It has been discovered that the upstream source tarballs for xz-utils, the XZ-format compression utilities, are compromised and inject malicious code, at build time, into the resulting liblzma5 library. Included in this archive are not only the advisory but additional data and a testing script to see if you're affected.
24e782ee2711640bef44e50dae3e4bd40c2ec8ddbbf87dbc1461e7d4aa22e1dbThis Metasploit module exploits a buffer overflow at the administration interface (8080 or 4117) of WatchGuard Firebox and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary called wgagent using pre-authentication endpoint /agent/login. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Successful exploitation results in remote code execution as user nobody.
1f32659ebb0c531de30e029fb76fabee6201b5794d59ccb2568e849b2451ba91Debian Linux Security Advisory 5649-1 - Andres Freund discovered that the upstream source tarballs for xz-utils, the XZ-format compression utilities, are compromised and inject malicious code, at build time, into the resulting liblzma5 library.
a36f16841d48439de0dca87969734d17803a93009098f4ca6fe3dd1c574bdc99Debian Linux Security Advisory 5648-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
d045fe2df3a7b0da1744ec322c6841faa9dc1ec5194d51870e6e7ca36abd50d6Soholaunch version 4.9.4 r44 suffers from a remote shell upload vulnerability.
38cf97e11373ce1137705690e0184e70046c7384264c09e97f32c832e3026b02Ubuntu Security Notice 6707-4 - Lonial Con discovered that the netfilter subsystem in the Linux kernel did not properly handle element deactivation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Notselwyn discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
1e54ff144f57b2bd5a30a36e13436904969117b6a92329a52019596e2864df7aUbuntu Security Notice 6704-4 - It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service. Quentin Minster discovered that the KSMBD implementation in the Linux kernel did not properly handle session setup requests. A remote attacker could possibly use this to cause a denial of service.
4c20532debf7fe54f300253a8836c32c86a73b576ba2f48d948c642e26473036The FoF Pretty Mail extension version 1.1.2 for Flarum suffers from a local file inclusion vulnerability.
1dbbfbdf1a7bf4060fdff75fb8aff1ab0bc5375217ca00dc2d7c0cf611ab7316The FoF Pretty Mail extension version 1.1.2 for Flarum suffers from a server-side template injection vulnerability.
256571d01cca1bc252f84933681faf1ff9f922f6835db1ae3b7bc099a7571ea6The FoF Pretty Mail extension version 1.1.2 for Flarum suffers from a command injection vulnerability.
7685501581e9f699e06c56b0eddcfccbd5e014e303d78ffd724d6a188077faa5Intel PowerGadget version 3.6 suffers from a local privilege escalation vulnerability.
7c432edb9faa64203476b212e783bee97c24deb2ea70d71ff8bea318abd872feRed Hat Security Advisory 2024-1570-03 - Updated images are now available for Red Hat Advanced Cluster Security. Issues addressed include a denial of service vulnerability.
fc473960b45c7dead718a19c5497a2d2cefaf2ace8dddbdd11c7ab3b3f104830Ubuntu Security Notice 6715-1 - It was discovered that unixODBC incorrectly handled certain bytes. An attacker could use this issue to execute arbitrary code or cause a crash.
90500728052033e5941baa0debec66d17de2cf01ce56e1158e2523b231aff382Ubuntu Security Notice 6719-1 - Skyler Ferrante discovered that the util-linux wall command did not filter escape sequences from command line arguments. A local attacker could possibly use this issue to obtain sensitive information.
ca6568bf9c3d47e1fa51be307d45564e306e622e9860f212c34d8a91f5a5e9deWireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
46bd0f4474337144b30816fb2d8f14e72a26d0391f24fe0b7b619acdcdad8c0cEvent Management version 1.0 suffers from a remote SQL injection vulnerability.
5135d01cd318616d2a8b1711363d2378d7b2686ffcd1083f2936d0248e4164fdThe util-linux wall command does not filter escape sequences from command line arguments. The vulnerable code was introduced in commit cdd3cc7fa4 (2013). Every version since has been vulnerable. This allows unprivileged users to put arbitrary text on other users terminals, if mesg is set to y and wall is setgid. CentOS is not vulnerable since wall is not setgid. On Ubuntu 22.04 and Debian Bookworm, wall is both setgid and mesg is set to y by default.
c3644f61b4f68f9fafd4782ffb69bd4b73d2b6ff8ac981711c3329c0a8408077The 13th International Workshop on Cyber Crime, or IWCC, 2024 call for papers has been announced. It will take place July 30th through August 2nd, 2024 in Vienna, Austria.
1733e3ae10dcafe0a95572942e32ff6c6d0ff3ba67769c57dd88c93c006e53e6The server in Circontrol Raption versions through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The pwrstudio web application of EV Charger (in the server in Circontrol Raption through 5.6.2) is vulnerable to OS command injection.
2a13323836730c890a63f333a24fcfb62637513c16193386327b7be986133bb0FusionPBX suffers from a session fixation vulnerability.
80babf076c9e7398fb72180f2da01bce706e004dd86503ce23c6645034cb5d21Apple Security Advisory 03-25-2024-1 - Safari 17.4.1 addresses code execution and out of bounds write vulnerabilities.
f471ba7362f0f2b90319b73a7dc453ffcc58fe3527cb6cd08febf40e4748b5beRed Hat Security Advisory 2024-1557-03 - An update is now available for Red Hat OpenShift Builds 1.0. Issues addressed include denial of service and traversal vulnerabilities.
d29131168c6739c5f0e4cc9ca1fc6e36a8598723c0d447439443d07a778f5f03Red Hat Security Advisory 2024-1555-03 - An update for.NET 6.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.
d54151bacb05204bba9e5815332d0b2dc57e10762149b6a53a140110b66a0156Red Hat Security Advisory 2024-1554-03 - An update for.NET 6.0 is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.
83824ae558a589ad40270cf3400f18a45b628d62f041edcab023885a5dd3d023Dell Security Management Server versions prior to 11.9.0 suffer from a local privilege escalation vulnerability.
265530e02c210729e3640de0f5f23192ea5b21cae936f5ed87be61a93898f695
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed