Debian Linux Security Advisory 5522-3 - A regression was discovered in the Http2UpgradeHandler class of Tomcat 9 introduced by the patch to fix CVE-2023-44487 (Rapid Reset Attack). A wrong value for the overheadcount variable forced HTTP2 connections to close early.
24e294103b57531588198722a8954c8fef2961b6fe2c3e09f03d5ab90505e314Debian Linux Security Advisory 5528-1 - William Khem-Marquez discovered that using malicious plugins for the the Babel JavaScript compiler could result in arbitrary code execution during compilation.
8e9e8528781517c283dd31746e17304f3aa59d28da1d214c1d5ecffd747062ffXNSoft Nconvert version 7.136 is vulnerable to buffer overflow and denial of service conditions. Proof of concepts included.
638390b25c13e2dfa7b3f373e58cc3d277307ff7a2ae09d48cf4a2266af3831aTwo and a half years ago an independent audit was performed on the Squid Caching Proxy, which ultimately resulted in 55 vulnerabilities being discovered in the project's C++ source code. Although some of the issues have been fixed, the majority (35) remain valid. The majority have not been assigned CVEs, and no patches or workarounds are available. Some of the listed issues concern more than one bug, which is why 45 issues are listed, despite there being 55 vulnerabilities in total (10 extra of the result of similar, but different pathways to reproduce a vulnerability). After two and a half years of waiting, the researcher has decided to release the issues publicly.
77ed12c6bd03c55cd63ef810517ab92f57f6a589120686609e66c3eec1485f06Apple Security Advisory 10-10-2023-1 - iOS 16.7.1 and iPadOS 16.7.1 addresses buffer overflow and code execution vulnerabilities.
be667eaa57ffd89fffea82b376e2b645bb12c3cc11f98e4e4a604a9d1468d665Ubuntu Security Notice 6396-3 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information.
8232218ebf9db1d697b359db5fb1b03f5377448ae5c7c7556b00fe639696885fUbuntu Security Notice 6433-1 - It was discovered that Ghostscript incorrectly handled certain PDF documents. If a user or automated system were tricked into opening a specially crafted PDF file, a remote attacker could use this issue to execute arbitrary code.
1fac12dac6d1f50f13dc0c32b1c7829da12e86a146b2694b90438d93a30a5bd5Ubuntu Security Notice 6425-3 - USN-6425-1 fixed vulnerabilities in Samba. This update provides the corresponding updates for Ubuntu 23.10. Sri Nagasubramanian discovered that the Samba acl_xattr VFS module incorrectly handled read-only files. When Samba is configured to ignore system ACLs, a remote attacker could possibly use this issue to truncate read-only files. Andrew Bartlett discovered that Samba incorrectly handled the DirSync control. A remote attacker with an RODC DC account could possibly use this issue to obtain all domain secrets. Andrew Bartlett discovered that Samba incorrectly handled the rpcecho development server. A remote attacker could possibly use this issue to cause Samba to stop responding, resulting in a denial of service. Kirin van der Veer discovered that Samba incorrectly handled certain RPC service listeners. A remote attacker could possibly use this issue to cause Samba to start multiple incompatible RPC listeners, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04.
d00ddbbac04e9ca28e5197158c09754621e8065ad1f124d00bbd8edabbef4103Ubuntu Security Notice 6423-2 - USN-6423-1 fixed a vulnerability in CUE. This update provides the corresponding updates for Ubuntu 23.10. It was discovered that CUE incorrectly handled certain files. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code.
130c551ce6526e3867b7494370a3b9fccc7948230c17bfdbafce668f2d4e02a0Ubuntu Security Notice 6429-3 - USN-6429-1 fixed vulnerabilities in curl. This update provides the corresponding updates for Ubuntu 23.10. Jay Satiro discovered that curl incorrectly handled hostnames when using a SOCKS5 proxy. In environments where curl is configured to use a SOCKS5 proxy, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04. It was discovered that curl incorrectly handled cookies when an application duplicated certain handles. A local attacker could possibly create a cookie file and inject arbitrary cookies into subsequent connections.
d1725e2867219ce04c36896ee359cb48113c317935ea121e2af01b7b802e2783Ubuntu Security Notice 6394-2 - USN-6394-1 fixed a vulnerability in Python. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Python incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code or cause a crash.
d38a75206389008d3e1ad14a50564e60d915ccb7b901100a133baef1458072feUbuntu Security Notice 6432-1 - It was discovered that the Quagga BGP daemon did not properly check the attribute length in NRLI. A remote attacker could possibly use this issue to cause a denial of service. It was discovered that the Quagga BGP daemon did not properly manage memory when reading initial bytes of ORF header. A remote attacker could possibly use this issue to cause a denial of service.
83ab0aa9332b74bfb15adf2f2e832ac211abc89c5493ef410be7aed9a5efe908Ubuntu Security Notice 6431-3 - USN-6431-1 fixed a vulnerability in iperf3. This update provides the corresponding update for Ubuntu 22.04 LTS. Jorge Sancho Larraz discovered that iperf3 did not properly manage certain inputs, which could cause the server process to stop responding, waiting for input on the control connection. A remote attacker could possibly use this issue to cause a denial of service.
74da1658299fe94be4fc2dcf67a2a38a512b50b8c3be53ba7225d4b79c4cafa8Ubuntu Security Notice 6431-2 - USN-6431-1 fixed a vulnerability in iperf3. This update provides the corresponding update for Ubuntu 22.04 LTS and Ubuntu 23.04. It was discovered that iperf3 did not properly manage certain inputs, which could lead to a crash. A remote attacker could possibly use this issue to cause a denial of service.
5dbdbf5f36a60de7a69c9dd0e63e2fdf0f2c8598e786ae36cc41d796dbb11502Red Hat Security Advisory 2023-5780-01 - A security update for Camel Extensions for Quarkus 2.13.3 is now available. The purpose of this text-only erratum is to inform you about the security issues fixed. Issues addressed include a denial of service vulnerability.
d414b4c1e411b4f999ba8dbc221a28022817114418081ebbc6fc2851ca490b9dRed Hat Security Advisory 2023-5775-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.
102897021ac9e30459a12093e059f0cc9cd65e55acc7e756c15e779e883fb857Red Hat Security Advisory 2023-5771-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a denial of service vulnerability.
af194c6df8cfaa1ab3dbeb343af35d63f04ba586031d82f0f4a5fc2d225b5647Red Hat Security Advisory 2023-5770-01 - nghttp2 contains the Hypertext Transfer Protocol version 2 client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C. Issues addressed include a denial of service vulnerability.
e238cc36d09269ca4b5139b9de071c83fddb9c788bd67536b39781e141297847Red Hat Security Advisory 2023-5769-01 - nghttp2 contains the Hypertext Transfer Protocol version 2 client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C. Issues addressed include a denial of service vulnerability.
7cbefc8e4028ece01017318ee2c6828ba7abe47ed0937477140142efd1f56a06Red Hat Security Advisory 2023-5768-01 - nghttp2 contains the Hypertext Transfer Protocol version 2 client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C. Issues addressed include a denial of service vulnerability.
0d85cd26379ad3cc0ef4486eaf98abf09d84069f7d8cf1f9f276dc9fa28c5d4cRed Hat Security Advisory 2023-5767-01 - nghttp2 contains the Hypertext Transfer Protocol version 2 client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C. Issues addressed include a denial of service vulnerability.
a3df9223e0ce271f60e7dbb42c178a6ba04b57fe5239c9d1b6d911a6c9846fc2Red Hat Security Advisory 2023-5766-01 - nghttp2 contains the Hypertext Transfer Protocol version 2 client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C. Issues addressed include a denial of service vulnerability.
82a4740fbe239e3a078172d2cfec64659b2caa388387d8382d9bc439d9f8685cRed Hat Security Advisory 2023-5765-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.
6b13b57b801319ae2d26fa965809d3592ac24a8e12394e5471f7261831a205a7Red Hat Security Advisory 2023-5764-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.
022e1f4af9e816dca761f97f9f1ac70762f736c2c5bfbf981d1192f85fdb880bRed Hat Security Advisory 2023-5763-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a buffer overflow vulnerability.
510c6724745c0651fdfcdb28c913292f03ad32f78e765fb9849dd2ced54a1233
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed