Ubuntu Security Notice 6508-1 - It was discovered that poppler incorrectly handled certain malformed PDF files. If a user or an automated system were tricked into opening a specially crafted PDF file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that poppler incorrectly handled certain malformed PDF files. If a user or an automated system were tricked into opening a specially crafted PDF file, a remote attacker could possibly use this issue to cause a denial of service.
0a5780d370acd693467a216eb7a49184eb45dde07e93b2febeeb6b2de1efb474
Ubuntu Security Notice 6509-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. It was discovered that Firefox did not properly manage memory when images were created on the canvas element. An attacker could potentially exploit this issue to obtain sensitive information.
b829fdf51cf2a37d15b78f3f6807c30a0b585c7fbda044f4d27c269eebcb3308
CSZ CMS version 1.3.0 suffers from a remote shell upload vulnerability.
b8f0f3c59686781c297f072ed9c3ca2896c1c6ea8f3916447a7e73c9086eb19a
Gentoo Linux Security Advisory 202311-3 - Multiple vulnerabilities have been discovered in SQLite, the worst of which may lead to code execution. Versions greater than or equal to 3.42.0 are affected.
1c78773ee054ae93bfcd3b4e97d0857dff73e53681e6d7e0a540acff2c260724
The Nullcon Berlin 2024 Call For Papers is open. It will take place March 14th through the 15th, 2024 in Berlin, Germany. Training courses are March 11th through the 13th.
9d898d2e9216636ff0ee2829f5372248546c6aacbe8d6ffd65fd875822b51870
Red Hat Security Advisory 2023-7488-01 - A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal. Issues addressed include a denial of service vulnerability.
8e61b0cadfc87c80df4b1b4445674a0c846df7d2553836487807a6e159de978a
Red Hat Security Advisory 2023-7486-01 - A new image is available for Red Hat Single Sign-On 7.6.6, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Issues addressed include a denial of service vulnerability.
5752fce366651e5855a1f5b66e788aed627bb6d0427350a429c470005e6f3a18
Debian Linux Security Advisory 5561-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information leaks or clickjacking.
6601acc60747d10ac14a92a45b7963ac8980a3a2ad51592be357beecdf48cf9a
Ubuntu Security Notice 6507-1 - It was discovered that GlusterFS incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause GlusterFS to crash, resulting in a denial of service.
fba8ba7315ef2a833029272a8516db9bd4a63304cb532fa82940bf18f618d4e3
Red Hat Security Advisory 2023-7484-01 - New Red Hat Single Sign-On 7.6.6 packages are now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.
55e5436ba9f1d21c4ee13268e526a399527e2b88ec5d7aedd52fdf727f919131
Red Hat Security Advisory 2023-7483-01 - New Red Hat Single Sign-On 7.6.6 packages are now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.
5589dc30533b96616d0fe3e877721fbdc51d5be495f50e1feaa20eb01583cee3
Red Hat Security Advisory 2023-7482-01 - New Red Hat Single Sign-On 7.6.6 packages are now available for Red Hat Enterprise Linux 7. Issues addressed include a denial of service vulnerability.
e175e4a61d677a676f1e11334cd7627a7b41c5c1ab9bb886105dda69b1cd3048
Red Hat Security Advisory 2023-7467-01 - An update for samba is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.
5e70af2312295b1b0ca486b20e09ebe94e6f89064e7c4c3770f0bdec3ad9fadf
Red Hat Security Advisory 2023-7465-01 - An update for squid is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.
5dd80d3d5e680c6c94d1c016ee7bf8a14fcaa027b6e8ce0b89ed589131891e96
Red Hat Security Advisory 2023-7464-01 - An update for samba is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.
a0770b85c2510927a2e9af35426ec77edecaa48a7db9d7a3236b379c6521feb2
Ubuntu Security Notice 6506-1 - David Shoon discovered that the Apache HTTP Server mod_macro module incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Prof. Sven Dietrich, Isa Jafarov, Prof. Heejo Lee, and Choongin Lee discovered that the Apache HTTP Server incorrectly handled certain HTTP/2 connections. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. This issue only affected Ubuntu 23.04, and Ubuntu 23.10.
8a919d1a4d307c69872670d645ac6969f558a3c26282d75583807e9eb42825c5
Ubuntu Security Notice 6505-1 - It was discovered that nghttp2 incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service.
03d107d2cf8ab399de40a112a24a0819d324fa4dda506f874f6f670d8e52d1fc
Ubuntu Security Notice 6504-1 - It was discovered that tracker-miners incorrectly handled sandboxing. If a second security issue was discovered in tracker-miners, an attacker could possibly use this issue in combination with it to escape the sandbox.
3b3d9faa327fabcfd7513e72be00f3390d2ce22460ac02fed2b03cf2e2ed14fd
Ubuntu Security Notice 6503-1 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Bien Pham discovered that the netfiler subsystem in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service or possibly execute arbitrary code.
f49422348439f73d6b38b42749f79884cebe5eadebb4f303ea755ef60d55b31d
Ubuntu Security Notice 6502-1 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.
8b281c71f5499aa0d9babf8be280fa9bfb686118750a8a2f47909b213297ce1d
WordPress UserPro plugin versions 5.1.1 and below suffer from an insecure password reset mechanism, information disclosure, and authentication bypass vulnerabilities. Versions 5.1.4 and below suffer from privilege escalation and shortcode execution vulnerabilities.
bfb7306b803b1acac19078db2972f3aa4724b44e3c44892d41946574771b0eda
Ubuntu Security Notice 6501-1 - It was discovered that RabbitMQ incorrectly handled certain HTTP requests. An attacker could possibly use this issue to cause a denial of service.
2d3249c3745b8f65d72b1d274eb24d24152b2af6f363f93db9cc96d2f62e1dcb
Ubuntu Security Notice 6497-1 - Maxim Levitsky discovered that the KVM nested virtualization implementation for AMD processors in the Linux kernel did not properly handle x2AVIC MSRs. An attacker in a guest VM could use this to cause a denial of service. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly handle queue initialization failures in certain situations, leading to a use-after-free vulnerability. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code.
1cc01b285543877683c581f44bf9007094b8fb6f7d0a6dae46f3076858904e22
Ubuntu Security Notice 6496-1 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.
fdc60d8e003a09f361ff5ac07a415ab8ebfa403348d5e5c0f06215ad1ca095ce
Ubuntu Security Notice 6495-1 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Manfred Rudigier discovered that the Intel PCI-Express Gigabit Ethernet driver in the Linux kernel did not properly validate received frames that are larger than the set MTU size, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.
0038b4a53931aed559aad4f7b7dc878297fdaf2901ec90a9d676eb3e2302139e