52d88a0b8988Bloly version 1.3 suffers from an add administrator vulnerability.
a8d6a2e82d7525c317b78b6f2c58f326d2d746fcc375e7473b12fe832ea4cc1cRed Hat Security Advisory 2023-4064-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.13.0. Issues addressed include a use-after-free vulnerability.
5d1968df27b56d1fa66930d04167ed39d72876a340081d1c13e3717dc0cd048eUbuntu Security Notice 6223-1 - It was discovered that the TUN/TAP driver in the Linux kernel did not properly initialize socket data. A local attacker could use this to cause a denial of service. It was discovered that the Real-Time Scheduling Class implementation in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service.
6734417eac361fe013105bbc41e89886a385309d8bc7bdc98d05b21ba8977cd8BKMobile CMS version 1.5.0 suffers from a remote blind SQL injection vulnerability.
817cb279fd0f67796933e525ed7730badeb4b3e9a0e923001a4603ec42a86e0dRed Hat Security Advisory 2023-4058-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
6492bd009a04e6e16595710053c2d611ef5fe922273eaa1c43bfa22a51e8ab3aRed Hat Security Advisory 2023-4065-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.13.0. Issues addressed include a use-after-free vulnerability.
defb74e67dceae8cd827500c34dea418d05ae8bf1290b92106f7fac52cd30147Ubuntu Security Notice 6222-1 - Jiasheng Jiang discovered that the HSA Linux kernel driver for AMD Radeon GPU devices did not properly validate memory allocation in certain situations, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service.
94dbf49a52b22f22555588a1537c9f53427bb276aea89e1ea9e550c810bfd1d7Ubuntu Security Notice 6221-1 - It was discovered that a race condition existed in the overlay file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service. It was discovered that the virtual terminal device implementation in the Linux kernel contained a race condition in its ioctl handling that led to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information.
aad528fdb86e9bbeb6b879040fabb3eb8de4a6b4026eb87e0cb5da1c148cb4d8Blogator Script version 0.93 appears to leave default credentials installed after installation.
f4ba1f7c19926fbb767132bc8f10cd7d04f7c85da3aff64b4fac6348372312b2Blackboard version 2.0.2 suffers from a database disclosure vulnerability.
69cfd0715c11702d44f48382ee72a9c82a1e54680430fbedc52b9b31e7233b08Red Hat Security Advisory 2023-4075-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.13.0 ESR. Issues addressed include a use-after-free vulnerability.
7fbd4c61fedb77c5903507aebcf08dcb3f3cb42370b7c1b04767d11d7d5d15b5Red Hat Security Advisory 2023-4067-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.13.0. Issues addressed include a use-after-free vulnerability.
4c4d2056a439d1783d24796ce73369bd0648ddc9c9f231329ec2b38665f7f78e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed