This archive contains all of the 314 exploits added to Packet Storm in July, 2023.
191302f3c23f0570167c8994830ff34d1956d34e1b44695873e223f86dcdd584
Eramba version 3.19.1 suffers from a remote command execution vulnerability.
498834ba38cae4a4baa030af1b9873d149be69378a63e7ebf05d063e6b0d9df2
Ubuntu Security Notice 6266-1 - Zac Sims discovered that librsvg incorrectly handled decoding URLs. A remote attacker could possibly use this issue to read arbitrary files by using an include element.
06773e26613c1f6604d2287ee6c54aa9a6a94e09a0c9341148dd41b01d3a1f80
Joomla JLex Review extension version 6.0.1 suffers from a cross site scripting vulnerability.
f44fe1c411430bac50119a41a22e33e1f6cf7dd5bd1751f609712c8288a08198
Red Hat Security Advisory 2023-4411-01 - CJose is C library implementing the Javascript Object Signing and Encryption.
dccddcd552f7680d2e72aefb3cffd84471aa6a23a83e150e4d8ca50f00633b60
WordPress Stripe Payment Plugin for WooCommerce plugin versions 3.7.7 and below suffer from an authentication bypass vulnerability.
263a956ca459f42b4b70546f48ac6fceb289d765a400737df8fed883d25f9594
Red Hat Security Advisory 2023-4410-01 - The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.
962a03700cdaf2b77f70083e13671a7f51883c7dd8caf31e5fcb70c908ba55ca
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
8ff36ce47d37d0cc987762d5d961346d475de74bba8a1832fd006db6edd3c10e
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. The 3.1.x series is the current major version of OpenSSL.
a0ce69b8b97ea6a35b96875235aa453b966ba3cba8af2de23657d8b6767d6539
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. The 3.x series is the current major version of OpenSSL.
1761d4f5b13a1028b9b6f3d4b8e17feb0cedc9370f6afe61d7193d2cdce83323
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide.
d6697e2871e77238460402e9362d47d18382b15ef9f246aba6c7bd780d38a6b0
Uvdesk version 1.1.3 suffers from a remote shell upload vulnerability.
785a58fce3185616f8ebb56cc4c3498d9ba2782170d34b1c487a14564309a3e1
Ubuntu Security Notice 6263-1 - Motoyasu Saburi discovered that OpenJDK incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11 and OpenJDK 17. Eirik Bjørsnøs discovered that OpenJDK incorrectly handled certain ZIP archives. An attacker could possibly use this issue to cause a denial of service. This issue only affected OpenJDK 11 and OpenJDK 17.
2a8710ab7e6491abd98022fbf0e059c14cea84ff8d9b7cf0e64f2f7802428148
General Device Manager version 2.5.2.2 suffers from a buffer overflow vulnerability.
4ff81e959ae441d46d55d7766788ad9ce12c3dd769abed1820c344a9346bb6c4
Red Hat Security Advisory 2023-4409-01 - The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.
40ffbac1f3fe480270dd9f44f9d7529da5cc4f57c4e56941745de21f93adbf30
Online Lab Diagnostic Management version 1.0 suffers from a remote SQL injection vulnerability.
6f627879ce346fe7312f40f755225ff321e9af175797ec5f2341bde56ba9fde6
Red Hat Security Advisory 2023-4408-01 - The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.
1efff2ead8b420c3c676224349d5410ab7d79630c905f83d260e8b9095357348
CoolAdmin version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
4c0ce1b7ce0e7e8856b0394425eef60c6c35434570524231315d66316a022b86
Ubuntu Security Notice 6242-2 - USN-6242-1 fixed a vulnerability in OpenSSH. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. It was discovered that OpenSSH incorrectly handled loading certain PKCS#11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load arbitrary libraries from the user's system and execute arbitrary code.
fb3b87a987324313bce3c73932307702f8e60575e6a91b8babad2eb73b470d39
Red Hat Security Advisory 2023-4416-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.
a0d85338c67b5cc1acd728f595d44342f38d305f92000ec9ceed5be4eaa6004c
Red Hat Security Advisory 2023-4415-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.
1df7e9c2036865a6060380eb5c7ca9e8bd5becd01d7a38aa0f16083a8dfadd39
Ubuntu Security Notice 6264-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
82871fa1fba43d05238c779b70fe1fa4ce8d4ecb76d357fcdd3cc95b927e2b1f
Red Hat Security Advisory 2023-4414-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.
2866e8455b0d791116299a06f0914095112c844275466eeeaa4752ae29bac0fd
Red Hat Security Advisory 2023-4380-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include an out of bounds write vulnerability.
76bfd0b219a147940968b013bcf9113ef82e3d224d1f4bfe49d0f729cfd55716
City Variety LMS version 2.2 suffers from a cross site scripting vulnerability.
1cbbe0f2970a91c54fd6b773983a7f83c535dbf1c4e56f12913660cbe435877e