Red Hat Security Advisory 2023-7477-01 - Red Hat OpenShift Container Platform release 4.13.24 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.
7f0170c106c8ea334c50d1270a31e4530712286e3978e58de3781b721f16cb40Red Hat Security Advisory 2023-7475-01 - Red Hat OpenShift Container Platform release 4.13.24 is now available with updates to packages and images that fix several bugs and add enhancements.
8e78ba5359364ec4ef0c2d5276c91bd80094a3b1a6d4b5227e2da867b37fdbecRed Hat Security Advisory 2023-7474-01 - Red Hat OpenShift Container Platform release 4.13.24 is now available with updates to packages and images that fix several bugs.
f6dd6cd03c8ca6a7ecbe9237f2784a266fa75e4ae76039a139824aff991be894Red Hat Security Advisory 2023-7469-01 - Red Hat OpenShift Container Platform release 4.14.4 is now available with updates to packages and images that fix several bugs. Issues addressed include a denial of service vulnerability.
bd4b94a8f50462010bc30a472d934e7ecc4ac008870d66d84837fa8f7a813409It was discovered that the Xen netback driver in the Linux kernel did not properly handle packets structured in certain ways. An attacker in a guest VM could possibly use this to cause a denial of service (host NIC availability). It was discovered that the virtual terminal driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). Various other issues were discovered and addressed.
ee52836c711111ecd52b6c4162409caa5a393b4ec4571f1e5de8d4ace83228b9Ubuntu Security Notice 6508-2 - USN-6508-1 fixed vulnerabilities in poppler. The update introduced one minor regression in Ubuntu 18.04 LTS. This update fixes the problem. It was discovered that poppler incorrectly handled certain malformed PDF files. If a user or an automated system were tricked into opening a specially crafted PDF file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that poppler incorrectly handled certain malformed PDF files. If a user or an automated system were tricked into opening a specially crafted PDF file, a remote attacker could possibly use this issue to cause a denial of service.
de9a7900745ac5cd65dd9aaeea874833a2f6dc1be395f226a2947c9246003ddeUbuntu Security Notice 6520-1 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.
819987813ef542ac72c57ea8cd7eca7b0438dc7b875007bd591418d3b8391709Ubuntu Security Notice 6502-3 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.
da2732a3a740d4fca2ae7b8f3b2c756f10e54524b9befd3f0a32d934e89d8c5fUbuntu Security Notice 6519-1 - The EC2 hibagent package has been updated to add IMDSv2 support, as IMDSv1 uses an insecure protocol and is no longer recommended.
d8ce04e1d61cde48beba842b27d2655b79f1476b3a007cb7dd46ee137e8f510cUbuntu Security Notice 6518-1 - Luis Rocha discovered that AFFLIB incorrectly handled certain input files. If a user or automated system were tricked into processing a specially crafted AFF image file, a remote attacker could possibly use this issue to cause a denial of service via application crash.
a5fb3d4d285627b1644b0476b879e2715672fc5f4c0c192f9836a5599aaa0688This is a custom firmware written for the Proxmark3 device. It extends the currently available firmware. This release is nicknamed Faraday.
f001254f9eb2fcb96df873f0404ffcc4064baf421fbcb926d0eba2c06c2da722The uninstaller in Fortra Digital Guardian Agent versions prior to 7.9.4 suffers from a cross site scripting vulnerability. Additionally, the Agent Uninstaller handles sensitive data insecurely and caches the Uninstall key in memory. This key can be used to stop or uninstall the application. This allows a locally authenticated attacker with administrative privileges to disable the application temporarily or even remove the application from the system completely.
d393eda92218fb28d4719259401d1db3e0731edb5b930170f2f951494d02fbc7Debian Linux Security Advisory 5568-1 - It was discovered that incorrect memory management in Fast DDS, a C++ implementation of the DDS (Data Distribution Service) might result in denial of service.
f98b1127ce5c74663b458fb7d53e20ef0a1319434f99078abbab9c106d3d5590etcd-browser version 87ae63d75260 suffers from a directory traversal vulnerability.
8456b0b8489b8c480ad32f464fbe163fc1fe87e4a533e2f02fd020993cf98140Ubuntu Security Notice 6513-2 - USN-6513-1 fixed vulnerabilities in Python. This update provides the corresponding updates for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. It was discovered that Python incorrectly handled certain plist files. If a user or an automated system were tricked into processing a specially crafted plist file, an attacker could possibly use this issue to consume resources, resulting in a denial of service.
701ececc93d67a78a460f6a43c83e5e9e64992057fec8f161b50e2d8b859fe92Loytec LINX-151 with firmware version 7.2.4 and LINX-212 with firmware version 6.2.4 suffer from file disclosure vulnerabilities that leak secrets as well as issues with stories secrets in the clear.
c8d887d4717b94c1aee40cf1ff1bea9d76d8c987065fd897b45f142808786003Loytec LINX Configurator version 7.4.10 suffers from insecure transit and cleartext hardcoded secret vulnerabilities.
2fb3f8f77e58786a2b8154d7b4ce1ea69b7a9be5791623aa4210e517a66a5857A dangling pointer vulnerability is present in WebRTC's PacketRouter due to an SDP SIM group SSRC from one track (e.g., video) colliding with an existing SSRC from a different track (e.g., audio). This inconsistency between the send_modules_map_ and the send_modules_list_ can lead to a use after free.
426fe7fd9743d7c7d9ba2167f870968aaad57ccdefafb8bca89ee26333cad8bem-privacy TightGate-Pro suffers from code execution, insecure permissions, deletion mitigation, and outdated server vulnerabilities.
55d99668e130fe585eb26f5ac98889fe0cb5368f4185842bb3d4346adf9bd24bUbuntu Security Notice 6402-2 - USN-6402-1 fixed vulnerabilities in LibTomMath. This update provides the corresponding updates for Ubuntu 23.10. It was discovered that LibTomMath incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code and cause a denial of service.
bcc649a7c6a092bbffcc80f89e984363dff2d24bfc8e18c3a8fe08eb8f47e8e8Ubuntu Security Notice 6502-2 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.
3844c5b07f62a7f21e7da4b17678c476911376d85f2c2699a0fd527b28dae8a9Ubuntu Security Notice 6516-1 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.
e7ba5ff6d6d35068a385124ee99fb4cdf9ca4e686d62ac89918e057c43160a7bSmartNode SN200 versions 3.21.2-23021 and below suffer from a remote command execution vulnerability.
fc0d5c184e0cd12de9f88070f90cdbe9697833c1394af267f9cccc697c7a5470Red Hat Security Advisory 2023-7517-01 - An update is now available for Red Hat Ansible Automation Platform 2.4.
de7b0f96a923f2caf3e1e7d190a824bc7c8627b600ce1073db80524062296b39Red Hat Security Advisory 2023-7515-01 - The components for Red Hat OpenShift for Windows Containers 9.0.0 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Issues addressed include a privilege escalation vulnerability.
22fd27567fa73b0487fa3e141834c87327890531494fe84f9dc73b1c9657ef21
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed