Debian Linux Security Advisory 5551-1 - Debian appears to have forgotten to put the actual details of the advisory in this advisory, but they recommend that you upgrade your chromium packages.
fb35142982fe3ab19f5d2666c960a025582687bfa11537528733231c5f3a4e55Maxima Max Pro Power with firmware version 1.0 486A suffers from a BLE traffic replay vulnerability that allows for arbitrary unauthorized actions.
848da42a3cba176c31cc48115f21f236e59a1cedd1fc18d58aff719036d2ea72The Microsoft Windows kernel suffers from a containerized registry escape through integer overflows in VrpBuildKeyPath and other weaknesses.
c1feae840787713bb89848cc8ba310ff0f5a1d43e23d59e1de207223ba6d1278Ubuntu Security Notice 6474-1 - It was discovered that xrdp incorrectly handled validation of client-supplied data, which could lead to out-of-bounds reads. An attacker could possibly use this issue to crash the program or extract sensitive information. It was discovered that xrdp improperly handled session establishment errors. An attacker could potentially use this issue to bypass the OS-level session restrictions by PAM.
80f11e75bf9e200fb554e96ade8114b9c0c6defa3ccbc799491f881b3afd2f6aZephyr RTOS versions 3.5.0 and below suffer from a multitude of buffer overflow vulnerabilities.
a7c59cc89cb9ce2fcf88b9ff433accbf339f75522df978dd46fbde16839fcaa8Ubuntu Security Notice 6465-3 - Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel contained a null pointer dereference vulnerability in some situations. A local privileged attacker could use this to cause a denial of service.
5bf6952e8660d03e5c815358443efb598d8acc647e8be58c7accc9d18d79a075Ubuntu Security Notice 6462-2 - Seth Jenkins discovered that the Linux kernel did not properly perform address randomization for a per-cpu memory management structure. A local attacker could use this to expose sensitive information or in conjunction with another kernel vulnerability. Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.
4c16f3fdcebfc5b44dc509e5a5feb0ff4952b6fea4797784253d2182ab528765WordPress Contact Form to Any API plugin version 1.1.2 suffers from a remote SQL injection vulnerability.
cdc7feca4e1dcd6a83bd3315a3f454b58d1d6e1242d0204dabad94ba921dc08dUbuntu Security Notice 6473-1 - It was discovered that urllib3 didn't strip HTTP Authorization header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that urllib3 didn't strip HTTP Cookie header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information.
01c8788f56d352f691cc6e76bb162b2e9e247c8c99c3c08204defa5099ea0fa8Debian Linux Security Advisory 5550-1 - Multiple security vulnerabilities have been discovered in Cacti, a web interface for graphing of monitoring systems, which could result in cross-site scripting, SQL injection, an open redirect or command injection.
7a7f9ca4bb5abfa98cf53aa0ca9aa66f7e866e296a2de95a9bff10d7bbd41b98The !CVE Project is an initiative to track and identify security issues that are not acknowledged by vendors but still are important for the security community.
b048c73843bf5ec0efa0043743dba221a703c3a314b73dbc5a6b254795d5cb61Debian Linux Security Advisory 5549-1 - Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service or information disclosure.
06b531869de4400f36aa992d6b50615be2536465773861a5ff199f2168e9638cPenglead version 2.0 suffers from a remote SQL Injection vulnerability that allows for authentication bypass.
aad0a8f1f099096020f31cfa1d95cf247087344cc3af7be040e0b53f6b1a8763Ubuntu Security Notice 6472-1 - It was discovered that GNU Scientific Library incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
ee46cc1348fac3b01799f726b3a8b754e2924cfd5e1a27c557416b025fc3f915Debian Linux Security Advisory 5547-1 - Francois Diakhate reported that a race condition in pmix, a library implementing Process Management Interface (PMI) Exascale API, could allow a malicious user to obtain ownership of an arbitrary file on the filesystem when parts of the PMIx library are called by a process with elevated privileges, resulting in privilege escalation. This may happen under the default configuration of certain workload managers, including Slurm.
39efa76cc8a3596e2e40ef1e5ebd3700cc07cf1223a1a98676deddeadbf37944Products from LOYTEC electronics such as Loytec LWEB-802, L-INX Automation Servers, L-IOB I/O Controllers, and L-VIS Touch Panels suffer from improper access control and insecure transit vulnerabilities.
1293dd53eba4aa74cf6c558126950c2f55c798bfedd091d0f8f110a3cbdba570This is a script that checks the WordPress WP Rocket plugin to see if it is a version vulnerable to local file inclusion.
c3229af0a58a90826c202f67b9967c50d32d7265ad9cc923c136a59dbeebe883Ubuntu Security Notice 6471-1 - It was discovered that libsndfile contained multiple arithmetic overflows. If a user or automated system were tricked into processing a specially crafted audio file, an attacker could possibly use this issue to cause a denial of service.
ef5911d47e87e6621b038f2dfa708f040f8897781dc6ecb269d16126a071d2b9Debian Linux Security Advisory 5548-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service.
48af3d3ffbe965ace816c245eec6ea9e16d4e10c2d52dae48933a2e83f66cb47Travel version 1.0 suffers from a remote SQL injection vulnerability.
ac6aa5732240ade04ba1428e983e06a776d211b34482255a55bcc84f1fa934f3Ubuntu Security Notice 6470-1 - It was discovered that Axis incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
448577447601ebe3fd9e50066d4b2a0042c028211e054bad6088d7b0cba693ecUbuntu Security Notice 6467-2 - USN-6467-1 fixed a vulnerability in Kerberos. This update provides the corresponding update for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.04. Robert Morris discovered that Kerberos did not properly handle memory access when processing RPC data through kadmind, which could lead to the freeing of uninitialized memory. An authenticated remote attacker could possibly use this issue to cause kadmind to crash, resulting in a denial of service.
4ad54c4af0a327b2b9f359c37f69c2f7664b99f4cfba86aaa9ed3fd9f04dd692Elementor Website Builder versions prior to 3.12.2 suffer from a remote SQL injection vulnerability.
986a6a30ea7adf858f93cd9304ca33cc1f614bef0d19105c32efe8071261901fUbuntu Security Notice 6469-1 - Ashley Newson discovered that xrdp incorrectly handled memory when processing certain incoming connections. An attacker could possibly use this issue to cause a denial of service or arbitrary code execution.
27f22e8c4599953e60c42928e27a91e4846b71c55ab10ff261b55486e50e373bGentoo Linux Security Advisory 202311-2 - Multiple vulnerabilities have been discovered in Netatalk, which could lead to remote code execution Versions greater than or equal to 3.1.18 are affected.
3687fbcff94cb1bbeaceabbe41b00d5ee9b888089068ad7eb0a75654d3861d85
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed