Ubuntu Security Notice 6421-1 - It was discovered that Bind incorrectly handled certain control channel messages. A remote attacker with access to the control channel could possibly use this issue to cause Bind to crash, resulting in a denial of service.
16de65c7aa51273ab7badf3eb25eb0e019362a758426776599b21be001099910Ubuntu Security Notice 6420-1 - It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
19c540acc5fd7d8746f07b092b83ebdd2213c5c327acab8774789ac8cbc44831Gentoo Linux Security Advisory 202310-9 - Multiple vulnerabilities have been discovered in c-ares the worst of which could result in Denial of Service. Versions greater than or equal to 1.19.1 are affected.
dba467e1cac9309374c23a8d2f24d647cbf257865cdcc88db8600f113e7af9c7Gentoo Linux Security Advisory 202310-8 - A root privilege escalation through setuid executable and cron job has been discovered in man-db. Versions greater than or equal to 2.8.5 are affected.
e4aabe866e1c6ec648f354ecbe47520ee91be112fc27b1f17b9e4e613a3bc3abGentoo Linux Security Advisory 202310-7 - Multiple vulnerabilities have been discovered in VirtualBox, leading to compromise of VirtualBox. Versions greater than or equal to 7.0.6 are affected.
6f07aa54ccb53955aad4a9ce1685618ec85d82ad34574be40610e01e5006b879Gentoo Linux Security Advisory 202310-6 - Multiple vulnerabilities have been discovered in Heimdal, the worst of which could lead to remote code execution on a KDC. Versions greater than or equal to 7.8.0-r1 are affected.
27611271da9764cfeb6bf4345cc8b0a457073005b818ba42fe2a3f1b4b278d83Gentoo Linux Security Advisory 202310-5 - A vulnerability has been found in dav1d which could result in denial of service. Versions greater than or equal to 1.2.0 are affected.
15db8575893577faba1443afe44bf9503964d5dac132c98026322f40f9dd86cfDebian Linux Security Advisory 5519-1 - Maxim Suhanov discovered multiple vulnerabilities in GURB2's code to handle NTFS filesystems, which may result in a Secure Boot bypass.
69c6c2e6aac12f53f91896003b4bf1c34f93099bdaab89e3995c3c1a344d85baKibana versions prior to 7.6.3 suffer from a prototype pollution bug within the Upgrade Assistant. By setting a new constructor.prototype.sourceURL value you can execute arbitrary code. Code execution is possible through two different ways. Either by sending data directly to Elastic, or using Kibana to submit the same queries. Either method enters the polluted prototype for Kibana to read. Kibana will either need to be restarted, or collection happens (unknown time) for the payload to execute. Once it does, cleanup must delete the .kibana_1 index for Kibana to restart successfully. Once a callback does occur, cleanup will happen allowing Kibana to be successfully restarted on next attempt.
7b00b8eea8f510a8a337e334be1bacd682e8cb1dc1f59ad886193ba45fa3094dBotan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.
049c847835fcf6ef3a9e206b33de05dd38999c325e247482772a5598d9e5ece3Simple Packet Sender (SPS) is a Linux packet crafting tool. It supports IPv4, IPv6 (but not extension headers yet), and tunneling IPv6 over IPv4. Written in C on Linux with GUI built using GTK+. Both source and binaries are included. Features include packet crafting and sending one, multiple, or flooding packets of type TCP, ICMP, or UDP. All values within ethernet frame can be modified arbitrarily. Supports TCP, ICMP and UDP data as well, with input from either keyboard as UTF-8/ASCII, keyboard as hexadecimal, or from file. Various other features exist as well.
27655eb9a3a11f0253a3989eedbe5dd12a1cb92bbb5594ec4c58e5663a454db3eClass Junior version 4.0 suffers from a remote SQL injection vulnerability.
fe25bf20628b95e728482b08a8d3f9ce6bd4e732844de33554a5951468322a2aeClass IP version 2.5 suffers from a remote SQL injection vulnerability.
b711babfc66671ea5103fe26d521747c60621f2c26be69bc9fb4ef7463b6da31Chicv Management System Login version 4.5.6 suffers from an insecure direct object reference vulnerability.
a1f22b058663bc8da61360fc44754976f6b505a75676b87d6ab966e195c4f96cAicte India LMS version 3.0 suffers from a cross site scripting vulnerability.
d6bdd519cdbf391aa1f466dbf921113b4bbdfc1dadd6a058a7f32ab5384d6235
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed