Ubuntu Security Notice 6673-1 - Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing incorrect padding in RSA PKCS#1 v1.5. A remote attacker could possibly use this issue to expose confidential or sensitive information. It was discovered that python-cryptography incorrectly handled memory operations when processing mismatched PKCS#12 keys. A remote attacker could possibly use this issue to cause python-cryptography to crash, leading to a denial of service. This issue only affected Ubuntu 23.10.
01de93cd85b2bb26752f49682241d7f6847ee989213ef66fd7a7389e73b6b48aBoidCMS version 2.0.1 suffers from multiple cross site scripting vulnerabilities. Original discovery of cross site scripting in this version is attributed to Rahad Chowdhury in December of 2023, though this advisory provides additional vectors of attack.
399c7d150c74e14ff960b4352508c5f4a2a59bf2bfe1f4f390b71685d91640dfGentoo Linux Security Advisory 202403-3 - Multiple vulnerabilities have been discovered in UltraJSON, the worst of which could lead to key confusion and value overwriting. Versions greater than or equal to 5.4.0 are affected.
00915f50ef9b76b7d10b556e97fcc528b7fe7c290fe78c3cfb37d95977815bafTP-Link JetStream Smart Switch TL-SG2210P version 5.0 build 20211201 suffers from a privilege escalation vulnerability.
6bfec71761c0da72ef8e4e51471259390ab76ae5197777d2c08b7f660b7984e5Gentoo Linux Security Advisory 202403-2 - Multiple vulnerabilities have been discovered in Blender, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 3.1.0 are affected.
c0f4d0afcf31837770fe0ca7efbef959899e3c31bd4d82b12dfdc8634700ecdcWallos versions prior to 1.11.2 suffer from a remote shell upload vulnerability.
77ba729fac9fbd6e562f329a83458d57ae71f13aaf4f55db7da1328097365d1aGentoo Linux Security Advisory 202403-1 - A vulnerability has been discovered in Tox which may lead to remote code execution. Versions greater than or equal to 0.2.13 are affected.
bd25f2b467d833795026292ee1d9110cf019aaca57398e04f9425d2375388e5fPetrol Pump Management System version 1.0 suffers from a remote shell upload vulnerability. This is a variant vector of attack in comparison to the original discovery attributed to SoSPiro in February of 2024.
0f0040501420a8f8ddd6c7f12a7f7140cff7687749ef9d7f7d32928b820114f8Petrol Pump Management Software version 1.0 suffers from a remote SQL injectionvulnerability.
51abe5321193658e358ef6153227465b3009062f89a267703a6584db36a564dfPetrol Pump Management Software version 1.0 suffers from multiple cross site scripting vulnerabilities.
527eeaf50e15d94715035ef458538033c4f5eff926cb533e157dbed8bed874f5This is an interesting whitepaper called Compromising Industrial Processes using Web-Based Programmable Logic Controller Malware. The authors present a novel approach to developing programmable logic controller (PLC) malware that proves to be more flexible, resilient, and impactful than current strategies.
741326e4fbc51ab41e106a049572fa380ad7b01037f9e364be260067feb5194bEasywall version 0.3.1 suffers from an authenticated remote command execution vulnerability.
02674567c5d503f91e947ba06aece45751ee04aeffe5b6edc3dfffb994976693Ubuntu Security Notice 6672-1 - Morgan Jones discovered that Node.js incorrectly handled certain inputs that leads to false positive errors during some cryptographic operations. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.10. It was discovered that Node.js incorrectly handled certain inputs leaded to a untrusted search path vulnerability. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform a privilege escalation.
fa597d50e9f8b5bd302a8783ff6dbb02dfd40c5672ca6442aff828f6a586c095GL.iNet AR300M versions 3.216 and below suffer from an OpenVPN client related remote code execution vulnerability.
0bc765cb78e3663fd69f067daec79c26a082e75d184e6d211c3b136d90337022GL.iNet AR300M versions 4.3.7 and below suffer from an OpenVPN client related remote code execution vulnerability.
9270490cd001ef107453c4f557a02b7ca323b54f6f7cbe828cf79a16dc19810eGL.iNet AR300M versions 4.3.7 and below suffer from an arbitrary file writing vulnerability.
e817323e271309d595fea12a346185c0f2533237f054e543a5166f1f7881c859Ubuntu Security Notice 6669-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code.
63ee0e6f83b4e9f77d873f79cf50c1f02a046461e6ad8e93392c9da32d118bfcSumatraPDF version 3.5.2 suffers from a DLL hijacking vulnerability using CRYPTBASE.DLL. DLL hijacking in this version was already discovered by Ravishanka Silva in February of 2024 but the findings did not include this DLL.
b54fc4aa8aa9cd1b68c0fee0e8f8f071f44a503ec283e0947fb0c29cce53475aEmployee Management System version 1.0-2024 suffers from a remote SQL injection vulnerability. Original discovery of this finding is attributed to Ozlem Balci in January of 2024.
01f9a437e502773164c42d18db293d6d010978a568703d9945cb9bfe002238b5TPC-110W suffers from a missing authentication vulnerability.
a465de4bea0a0f0a26e4a6e310952a40f118cba393cb00abfccd1bb894d688f8Boss Mini version 1.4.0 suffers from a local file inclusion vulnerability.
fd1ebe20ccdc11bd1897608c2ab131c580b9a7fdc758f3d4c292f49e3840ee1bMultilaser RE160 versions 5.07.51_pt_MTL01 and 5.07.52_pt_MTL01 suffer from an access control bypass vulnerability through cookie manipulation.
ba0ed12285ef51b34ae0d6988481e8d4fc6959295d9775d1e956a211d68153e0Multilaser RE160V web management interface versions 12.03.01.08_pt and 12.03.01.09_pt along with RE160 versions 5.07.51_pt_MTL01 and 5.07.52_pt_MTL01 suffer from an access control bypass vulnerability through URL manipulation.
e1156731f7c82aa391ee5895789afc5a989d3554ac5a410747604791d0f5fdccMultilaser RE160V web management interface versions 12.03.01.09_pt and 12.03.01.10_pt suffer from an access control bypass vulnerability through header manipulation.
c6cf3a65cbce62dca49ea866ac9a7ace5aa59a5dad1fb6abba12d3e96e453625A-PDF All to MP3 Converter version 2.0.0 overflow exploit with DEP Bypass with HeapCreate + HeapAlloc + some_memory_copy_function ROP chain.
3c931f40a432f8d268a05e73fd1bde4398f9391c878c54188ea6c0121b2ebc59
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed