Ubuntu Security Notice 6259-1 - Jos Wetzels, Stanislav Dashevskyi, and Amine Amri discovered that Open-iSCSI incorrectly handled certain checksums for IP packets. An attacker could possibly use this issue to expose sensitive information. Jos Wetzels, Stanislav Dashevskyi, Amine Amri discovered that Open-iSCSI incorrectly handled certain parsing TCP MSS options. An attacker could possibly use this issue to cause a crash or cause unexpected behavior.
11add8b04ad913d8a0d55bdb51820f2c3df6cc99cc46d3fb35aa47446b9c769fUbuntu Security Notice 6260-1 - It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information. Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges.
a4384a0d58c965d16d9a12fe71bc79afb9b36f12a4660d6419a9dae8338f976aRed Hat Security Advisory 2023-4226-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.6.
ce4492864dcb382a006d5197438c039f97330f652c6c8aed7cc631262735dfe7Red Hat Security Advisory 2023-4225-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.6.
1ee5cc88afc05f04f8cab5e69c08e0c0eb450ca34081c1800b05f30e7d89899bDebian Linux Security Advisory 5460-1 - It was discovered that Curl performed incorrect file path handling when saving cookies to files, which could lead to the creation or overwriting of files.
6e2f994d08396a20ab9a51c73c0d306c696b60020ddc145cb1423220ed1abd2bTor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.
a5ac67f6466380fc05e8043d01c581e4e8a2b22fe09430013473e71065e65df8Ubuntu Security Notice 5193-3 - USN-5193-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 ESM. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain inputs. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges.
1eb1ddb27fbb758f427c0bf5ea4ee429be3e11990390a1e22ded9d1a9f2be38eUbuntu Security Notice 6258-1 - It was discovered that LLVM Toolchain did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted MLIR file, an attacker could possibly use this issue to cause LLVM Toolchain to crash, resulting in a denial of service. It was discovered that LLVM Toolchain did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted MLIR file, an attacker could possibly use this issue to cause LLVM Toolchain to crash, resulting in a denial of service. This issue only affected llvm-toolchain-15.
15c885edb7e0ba7f4983c7a40211df4b440b82848835df91fc7c1e82a2b8501aXLAgenda version 4.4 suffers from a cross site request forgery vulnerability.
b32d86f04f194dce3c7ff53cbf3caca6972b63541fb6d557a75d1b79c5076778WonderCMS version 0.6-Beta suffers from a password disclosure vulnerability.
7730fce6db7c8209b7f075de09ab07291b78604414042879ee1427de2ab0f527xForUp Simple File Uploader version 1.0 suffers from a remote SQL injection vulnerability.
361651b4acd30ddc2f3f044531153e1a0b18342e97aaf21d8d9a9cdeebb3c58cUbuntu Security Notice 6257-1 - It was discovered that Open VM Tools incorrectly handled certain authentication requests. A fully compromised ESXi host can force Open VM Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.
9874c20b43c69ee280343a66768f47a879830a6aa5d20f830e0e79427463ade2Ubuntu Security Notice 6256-1 - Jiasheng Jiang discovered that the HSA Linux kernel driver for AMD Radeon GPU devices did not properly validate memory allocation in certain situations, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service.
53c2946b5d19f257334d1182e7199b58771f576b4b09ca7d1fb73edd8b8401a3B-OBEC version V.092019 suffers from a remote SQL injection vulnerability.
5a322b9d3bddaaa850e7f2eb9c8fa01c12d8bc7f0f77059234b6bbe521e18c21BMIT BMS version 2.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
6c44b20654cc1ac0bd5815441e8f32129376fb466e937a80b8c808e94f6eee08Ubuntu Security Notice 6255-1 - It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Mingi Cho discovered that the netfilter subsystem in the Linux kernel did not properly validate the status of a nft chain while performing a lookup by id, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.
b92e45b5821cbc38a01a9f4fad300b0ca630b46f0b15c730d3315c01259ea4d7Red Hat Security Advisory 2023-4290-01 - OpenShift sandboxed containers 1.4.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
1e2b8ec0277e95d223b5e93c67cebd05ba8613dd04c6a60f215d9837febfb0b2Red Hat Security Advisory 2023-4293-01 - The Migration Toolkit for Containers (MTC) 1.7.11 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate.
a6c7962adce03ec3f046c6f9917c53d0076af524b7a7d3efc40bc00d003762f8Ubuntu Security Notice 6254-1 - Jordy Zomer and Alexandra Sandulescu discovered that syscalls invoking the do_prlimit function in the Linux kernel did not properly handle speculative execution barriers. A local attacker could use this to expose sensitive information. It was discovered that a race condition existed in the btrfs file system implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly expose sensitive information.
0faaa1a4c904d2777eb8f39748a9d767eddb9f41659d19079b8dcbea4f5d81efAMSS++ version 5.21.09 suffers from a remote SQL injection vulnerability.
d6eff57f5ad369547a8526cb80208127f9e3dca31c5ffa7cd2842cd831b083a6AMS Logistics version 2.2 suffers from a remote SQL injection vulnerability.
c055825a498e3cdbb7ec70ab1ea8dd878ae30e419ded9bd11a3d50cac6ee442aRed Hat Security Advisory 2023-4286-01 - Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.
d5d35601175060e7441b9a1481c61970c832969895ba21bcfab1b55787d9e0f1Red Hat Security Advisory 2023-4287-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.
a75172f933e219fbd1aa1cf9b0907e6aa8d24bc3d9ee8ea4185026c5823cbd75Aicte India LMS version 3.0 suffers from a remote SQL injection vulnerability.
291c97f85e73d82a9c9afa4293289afa389b5c4dfb9e3199019c3c6d954331a9Buzzy News Viral Lists Polls and Videos version 2.5.1 appears to leave default credentials installed after installation.
5ed91b51bdf7efaa67ae9bf7fba6a1066c2ab71217d47b8a8ad0b9d7d469dbaa
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed