Ubuntu Security Notice 5807-3 - USN-5807-1 fixed a vulnerability in libXpm. This update provides the corresponding update for Ubuntu 14.04 ESM. Marco Ivaldi discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service.
1d7cd9e80fc6254c983be3fed20f539e1edb09fda01cd905ea28e645ab590a35
Ubuntu Security Notice 6247-1 - David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering. It was discovered that the IDT 77252 ATM PCI device driver in the Linux kernel did not properly remove any pending timers during device exit, resulting in a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service or execute arbitrary code.
61a789330b36bb59452695c01cc71820e77a036e8d7f9331f88a8e22ffbd82e6
Apple Security Advisory 2023-07-24-5 - macOS Monterey 12.6.8 addresses code execution, out of bounds read, and use-after-free vulnerabilities.
8f28ed064f450316ecc855c2c8e034834dfbba8071bddb178c5eb88e95963236
Journal Management Software version 1.2.4 suffers from a remote SQL injection vulnerability.
8883a5e06c6009c8edda3ade1d57d027563e7dc28bcd313531103de5840639e2
Ubuntu Security Notice 6244-1 - Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.
2ab65abd4d06d0e7df4e94c6500344bf85853a495babcddcce55dffcda3a3469
Joomla VirtueMart component version 2.6.12.2 suffers from a remote SQL injection vulnerability.
39866f41e162d1c3e4864764312ed024c4ca1a92db8ca6e8789625e26ac247ff
Ubuntu Security Notice 6129-2 - USN-6129-1 fixed a vulnerability in Avahi. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Avahi incorrectly handled certain DBus messages. A local attacker could possibly use this issue to cause Avahi to crash, resulting in a denial of service.
f0489fcfdb023c7fa35d0ea265e60a14b4b4693cd971da74545ee7c7bd1932aa
Ubuntu Security Notice 6246-1 - It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Mingi Cho discovered that the netfilter subsystem in the Linux kernel did not properly validate the status of a nft chain while performing a lookup by id, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.
7f9ddb30c299540f775c7e9d346e63ed48d654b7514ccd96b18201204baecce7
Apple Security Advisory 2023-07-24-4 - macOS Ventura 13.5 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.
c637626493b675cefdcd4fdba35ad174a41ee73e582783331eefed49239a1e71
Joomla JSN Gruve Pro component version 2.1.0 suffers from a directory traversal vulnerability.
5219a9363af825b164124e77835cc454a543e3aae7c908ef477cf0acb3e0ea13
Availability Booking Calendar PHP suffers from cross site scripting and arbitrary file upload vulnerabilities. This was tested in July of 2023 but it is unclear what versions are affected.
e67ac34384ab2be0d18a5bd94e4c7187126859aaf2b755a195aa0c55fd5cf914
Apple Security Advisory 2023-07-24-3 - iOS 15.7.8 and iPadOS 15.7.8 addresses bypass, code execution, and use-after-free vulnerabilities.
585e92bd8c9efdfcc2b29c1705757bb25ab4b206bdd46fcbdf792a97518ed86a
Joomla HotelGuide component version 1.0 suffers from a cross site scripting vulnerability.
89530f605d7d8c992c52a77ca5201f53e02dc55345f350eea8a3ec5a3cbf0a70
Apple Security Advisory 2023-07-24-2 - iOS 16.6 and iPadOS 16.6 addresses bypass, code execution, and use-after-free vulnerabilities.
cf80aa15c014214fb49963259f82d2aa8e172f2770e7bd27d65ad4ed7230464d
Joomla Jomestate component version 4.0 suffers from a remote SQL injection vulnerability.
d9ba556f6f29bf2853c65907c7a98f341141245c53c76b5318fed9a41f51f887
Joomla Fireboard component version 1.3 suffers from a remote SQL injection vulnerability.
286e52a6fa85eb19f480af710f807e004ace6e43a5ae54a515ca005329a5840c
Ubuntu Security Notice 6243-1 - It was discovered that Graphite-Web incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform server-side request forgery and obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Graphite-Web incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform cross site scripting and obtain sensitive information.
1d0995a05bfb6ad2fa8ac23ac764746cf96df2b01811ed35e84375f6e0de6041
WordPress File Manager Advanced Shortcode plugin does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to remote code execution in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users, but it also works in an authenticated configuration. Versions 2.3.2 and below are affected. To install the Shortcode plugin File Manager Advanced version 5.0.5 or lower is required to keep the configuration vulnerable. Any user privileges can exploit this vulnerability which results in access to the underlying operating system with the same privileges under which the Wordpress web services run.
70276f13c7da05f57a272fbb51cb03ce6c129189c7bb524b4612cc20be063403
WordPress WP Brutal AI plugin versions prior to 2.0.1 suffer from a cross site scripting vulnerability.
9b902c28a8a46ad41c167f3df132b5da7347a25965fce41179a3b9b17e208354
Ubuntu Security Notice 6242-1 - It was discovered that OpenSSH incorrectly handled loading certain PKCS#11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load arbitrary libraries from the user's system and execute arbitrary code.
fdcfbae1f5c8e13e234b05f8f69b7089d4be15d583f61718c883176d63f0c044
WordPress WP Brutal AI plugin versions prior to 2.0.0 suffer from cross site request forgery and remote SQL injection vulnerabilities.
ad3eae1b3379d903bddc81a19b2f208837108120f8db3f5bd63cada77306823c
WordPress SEO Alert plugin versions 1.59 and below suffer from a persistent cross site scripting vulnerability.
6b08af4e5dc0e4ba5e429a89a19e83daa730dc717623a3e43ee5c244c0eca941
WordPress WP Brutal AI plugin versions prior to 2.06 suffer from a persistent cross site scripting vulnerability.
f0fe10550341a549f41e0bbc187064bdd166943b60a5efc5282b037ad1af5e87
WordPress PrePost SEO plugin versions 3.0 and below suffer from a persistent cross site scripting vulnerability.
c7c3871990b66327a25119c4c7dd8203cea43e79f6436c78fea1d171809dceb9
Ubuntu Security Notice 6240-1 - It was discovered that FRR incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service.
23d0c59663a9800c421af882cd089b84e712e688776650fec3d19c573aecaa2c