Ubuntu Security Notice 7037-1 - It was discovered that OpenJPEG could enter a large loop and continuously print warning messages when given specially crafted input. An attacker could potentially use this issue to cause a denial of service.
81b6eb730c0ee7967ac3037f5a6565c45a7035ff9d03a4513c0353b44a6b4a72Red Hat Security Advisory 2024-7135-03 - An update for git-lfs is now available for Red Hat Enterprise Linux 8.
ac8ff5db3b68e1e549078a7f63ce692fda73d9577ac2a05cec5e7e0f8683243eUbuntu Security Notice 7038-1 - Thomas Stangner discovered a permission vulnerability in the Apache Portable Runtime library. A local attacker could possibly use this issue to read named shared memory segments, potentially exposing sensitive application data.
4bc9ae4d066ade2386768445712f54f05bbaee490eb4829d2fe9fdbeacc1200dUbuntu Security Notice 7036-1 - It was discovered that Rack was not properly parsing data when processing multipart POST requests. If a user or automated system were tricked into sending a specially crafted multipart POST request to an application using Rack, a remote attacker could possibly use this issue to cause a denial of service. It was discovered that Rack was not properly escaping untrusted data when performing logging operations, which could cause shell escaped sequences to be written to a terminal. If a user or automated system were tricked into sending a specially crafted request to an application using Rack, a remote attacker could possibly use this issue to execute arbitrary code in the machine running the application.
c4acd1ffc8ca871047fb8a39618d9c0b95465770474d22abee717b0b2de788adUbuntu Security Notice 7035-1 - It was discovered that the AppArmor policy compiler incorrectly generated looser restrictions than expected for rules allowing mount operations. A local attacker could possibly use this to bypass AppArmor restrictions in applications where some mount operations were permitted.
18e6675296e9bfadfac2c11a124d64d6e37cdc0a0120690b5b56b0de4b34dee9SchoolPlus version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
d2074cc8545a505ce1af1c27f59e640d90c6c616fbd247a73c1d9f5cea3d3385School Log Management System version 1.0 suffers from a PHP code injection vulnerability.
a34789327de460887266c735bef8f74228929d32d54ba320baa0cf19e9f7e3afSchool Dormitory Management System version 1.0 suffers from an ignored default credential vulnerability.
861e610b1a8c0b1120c4149e66a75572e6d4838142e38d7e89abb78b2b88e983Sample Blog Site version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
61eda3f220bcfb474e61a383d157f7559eaabd352c4d5b1a930e8077c163d977Rupee Invoice System version 1.0 suffers from an arbitrary file upload vulnerability.
6fb3380fdbd9dc68d4cb8441ac475f25ac1ecd1029d07f228a330be33ec7258cRestaurant POS version 1.0 suffers from a remote SQL injection vulnerability.
1efe1a827da05e9054d6424d0c6cbeffd061cb7a7b523985c9f815859c5ded7aResponsive Binary mlm version 3.2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
7832158bdfb6f25736475de94f715b561965469ceb63c7f42c224430b50843dfResponsive Billing sw System version 3.2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
a0219dae7fd1734f734512e67150e374366e1b2cf6be0d9351c5231f163d3f5aPHP SPM version 1.0 suffers from a WYSIWYG code injection vulnerability.
536b68dcbe9d4246c7b010d149de6d84d7dd1692847cf3ff869f37c679492ff7PHP ACRSS version 1.0 suffers from a WYSIWYG code injection vulnerability.
4007e9d326a3fe6cb1abc611dc7edabd1018b4749c72ecb7f637d013b3571243The ABB Cylon Aspect version 3.07.00 BMS/BAS controller suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the host HTTP GET parameter called by networkDiagAjax.php script.
8123a5d0a4c6fa336d0b765079abb5168cf0f686b24baa715db1e55915f315feGentoo Linux Security Advisory 202409-25 - Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service. Versions greater than or equal to 4.05 are affected.
fac11019c2046399ae717b97268560c482db032ca010a9a6d9a286947ef0235aUbuntu Security Notice 7034-1 - The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.64 version of the Mozilla certificate authority bundle.
07051ae013dc2a27ea346908afccf5a1bad6728d7ac5c5a8b7c95220ee1faf34Red Hat Security Advisory 2024-7103-03 - An update for grafana-pcp is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
95813b2104bdc7d0b4d5656c87b1d08a95eb492573d9c521988dadea9af1c2dfUbuntu Security Notice 7032-1 - It was discovered that Tomcat incorrectly handled HTTP trailer headers. A remote attacker could possibly use this issue to perform HTTP request smuggling.
19ad4cab25b37facba8c59f772004773b63724edac1ac9aadf381cd6bd195897PHP SPM version 1.0 suffers from a PHP code injection vulnerability.
42eadddca12393ee271fabcce4e022f9356f7034e6fb3c8f39890de24c8c2b65Red Hat Security Advisory 2024-7102-03 - An update for grafana is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
932e594e58bd7c6b674ad73d959e34a51f6dcd3ad5862a855bbb608b0ebb54a2Ubuntu Security Notice 7009-2 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service.
bc022d142c18a55625e63d62b56d8f76cf8e0a79f3f0ed802474777c8cbc4817PHP ACRSS version 1.0 suffers from a PHP code injection vulnerability.
9a020e5f43760ba811c1702f617a4ccf04426dfe0e6f358f368a57c7bd6f3a92Ubuntu Security Notice 7033-1 - It was discovered that some Intel Processors did not properly restrict access to the Running Average Power Limit interface. This may allow a local privileged attacker to obtain sensitive information. It was discovered that some Intel Processors did not properly implement finite state machines in hardware logic. This may allow a local privileged attacker to cause a denial of service.
f8ba90a3153c8d619b3a6dea5959ad86e6310426029496d99414b1e5ad0e97b7
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed