Ubuntu Security Notice 5807-3 - USN-5807-1 fixed a vulnerability in libXpm. This update provides the corresponding update for Ubuntu 14.04 ESM. Marco Ivaldi discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service.
1d7cd9e80fc6254c983be3fed20f539e1edb09fda01cd905ea28e645ab590a35Ubuntu Security Notice 6247-1 - David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering. It was discovered that the IDT 77252 ATM PCI device driver in the Linux kernel did not properly remove any pending timers during device exit, resulting in a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service or execute arbitrary code.
61a789330b36bb59452695c01cc71820e77a036e8d7f9331f88a8e22ffbd82e6Apple Security Advisory 2023-07-24-5 - macOS Monterey 12.6.8 addresses code execution, out of bounds read, and use-after-free vulnerabilities.
8f28ed064f450316ecc855c2c8e034834dfbba8071bddb178c5eb88e95963236Journal Management Software version 1.2.4 suffers from a remote SQL injection vulnerability.
8883a5e06c6009c8edda3ade1d57d027563e7dc28bcd313531103de5840639e2Ubuntu Security Notice 6244-1 - Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.
2ab65abd4d06d0e7df4e94c6500344bf85853a495babcddcce55dffcda3a3469Joomla VirtueMart component version 2.6.12.2 suffers from a remote SQL injection vulnerability.
39866f41e162d1c3e4864764312ed024c4ca1a92db8ca6e8789625e26ac247ffUbuntu Security Notice 6129-2 - USN-6129-1 fixed a vulnerability in Avahi. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Avahi incorrectly handled certain DBus messages. A local attacker could possibly use this issue to cause Avahi to crash, resulting in a denial of service.
f0489fcfdb023c7fa35d0ea265e60a14b4b4693cd971da74545ee7c7bd1932aaUbuntu Security Notice 6246-1 - It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Mingi Cho discovered that the netfilter subsystem in the Linux kernel did not properly validate the status of a nft chain while performing a lookup by id, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.
7f9ddb30c299540f775c7e9d346e63ed48d654b7514ccd96b18201204baecce7Apple Security Advisory 2023-07-24-4 - macOS Ventura 13.5 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.
c637626493b675cefdcd4fdba35ad174a41ee73e582783331eefed49239a1e71Joomla JSN Gruve Pro component version 2.1.0 suffers from a directory traversal vulnerability.
5219a9363af825b164124e77835cc454a543e3aae7c908ef477cf0acb3e0ea13Availability Booking Calendar PHP suffers from cross site scripting and arbitrary file upload vulnerabilities. This was tested in July of 2023 but it is unclear what versions are affected.
e67ac34384ab2be0d18a5bd94e4c7187126859aaf2b755a195aa0c55fd5cf914Apple Security Advisory 2023-07-24-3 - iOS 15.7.8 and iPadOS 15.7.8 addresses bypass, code execution, and use-after-free vulnerabilities.
585e92bd8c9efdfcc2b29c1705757bb25ab4b206bdd46fcbdf792a97518ed86aJoomla HotelGuide component version 1.0 suffers from a cross site scripting vulnerability.
89530f605d7d8c992c52a77ca5201f53e02dc55345f350eea8a3ec5a3cbf0a70Apple Security Advisory 2023-07-24-2 - iOS 16.6 and iPadOS 16.6 addresses bypass, code execution, and use-after-free vulnerabilities.
cf80aa15c014214fb49963259f82d2aa8e172f2770e7bd27d65ad4ed7230464dJoomla Jomestate component version 4.0 suffers from a remote SQL injection vulnerability.
d9ba556f6f29bf2853c65907c7a98f341141245c53c76b5318fed9a41f51f887Joomla Fireboard component version 1.3 suffers from a remote SQL injection vulnerability.
286e52a6fa85eb19f480af710f807e004ace6e43a5ae54a515ca005329a5840cUbuntu Security Notice 6243-1 - It was discovered that Graphite-Web incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform server-side request forgery and obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Graphite-Web incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform cross site scripting and obtain sensitive information.
1d0995a05bfb6ad2fa8ac23ac764746cf96df2b01811ed35e84375f6e0de6041WordPress File Manager Advanced Shortcode plugin does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to remote code execution in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users, but it also works in an authenticated configuration. Versions 2.3.2 and below are affected. To install the Shortcode plugin File Manager Advanced version 5.0.5 or lower is required to keep the configuration vulnerable. Any user privileges can exploit this vulnerability which results in access to the underlying operating system with the same privileges under which the Wordpress web services run.
70276f13c7da05f57a272fbb51cb03ce6c129189c7bb524b4612cc20be063403WordPress WP Brutal AI plugin versions prior to 2.0.1 suffer from a cross site scripting vulnerability.
9b902c28a8a46ad41c167f3df132b5da7347a25965fce41179a3b9b17e208354Ubuntu Security Notice 6242-1 - It was discovered that OpenSSH incorrectly handled loading certain PKCS#11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load arbitrary libraries from the user's system and execute arbitrary code.
fdcfbae1f5c8e13e234b05f8f69b7089d4be15d583f61718c883176d63f0c044WordPress WP Brutal AI plugin versions prior to 2.0.0 suffer from cross site request forgery and remote SQL injection vulnerabilities.
ad3eae1b3379d903bddc81a19b2f208837108120f8db3f5bd63cada77306823cWordPress SEO Alert plugin versions 1.59 and below suffer from a persistent cross site scripting vulnerability.
6b08af4e5dc0e4ba5e429a89a19e83daa730dc717623a3e43ee5c244c0eca941WordPress WP Brutal AI plugin versions prior to 2.06 suffer from a persistent cross site scripting vulnerability.
f0fe10550341a549f41e0bbc187064bdd166943b60a5efc5282b037ad1af5e87WordPress PrePost SEO plugin versions 3.0 and below suffer from a persistent cross site scripting vulnerability.
c7c3871990b66327a25119c4c7dd8203cea43e79f6436c78fea1d171809dceb9Ubuntu Security Notice 6240-1 - It was discovered that FRR incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service.
23d0c59663a9800c421af882cd089b84e712e688776650fec3d19c573aecaa2c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed