Red Hat Security Advisory 2024-0554-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include out of bounds write and use-after-free vulnerabilities.
e35adcfab99ec896d26edfe1926fa86f08d10a79a28d03ff9e00317210edd31a
Red Hat Security Advisory 2024-0539-03 - An update for tomcat is now available for Red Hat Enterprise Linux 8. Issues addressed include a HTTP request smuggling vulnerability.
fa8e47d23f41893222add00ec7a6bbf4aed63207797d5557aa4db12b1466b6e9
Red Hat Security Advisory 2024-0538-03 - An update for libssh is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include bypass and null pointer vulnerabilities.
cfc9ce4932ca892e2e01f37c4183afef96170b662bb5c764c5d2647bdbbf6213
Red Hat Security Advisory 2024-0533-03 - An update for gnutls is now available for Red Hat Enterprise Linux 9.
52cb971d0799ce2130f24a5eeda58e884332039591558e2aed5290e7a3f2b2b4
Red Hat Security Advisory 2024-0532-03 - An update for tomcat is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a HTTP request smuggling vulnerability.
dce485660d40f94ccbc089e2371032d2c58c266c738cd21080e6323e780ef70b
Ubuntu Security Notice 6614-1 - It was discovered that amanda did not properly check certain arguments. A local unprivileged attacker could possibly use this issue to perform a privilege escalation attack.
9b106327afefa541eb88d19eb52149874dc4ff55f761323d7fd9100033444bab
Ubuntu Security Notice 6612-1 - It was discovered that TinyXML incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted XML file, a remote attacker could possibly use this issue to cause a denial of service.
babdcc80bf00e41b4e7aa5167cb90fe8dfec3f6236be8066fc247dd2afb8d0de
Debian Linux Security Advisory 5610-1 - Multiple security issues were discovered in Redis, a persistent key-value database, which could result in the execution of arbitrary code or ACL bypass.
6a575e49865251ebf28406b8b02755df04cae2bd061603790e201c0c1917a8a9
Ubuntu Security Notice 6605-2 - Lin Ma discovered that the netfilter subsystem in the Linux kernel did not properly validate network family support while creating a new netfilter table. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could cause a denial of service or possibly expose sensitive information.
3524f7db7b0463e6485d6224f046d239cbfe56762aedd26a06ba65129c0a6080
Ubuntu Security Notice 6604-2 - It was discovered that the ASUS HID driver in the Linux kernel did not properly handle device removal, leading to a use-after-free vulnerability. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service. Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information.
87adb9a0dd630857bb46668b561ed587d03265f1d69126841b1f12420169e7bc
Ubuntu Security Notice 6613-1 - Lucas Henry discovered that Ceph incorrectly handled specially crafted POST requests. An unprivileged user could use this to bypass Ceph's authorization checks and upload a file to any bucket.
dea0ef831400997642252a550e02200a9abf58a74817bc281c5715f96a9a5da3
WS_FTP Server version 5.0.5 remote denial of service exploit.
b0ae7d2a65c936ec4e7b7587622a4bd90c91fed914ec8e7ea7930992434fb955
httpdx version 1.5.1 remote denial of service exploit.
f093dce9ee3f2b8a6cf3ed4f50eef65f5d1900f0d7ff32ae945e4442a76dec6e
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.
b6f5c76af02ef16ffb7965f810a9af4815ad4f904b478eb7451dde7133f76dbf
Debian Linux Security Advisory 5609-1 - Several vulnerabilities were discovered in the Slurm Workload Manager, a cluster resource management and job scheduling system, which may result in privilege escalation, denial of service, bypass of message hash checks or opening files with an incorrect set of extended groups.
f57d906dddf94852997ecaf61e4354f8e39782336cb81672d34166c0cb2789b8
Ubuntu Security Notice 6610-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Cornel Ionce discovered that Firefox did not properly manage memory when opening the print preview dialog. An attacker could potentially exploit this issue to cause a denial of service.
59de047fed13f57d487a09e3a35571ae533675ac173887fe4ec52f395bb8d405
Debian Linux Security Advisory 5608-1 - A heap-based buffer overflow during tile list parsing was discovered in the AV1 video codec parser for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.
28de5aaa27d710a8206df6a847735e65dc15308d136f5b7b5aa81eb3f826812d
Ubuntu Security Notice 6611-1 - It was discovered that Exim incorrectly handled certain requests. A remote attacker could possibly use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism.
b33d9594531fb5ded7e43cda39e1b8b5720e24099cccb39fd5e09998a9663739
Reprise License Manager version 15.1 suffers from privilege escalation and arbitrary file write vulnerabilities.
2669c288e5683c8a006f078e5ae5297acd03bfda85f3962dd30fa641023dadbb
Jenkins versions 2.441 and below and LTS 2.426.3 and below remote arbitrary file read proof of concept exploit written in Python.
4fdefdc8a91925284359a1beec765f58e6f6a5a76aa3e27c5a5a2fb4ba6cd562
Jenkins versions 2.441 and LTS 2.426.3 arbitrary file read scanner.
0a161df23c6bac97a5923092b79fd307c231d11a8c0ec701df49569cfd362dfc
CSZCMS version 1.3.0 suffers from a remote SQL injection vulnerability in the admin flows.
ae0da5ea3e511b33cc9334f738b7b17c7cb166561b48d4de7d469531e1996b5d
PrommetriX is a tool that demonstrates a data leakage vulnerability in the Prometheus metrics-based event monitoring software.
27d0180963b74fcbd5831b059fa52142445e0ab684e71e634dffdf199cf1742e
Interactive Floor Plan version 1.0 suffers from a cross site scripting vulnerability.
696171fac915ad8521ab878bf8dd8496a69db4eedb1b4fe9f216fbfde57545ec
Chrome version 121 suffers from a javascript fork malloc vulnerability that indicates memory corruption upon crash.
c5fe58fff9338fa2b857b94610a42def7f40d9f7d58140b30fcf25e66b5a7686