Ubuntu Security Notice 6571-1 - Youssef Rebahi-Gilbert discovered that Monit did not properly process credentials for disabled accounts. An attacker could possibly use this issue to login to the platform with an expired account and a valid password.
3d13188efb2c2dfe9c731ed925b14616eee9675899cd1d0a8e2ad2bc25bb709eUbuntu Security Notice 6038-2 - USN-6038-1 fixed several vulnerabilities in Go 1.18. This update provides the corresponding updates for Go 1.13 and Go 1.16. CVE-2022-29526 and CVE-2022-30630 only affected Go 1.16. It was discovered that the Go net/http module incorrectly handled Transfer-Encoding headers in the HTTP/1 client. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.
96428fafe2ad31ad48b8e46a45e50a86a01fb944d7fa801a9d326ac37683dc05cpio version 2.13 suffers from a privilege escalation vulnerability via setuid files in a cpio archive.
e4948bd6237737a1ce41d6d861ca14bf4316c0d417e7e9b48c670388f66f760aUbuntu Security Notice 6568-1 - The ClamAV package was updated to a new upstream version to remain compatible with signature database downloads.
8e1c2faf0f799f5f8132dc7280b767a27a45d53b9745a8a388ce443e5c8ce587SSH-Snake is a powerful tool designed to perform automatic network traversal using SSH private keys discovered on systems, with the objective of creating a comprehensive map of a network and its dependencies, identifying to what extent a network can be compromised using SSH and SSH private keys starting from a particular system. SSH-Snake can automatically reveal the relationship between systems which are connected via SSH, which would normally take a tremendous amount of time and effort to perform manually.suffers from bypass and traversal vulnerabilities.
955ae990d1d900f97e789c6f6cb04dd954898e032e8e00fc6d4354e9508c09aeOX App Suite version 7.10.6-rev51 suffers from an access control vulnerability. Version 7.10.6-rev34 suffers from multiple cross site scripting vulnerabilities.
80185f3d2633831b5738bc1126710375d2e7d24e073ff394c679caa4c61efc56OX App Suite version 7.10.6-rev50 suffers from remote code execution and LDAP injection vulnerabilities. Version 7.10.6-rev33 suffers from a cross site scripting vulnerability.
592f2b04fcdcc6f8a886a43ccea679f6723dca85956b3e11029cce5b8e4022ecliveSite version 2019.1 suffers from a remote code execution vulnerability.
b37493bb3255b58a4615f905b81120f48fc0c45ea3546c91403104640924bd53Intrasrv Simple Web Server version 1.0 suffers from a denial of service vulnerability.
d7370c79e707e5078287413c0fbc8380ee94a508c9537f6674c99c31529baf05AdvantechWeb/SCADA version 9.1.5U suffers from a post authentication remote SQL injection vulnerability.
c61d51ef9791032ac5aeeaa9f4123f947e54a3c585126f417601ad70cf5716ccUbuntu Security Notice 6569-1 - it was discovered that libclamunrar incorrectly handled directories when extracting RAR archives. A remote attacker could possibly use this issue to overwrite arbitrary files and execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. It was discovered that libclamunrar incorrectly validated certain structures when extracting RAR archives. A remote attacker could possibly use this issue to execute arbitrary code.
b81771e4d8b0760cfe218cfa3429b18ca1622f8f2c85cd6d4ac1ca217536f86fMicrosoft SQL Server versions 2014 through 2022 suffers from a db_ddladmin privilege escalation vulnerability. When escalated to Microsoft as a concern, they instead opted to update their documentation to note that this is possible instead of addressing the issue.
cac3f425f4cca8e96dd9616578d2788098261640c115710127e2b2ec6da21b6cRed Hat Security Advisory 2024-0089-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.
d105e9ac9c6738478835aa25b4df7921aec1cee0a47be65b0d1f2d61eb6ee6cetc is a low-tech free software to chat anonymously and ciphered over Tor circuits in PGP. Use it to protected your communication end-to-end with RSA/DSA encryption and keep yourself anonymously reachable by anyone who only knows your .onion address and your public key. All this and more in 2400 lines of C code that compile and run on BSD and Linux systems with an IRC like GUI. As this is a rolling release and does not have an official build yet, the prior version on Packet Storm was replaced with this updated code base.
bae7c904763360a82e8b3a4a6720b31c22f9c49b63eca777df474d4383d39f97Ubuntu Security Notice 6567-1 - Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the USB xHCI controller device. A privileged guest attacker could possibly use this issue to cause QEMU to crash, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that QEMU incorrectly handled the TCG Accelerator. A local attacker could use this issue to cause QEMU to crash, leading to a denial of service, or possibly execute arbitrary code and escalate privileges. This issue only affected Ubuntu 20.04 LTS.
822fd59a00f432568a1ff02767caa245fcfcf6843527f21aad32e7fa00321108OpenSSL Security Advisory 20240109 - The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions.
96d61a8c58cb14bf75cc794f7eb487fcc526fb0873fe97c3c9779d86fc65cb31
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed