Ubuntu Security Notice 4897-2 - USN-4897-1 fixed several vulnerabilities in Pygments. This update provides the corresponding update for Ubuntu 14.04 LTS. Ben Caller discovered that Pygments incorrectly handled parsing certain files. If a user or automated system were tricked into parsing a specially crafted file, a remote attacker could cause Pygments to hang or consume resources, resulting in a denial of service.
0229f770d8874a0513c2166bf3e303d5654a0a18244de156ea9264cde333f0cdUbuntu Security Notice 6287-1 - Simon Ferquel discovered that the Go yaml package incorrectly handled certain YAML documents. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause the system to crash, resulting in a denial of service. It was discovered that the Go yaml package incorrectly handled certain large YAML documents. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause the system to crash, resulting in a denial of service.
ff302540a68948d05ae6233fae6500513305acbb977068850f9628c22134174eUbuntu Security Notice 6280-1 - It was discovered that PyPDF2 incorrectly handled PDF files with certain markers. If a user or automated system were tricked into processing a specially crafted file, an attacker could possibly use this issue to consume system resources, resulting in a denial of service.
1bea4c8076bd6e5ab60c9f0179df73b1cf5eeb858149ac4a60e59726f0ba0fc9Ubuntu Security Notice 6286-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. It was discovered that some Intel Xeon Processors did not properly restrict error injection for Intel SGX or Intel TDX. A local privileged user could use this to further escalate their privileges.
c0c75d64309f39dd0c71d8e92d6ad8cf29041158c1a43956be78cc32f0d30aa2Debian Linux Security Advisory 5476-1 - Multiple vulnerabilities were discovered in the RealMedia demuxers for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.
45d6e8fe829f87a9d45b74ad980ae09595dfedfcd4a24f1d353c0ff0b264dcafjSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.
f10e3bf405f1fc962e8bef1980943cec5018e07f66ce5260c0f04edd579c6bffUbuntu Security Notice 6283-1 - Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service. Zheng Zhang discovered that the device-mapper implementation in the Linux kernel did not properly handle locking during table_clear operations. A local attacker could use this to cause a denial of service.
d89ea852ace9ebfc7bd58b09a638e52edb508a4626f5a1fe5c5fc2bf4bbdc318Ubuntu Security Notice 6284-1 - It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service. Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux kernel did not properly validate arguments to ioctl in some situations. A local attacker could possibly use this to cause a denial of service.
ec651fa855268fc14d26e263a73563801aeb8755bc99a7ff2e1209758b7c0a17Ubuntu Security Notice 6285-1 - It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information. Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges.
c7303f43ba77d16cc931ee8b1c0d2f16d00a561cedb386fa837bfed417cd59f3Advantech EKI-1524-CE series, EKI-1522 series,and EKI-1521 series versions 1.21 and below and 1.24 and below suffer from cross site scripting vulnerabilities.
c3a6cbea79ff546db8165bd3b5e329dfc66aec81cd06ea79d913dda8ae9f889bPhoenix Contact TC Router 3002T-4G* versions prior to 2.0.2, TC Cloud Client 1002-4G* versions prior to 2.07.2, and Cloud Client 1101T-TX/TX versions prior to 2.06.10 suffer from cross site scripting and memory consumption vulnerabilities.
a587bb9bbd0a7bc6b304a09099ebed341f33e4b48fa43bcad73ec180522c55d2This is a Metasploit module for enumerating public Azure services by validating legitimate subdomains through various DNS record queries. This cloud reconnaissance module rapidly identifies API services, storage accounts, key vaults, databases, and more!
ccd5eff55c0f2d978fd9aeb246beff5116650ca8cf92390516addb006dcf5583Qualys scanners use the ssh-rsa algorithm for pubkey signing in its attempt of SSH login. Modern SSHD servers reject pubkey login with ssh-rsa, so Qualys is unable to scan up-to-date Linux e.g. Debian12 or RHEL9. Qualys does not check the list of pubkey signing algorithms accepted by SSHD servers, and therefore cannot notify about any insecure ones.
9cc12364accc88c8da5dc14fcda696933b5a5d17343558cadfdb7480fa60e6faRed Hat Security Advisory 2023-4627-01 - Migration Toolkit for Applications 6.2.0 Images. Issues addressed include a denial of service vulnerability.
528c9d58b6e45e077bc24566369ae07e0edd29ac2d852cf5fcdab7f12d8ed270Red Hat Security Advisory 2023-4625-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.
523284018ab36eaf368af6109e2b337f6b0d5a8bd5908b3fe50a6989ebeb6a7eRed Hat Security Advisory 2023-4623-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.
8d3e367ab18305b5a0b96bb1244608306a68e1e59432663f9a25f0f05f5c0e6aRed Hat Security Advisory 2023-4624-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a memory leak vulnerability.
e0f5c7eca180931c2dd41e9bf1359f55373aefa75a8399a487be13af264d36efBookingWizz version 6.0.1 suffers from an information leakage vulnerability.
14dc808fba0c29bec381b92941a79a68db7e7dccd2b66351dfa0ae504f014329E-commerce Growisei CMS version 2.0 appears to leave default credentials installed after installation.
b549c22479bc881ac0ce28a4c4ceea4ae7a1618e0f8e14ffc39e65010f3dc20fDBCInfoTech CMS version 2.0 suffers from an unauthenticated administrator reinstall vulnerability.
ee4695049fa78cdc4416bf9c9d888b2f016dd969d8de33f1716e9c35a8c42a9fEducation Time Indonesian School CRM version 1.7 suffers from a cross site scripting vulnerability.
77618beacec0c289a4aea53e4b0a7defb69006eae75c7aa9569481269ddcd23dEden CMS version 1.02 suffers from a cross site scripting vulnerability.
630fc795c3e5190be18343a06f18966cff7b4b647a208473387fd510f0ff5a90Ecommerce Responsive version 1.2 suffers from an insecure direct object reference vulnerability.
564898b789a9a93cde9f20cbbc717b9082bd02138f74c6c760f6a3b3ee5915e6E-Biz CMS version 2.0 suffers from a cross site request forgery vulnerability.
0051b3ec1334ec05af6d228c8a79d4a9b5645a0e801b6a2ea22a9b8fb0623d1dEasyPX CMS version 06.02.04 suffers from a cross site scripting vulnerability.
a3f28c088ff341f6a0fa5681eaba61ef33b9b9c90cbf2bcc812fbe88658d9da3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed