Red Hat Security Advisory 2024-0554-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include out of bounds write and use-after-free vulnerabilities.
e35adcfab99ec896d26edfe1926fa86f08d10a79a28d03ff9e00317210edd31aRed Hat Security Advisory 2024-0539-03 - An update for tomcat is now available for Red Hat Enterprise Linux 8. Issues addressed include a HTTP request smuggling vulnerability.
fa8e47d23f41893222add00ec7a6bbf4aed63207797d5557aa4db12b1466b6e9Red Hat Security Advisory 2024-0538-03 - An update for libssh is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include bypass and null pointer vulnerabilities.
cfc9ce4932ca892e2e01f37c4183afef96170b662bb5c764c5d2647bdbbf6213Red Hat Security Advisory 2024-0533-03 - An update for gnutls is now available for Red Hat Enterprise Linux 9.
52cb971d0799ce2130f24a5eeda58e884332039591558e2aed5290e7a3f2b2b4Red Hat Security Advisory 2024-0532-03 - An update for tomcat is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a HTTP request smuggling vulnerability.
dce485660d40f94ccbc089e2371032d2c58c266c738cd21080e6323e780ef70bUbuntu Security Notice 6614-1 - It was discovered that amanda did not properly check certain arguments. A local unprivileged attacker could possibly use this issue to perform a privilege escalation attack.
9b106327afefa541eb88d19eb52149874dc4ff55f761323d7fd9100033444babUbuntu Security Notice 6612-1 - It was discovered that TinyXML incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted XML file, a remote attacker could possibly use this issue to cause a denial of service.
babdcc80bf00e41b4e7aa5167cb90fe8dfec3f6236be8066fc247dd2afb8d0deDebian Linux Security Advisory 5610-1 - Multiple security issues were discovered in Redis, a persistent key-value database, which could result in the execution of arbitrary code or ACL bypass.
6a575e49865251ebf28406b8b02755df04cae2bd061603790e201c0c1917a8a9Ubuntu Security Notice 6605-2 - Lin Ma discovered that the netfilter subsystem in the Linux kernel did not properly validate network family support while creating a new netfilter table. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could cause a denial of service or possibly expose sensitive information.
3524f7db7b0463e6485d6224f046d239cbfe56762aedd26a06ba65129c0a6080Ubuntu Security Notice 6604-2 - It was discovered that the ASUS HID driver in the Linux kernel did not properly handle device removal, leading to a use-after-free vulnerability. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service. Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information.
87adb9a0dd630857bb46668b561ed587d03265f1d69126841b1f12420169e7bcUbuntu Security Notice 6613-1 - Lucas Henry discovered that Ceph incorrectly handled specially crafted POST requests. An unprivileged user could use this to bypass Ceph's authorization checks and upload a file to any bucket.
dea0ef831400997642252a550e02200a9abf58a74817bc281c5715f96a9a5da3WS_FTP Server version 5.0.5 remote denial of service exploit.
b0ae7d2a65c936ec4e7b7587622a4bd90c91fed914ec8e7ea7930992434fb955httpdx version 1.5.1 remote denial of service exploit.
f093dce9ee3f2b8a6cf3ed4f50eef65f5d1900f0d7ff32ae945e4442a76dec6eSysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.
b6f5c76af02ef16ffb7965f810a9af4815ad4f904b478eb7451dde7133f76dbfDebian Linux Security Advisory 5609-1 - Several vulnerabilities were discovered in the Slurm Workload Manager, a cluster resource management and job scheduling system, which may result in privilege escalation, denial of service, bypass of message hash checks or opening files with an incorrect set of extended groups.
f57d906dddf94852997ecaf61e4354f8e39782336cb81672d34166c0cb2789b8Ubuntu Security Notice 6610-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Cornel Ionce discovered that Firefox did not properly manage memory when opening the print preview dialog. An attacker could potentially exploit this issue to cause a denial of service.
59de047fed13f57d487a09e3a35571ae533675ac173887fe4ec52f395bb8d405Debian Linux Security Advisory 5608-1 - A heap-based buffer overflow during tile list parsing was discovered in the AV1 video codec parser for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.
28de5aaa27d710a8206df6a847735e65dc15308d136f5b7b5aa81eb3f826812dUbuntu Security Notice 6611-1 - It was discovered that Exim incorrectly handled certain requests. A remote attacker could possibly use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism.
b33d9594531fb5ded7e43cda39e1b8b5720e24099cccb39fd5e09998a9663739Reprise License Manager version 15.1 suffers from privilege escalation and arbitrary file write vulnerabilities.
2669c288e5683c8a006f078e5ae5297acd03bfda85f3962dd30fa641023dadbbJenkins versions 2.441 and below and LTS 2.426.3 and below remote arbitrary file read proof of concept exploit written in Python.
4fdefdc8a91925284359a1beec765f58e6f6a5a76aa3e27c5a5a2fb4ba6cd562Jenkins versions 2.441 and LTS 2.426.3 arbitrary file read scanner.
0a161df23c6bac97a5923092b79fd307c231d11a8c0ec701df49569cfd362dfcCSZCMS version 1.3.0 suffers from a remote SQL injection vulnerability in the admin flows.
ae0da5ea3e511b33cc9334f738b7b17c7cb166561b48d4de7d469531e1996b5dPrommetriX is a tool that demonstrates a data leakage vulnerability in the Prometheus metrics-based event monitoring software.
27d0180963b74fcbd5831b059fa52142445e0ab684e71e634dffdf199cf1742eInteractive Floor Plan version 1.0 suffers from a cross site scripting vulnerability.
696171fac915ad8521ab878bf8dd8496a69db4eedb1b4fe9f216fbfde57545ecChrome version 121 suffers from a javascript fork malloc vulnerability that indicates memory corruption upon crash.
c5fe58fff9338fa2b857b94610a42def7f40d9f7d58140b30fcf25e66b5a7686
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed