Red Hat Security Advisory 2023-4910-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.4 serves as a replacement for Red Hat JBoss Web Server 5.7.3. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References section. Issues addressed include denial of service, information leakage, integer overflow, and out of bounds write vulnerabilities.
eb75438ef29d3419f6725183bfbeb51f52079fcb4b05c04f5a9dab7196252540Red Hat Security Advisory 2023-4909-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.4 serves as a replacement for Red Hat JBoss Web Server 5.7.3. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References section. Issues addressed include denial of service, information leakage, and integer overflow vulnerabilities.
42d63a53d46500f97ac09efb36b14aeae78e4c4154a0783587555b21ea3cde1cUbuntu Security Notice 6335-1 - It was discovered that BusyBox incorrectly handled certain malformed gzip archives. If a user or automated system were tricked into processing a specially crafted gzip archive, a remote attacker could use this issue to cause BusyBox to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. It was discovered that BusyBox did not properly validate user input when performing certain arithmetic operations. If a user or automated system were tricked into processing a specially crafted file, an attacker could possibly use this issue to cause BusyBox to crash, resulting in a denial of service, or execute arbitrary code.
ce6cd273a2adefd9dc9d4b39d27ed6ba12c30e3105c870f8b4e96eaa14d28bc3Ubuntu Security Notice 6334-1 - Peter Wang discovered that atftp did not properly manage certain inputs. A remote attacker could send a specially crafted tftp request to the server to cause a crash. Andreas B. Mundt discovered that atftp did not properly manage certain inputs. A remote attacker could send a specially crafted tftp request to the server to cause a crash. Johannes Krupp discovered that atftp did not properly manage certain inputs. A remote attacker could send a specially crafted tftp request to the server and make the server to disclose /etc/group data.
3bdd531c8758e85af1a9dc219bf472e81e0cf00af872e44aefe3ded2b15188f4Ubuntu Security Notice 6333-1 - Junsung Lee discovered that Thunderbird did not properly validate the text direction override unicode character in filenames. An attacker could potentially exploits this issue by spoofing file extension while attaching a file in emails. Max Vlasov discovered that Thunderbird Offscreen Canvas did not properly track cross-origin tainting. An attacker could potentially exploit this issue to access image data from another site in violation of same-origin policy.
de1cdeefaa54cbd5ac2ba23369fd0091cdef1507fcdebab7399ef5c6b2b74e13Debian Linux Security Advisory 5488-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.
c4b9ef34e56f966dc628297fcd9a209fc6e8f676919d45454be8a2f6a9cac139jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.
c2fbf8bf0a47c670fad1bee18fdc18a0b6b5257d83d819dce0dc4303a17f79e8There is a race between mbind() and VMA-locked page faults in the Linux 6.4 kernel, leading to a use-after-free condition.
78b0a4905933278287d325ebef0bf5c144a4c579eaaf4874daf17a797f5aa2b7NVClient version 5.0 suffers from a stack buffer overflow vulnerability.
abd3909daaf63482eae8d1670f83664e68a0dc2a1099d512a7df9789899192c7CSZ CMS version 1.3.0 suffers from multiple persistent cross site scripting vulnerabilities.
9b94dac81267b78ab87830aff4334c9f75589fa563e0c0d8dac51942e11ccd07nullcon Goa 2023 will be having a live bug hunting competition to win money. Registration deadline is September 7, 2023. The conference will be held September 22nd through the 24th, 2023.
1cd891b4b4f7b63a38bb73250b01e63e89e37a5c67f9dcf2487b0a4a3db90a52AdminTLE PiHole versions prior to 5.18 suffer from a broken access control vulnerability.
9b8c890163587c6b86432ce2b114aa227620678fe2ad0b6011239c3105f1be06Ivanti Avalanche versions prior to 6.4.0.0 suffer from a remote code execution vulnerability.
fbb31ff5f38dd146b12a471e205d680b8205fc2fdb41ac774f03201dcb313808ImpressionTech CMS version 1.4 suffers from a remote SQL injection vulnerability.
7032b1e074d75927ade21c93b6ef6a9107eb57b2322cb16a4880374746b827aeImpress CMS version 1.3.9 suffers from an open redirection vulnerability.
e2fcf8fc68a8d805a84ed27217308849c526fd9c890e5ac538f4522ab18908e7ImgHosting version 1.3 suffers from a html injection vulnerability.
191405965601ade0d4bd0ce91b2f3150036b54e91e9ed959a9c38087ce9f2322Humhub version 1.3.13 suffers from a remote shell upload vulnerability.
7a715a33400e2add27f596f876eb05f01d21b959756f68afee12e2b91ef7ac46
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed