Gentoo Linux Security Advisory 202310-20 - A vulnerability has been discovered in rxvt-unicode where data written to the terminal can lead to code execution. Versions greater than or equal to 9.30 are affected.
51693714edc63725a63b018c30f566d28311880f518aca2b99ea93357c62de90Gentoo Linux Security Advisory 202310-19 - A vulnerability has been discovered in Dovecot that can lead to a privilege escalation when master and non-master passdbs are used. Versions greater than or equal to 2.3.19.1-r1 are affected.
7d5b178b888666bb41a4b00c126e67dcfd03c3815a0b2193c4d0a4211d3ac5f5Debian Linux Security Advisory 5538-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.
13d430a698ce0376929e6fb9fcb25cf1473b6d7614ae60cd378159bce26b0833Debian Linux Security Advisory 5537-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions or denial of service.
0eeed70553bfb9531621dba4f488f4691219e3d5cde4d3a4e900f1210dea1363Gentoo Linux Security Advisory 202310-18 - Multiple vulnerabilities have been discovered in Rack, the worst of which can lead to sequence injection in logging components. Versions greater than or equal to 2.2.3.1 are affected.
86b585c9573a1b65c779b8c93d6cc850deda0a4aed5c6b406f38241f7297bc18Gentoo Linux Security Advisory 202310-17 - Multiple vulnerabilities have been discovered in UnZip, the worst of which could lead to code execution. Versions greater than or equal to 6.0_p27 are affected.
f4552caef56f30d794b0ba0e1e91cd76ee5847effb4792b98e9b326cf7509a23VinChin Backup and Recovery in VinChin VMWare Backup versions 5.0 through 7.0 suffers from hardcoded credential and remote code execution vulnerabilities.
1bf4b6f3ddc51b5e4e5494dbac71f64c14b1398adab76827b7be2ebd47dea460Ubuntu Security Notice 6455-1 - It was discovered that Exim incorrectly handled validation of user-supplied data, which could lead to memory corruption. A remote attacker could possibly use this issue to execute arbitrary code. It was discovered that Exim incorrectly handled validation of user-supplied data, which could lead to an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information.
323c6ff2a013a77f6d6aa929e97a11a9e629fa736c7266c0bfa1231fe81b46e8Ubuntu Security Notice 6456-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Kelsey Gilbert discovered that Firefox did not properly manage certain browser prompts and dialogs due to an insufficient activation-delay. An attacker could potentially exploit this issue to perform clickjacking.
3a71181f5bb0c5d956c376670a0764c65e741e9fd84d5b5ed5446b241074df73Red Hat Security Advisory 2023-6161-01 - The Migration Toolkit for Containers 1.7.14 is now available. Issues addressed include a denial of service vulnerability.
03585b8e48b66d9c2192b3617a3ea539aa0efac6f83d44cbe1bc778c5783cff6Red Hat Security Advisory 2023-6158-01 - An update is now available for Red Hat Ansible Automation Platform 2.4.
313cafee5dadc0027b7426f1df2e09b10f9af6f481e712803e660fe2aed93506Red Hat Security Advisory 2023-6156-01 - The components for Red Hat OpenShift support for Windows Containers 8.1.0 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Issues addressed include a bypass vulnerability.
3aee63407f3d6a9303bbc743ba737bb9fb4bbe332c2de4f66b5886fc0befc56eRed Hat Security Advisory 2023-6144-01 - An update for custom-metrics-autoscaler-adapter-container, custom-metrics-autoscaler-admission-webhooks-container, custom-metrics-autoscaler-container, custom-metrics-autoscaler-operator-bundle-container, and custom-metrics-autoscaler-operator-container is now available for the Custom Metric Autoscaler operator for Red Hat OpenShift. Issues addressed include a denial of service vulnerability.
4767fea192115bcbc513e331ca051afd8b160f08e9a892260cbd2e0e6cdd1a82Red Hat Security Advisory 2023-6022-01 - An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.
326e999748476107cee62ab27666a4651310ccc95d9f9d02f36a531fbe88d7e2Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.
2421989adcee6a29f48a8f7272f719edbe954d66c2e86e3a52e79cae177f887cRed Hat Security Advisory 2023-6021-01 - An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.
8c32e2c73defb1a48e044778ec2a771ff0f6a98007b5d80086095ead8435a0a6Red Hat Security Advisory 2023-5992-01 - An update for the python27:2.7 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a bypass vulnerability.
2ef0cbb1252124e3733f8a2e023e601bbc791b349535aa95f9db83f62aab0867Splunk suffers from an issue where a low-privileged user who holds a role that has the edit_user capability assigned to it can escalate their privileges to that of the admin user by providing a specially crafted web request. This is because the edit_user capability does not honor the grantableRoles setting in the authorize.conf configuration file, which prevents this scenario from happening. This exploit abuses this vulnerability to change the admin password and login with it to upload a malicious app achieving remote code execution.
7181dfaec2f1f7eb973d6e9ba2bc3a477b83011115b041d9cb0b9ad5e441fc41Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.
b09786888fd6fa1e9f9958104a7a1b91282e95ace4f5b33d333704db76b2cf3cphpFox versions 4.8.13 and below have an issue where user input passed through the "url" request parameter to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the application scope, allowing them to perform a variety of attacks, such as executing arbitrary PHP code.
ee85170a47f6253886312ffd969da7bc6af218c972178b1c78103cec1ae79a03SugarCRM versions 13.0.1 and below suffer from a remote shell upload vulnerability in the set_note_attachment SOAP call.
f051a516487d8fd4a224aa9c883a0ab530f400da930805694f2f73cbeae5a487SugarCRM versions 13.0.1 and below suffer from a server-side template injection vulnerability in the GetControl action from the Import module. This issue can be leveraged to execute arbitrary php code.
482a650864ca894b028d96d1341d94b0fd22a59191625c172302fe115ad4deb5XAMPP version 3.3.0 .ini unicode + SEH buffer overflow exploit.
1ca692b072e3e08fac192c7f2fc261d0ac4feb8be639620958ba27b295c9541fDebian Linux Security Advisory 5536-1 - An important security issue was discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
8dc27122c27d00fc7f75791b3d0ac5dda33c19caad3ed212f62aa04a79188200Red Hat Security Advisory 2023-6148-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.9 General Availability release images, which provide security updates and fix bugs. Issues addressed include a denial of service vulnerability.
7328757d0b982e2a9eacd4be6d01b3decdf0c7d25fbb2e5abe1c69826cfc1546
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed