Debian Linux Security Advisory 5334-1 - Martin van Kervel Smedshammer discovered that varnish, a state of the art, high-performance web accelerator, is prone to a HTTP/2 request forgery vulnerability.
252078af082c9fffe4f816b645478a49bd303397f4456b2a82cf40274f3aa196This paper goes over common components of broadcast systems, how hackers take advantage of them, and discusses some of the vulnerabilities discovered.
1467a96747d9321ba7a659e074789337bc6efc1d4621b6ec26b5fdf38e1ca678Ubuntu Security Notice 5811-3 - USN-5811-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 14.04 ESM. Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly handled user-specified editors when using the sudoedit command. A local attacker that has permission to use the sudoedit command could possibly use this issue to edit arbitrary files.
f1dcb425e05dbefdeb5273307dd7c4045c531a34effb1aeaf896da8bb14e6bc0This is a custom firmware written for the Proxmark3 device. It extends the currently available firmware.
cd97f7cdbba3c3d6519ce90cec806a0c72ef39f4aa8861403339b64668b768cdRed Hat Security Advisory 2022-9096-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers. Issues addressed include bypass and denial of service vulnerabilities.
373043494f5cbb3f8008959a5209879cea681b15be2c38e210b4ba4e9687c4a9OpenStego is a tool implemented in Java for generic steganography, with support for password-based encryption of the data. It supports plugins for various steganographic algorithms (currently, only Least Significant Bit algorithm is supported for images).
6eb7d1a1e6eb294ab3d2ef38d3c4e0c321b4f9e4a92c209eec86af3c6cbe2668Debian Linux Security Advisory 5332-1 - Multiple issues were found in Git, a distributed revision control system. An attacker may trigger remote code execution, cause local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell.
da3283ba137fd88f874430e108ec655e6a4a13b1797054b92dadf3a00e03641dPHPJabbers Car Park Booking System version 2.0 suffers from a cross site scripting vulnerability.
692a826df097e4229d209944d70fe7f7799c532b5e037c41aba1f0ba9bebb91bUbuntu Security Notice 5823-3 - USN-5823-1 fixed vulnerabilities in MySQL. Unfortunately, 8.0.32 introduced a regression in MySQL Router preventing connections from PyMySQL. This update reverts most of the changes in MySQL Router to 8.0.31 until a proper fix can be found.
b8ac95e55ea3957072052db22cac0e9634cab9125d40797d3c5c360bd6df4ac5Zstore version 6.6.0 suffers from a cross site scripting vulnerability.
653905fd4efa9030f79aa84e990c72cb875f0be6933e755e36678f4aa2c9a0c8Debian Linux Security Advisory 5333-1 - Several buffer overflow, divide by zero or out of bounds read/write vulnerabilities were discovered in tiff, the Tag Image File Format (TIFF) library and tools, which may cause denial of service when processing a crafted TIFF image.
e8e33bb105428cea88e46086e63362e8bad0286aef80d357f8678c42d5b9f9b6PHPJabbers Event Ticketing System Script version 1.0 suffers from a cross site scripting vulnerability.
8fab16cdc74a1a2eec65f585cba5d399670dcb6b308f9255fea72f9fbd84df1aDebian Linux Security Advisory 5331-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or spoofing.
6cb75512f22c4b10076ab44d7a5c8a9b721c51a7afe86c31ff28c113d4b380f1PHPJabbers Travel Tours Script version 1.0 suffers from a remote SQL injection vulnerability.
ca11533d20acd6bee2a211d4e3de4c988afb414b29686bd6473042b4b019f864Ubuntu Security Notice 5831-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
b293ed3b171badbd869822b922ca5fe2bc5f7cdd18d474068ad2b6b97a51bc5fPHPJabbers Travel Tours Script version 1.0 suffers from a cross site scripting vulnerability.
0a7f5b626d6393bcc255133a21566a6f163578785f29510c84d73418a28fd1feDebian Linux Security Advisory 5330-1 - Two vulnerabilities were discovered in Curl, an easy-to-use client-side URL transfer library, which could result in denial of service or information disclosure.
c6fc6848e50216229db276b6a61ea17d23706f3f9aadd8dd9c2779ef72f1c34ePHPJabbers Property Listing Script version 3.1 suffers from a remote SQL injection vulnerability.
a31fd6b56b7d7115984b30a6505b1ddcaee6cb5274d5e467b5411856220a7fd9PHPJabbers Property Listing Script version 3.1 suffers from a cross site scripting vulnerability.
302f3f53c1a0e807af0b328668c5cb8b327fd8eb8e22a11b9af1c012ac5056caUbuntu Security Notice 5830-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
6e68f50f18b8299b6053e750db628304a61fb6f1ccf4186312d8814b9ac32cfd
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed