Active Newspaper version 2.0 suffers from an html injection vulnerability.
d7788acd25934e4f336dd671dc9fb07b6d931cf95efc7ba4b66d3b2cb52cd854Ubuntu Security Notice 6186-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
852bc0984d64527371695ee9feac0d312b46b12c591411f7a5be5f0ffb1c93a2Red Hat Security Advisory 2023-3780-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Issues addressed include a bypass vulnerability.
bddb6f1e11a6ba9c52be0f94ca826d2448c508019f60d2f892b5aa469b5fe32eSmart Office Web version 20.28 suffers from information disclosure due to an insecure direct object reference vulnerability.
0e404965ef5239207c525c44d321cb98b5082332677616c1825d478aca12e3c8Ubuntu Security Notice 6185-1 - It was discovered that the TUN/TAP driver in the Linux kernel did not properly initialize socket data. A local attacker could use this to cause a denial of service. It was discovered that the Real-Time Scheduling Class implementation in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service.
be2e9478a6761c035541dad4eff6b7f5f36c9c99263510c8055de1ab00fac4e0fastCMS Blogging version 3.1.0 suffers from a persistent cross site scripting vulnerability.
7765980d5fa3da33cef63b6d168e51d379de04ffd2183f3a2e79c0c59b6eca32ACJWEB DESIGNER version 1.0 suffers from a cross site scripting vulnerability.
e4b3ec1618ec99bb023305b043d262222b6dd51759fd74b2e6e5b2ff52883ea1Debian Linux Security Advisory 5437-1 - Gregor Kopf of Secfault Security GmbH discovered that HSQLDB, a Java SQL database engine, allowed the execution of spurious scripting commands in .script and .log files. Hsqldb supports a "SCRIPT" keyword which is normally used to record the commands input by the database admin to output such a script. In combination with LibreOffice, an attacker could craft an odb containing a "database/script" file which itself contained a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.
7c544f31219784b743536b45da6065cc810499bfb45dbd1197cd11a809f8e80aRed Hat Security Advisory 2023-3740-01 - This release of Camel for Spring Boot 3.20.1.P1 serves as a replacement for Camel for Spring Boot 3.20.1 and includes bug fixes and enhancements, which are documented in the Release Notes linked in the References. The purpose of this text-only errata is to inform you about the security issues fixed. Issues addressed include a denial of service vulnerability.
58c98dc04b54e3626d83bf209197c06eb22fe9f8e980bb6b6099f24aba62f3bdIt was discovered that the OverlayFS implementation in the Linux kernel did not properly handle copy up operation in some conditions. A local attacker could possibly use this to gain elevated privileges. It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform data buffer size validation in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly expose sensitive information. It was discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.
9af3c677c764aab7902d47c2a505555b84fde68a690ae6e7624c01659fe90f86Ubuntu Security Notice 6183-1 - Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered that Bind incorrectly handled the cache size limit. A remote attacker could possibly use this issue to consume memory, leading to a denial of service. It was discovered that Bind incorrectly handled the recursive-clients quota. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04.
8c98b23533bb65799530876b7495994b7f2a7e5243dbe968de2fc62016d3d8e1Red Hat Security Advisory 2023-3771-01 - The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection. Issues addressed include bypass, denial of service, and null pointer vulnerabilities.
00566f877e194c658cc2885f9f671af06701ad0fc1fd4587e997d9d53e79ea82Debian Linux Security Advisory 5436-1 - Gregor Kopf of Secfault Security GmbH discovered that HSQLDB, a Java SQL database engine, allowed the execution of spurious scripting commands in .script and .log files. Hsqldb supports a "SCRIPT" keyword which is normally used to record the commands input by the database admin to output such a script. In combination with LibreOffice, an attacker could craft an odb containing a "database/script" file which itself contained a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.
10c658300144766f15b5f3423e106e451ef63ac07ea18305bd88c937ac36abf1OX App Suite suffers from server-side request forgery, command injection, uncontrolled resource consumption, code injection, authorization bypass, and insecure storage vulnerabilities. Various versions in the 7.10.x and 8.x branches are affected.
a27979ae3ae36aed54def31f404e98c49b579e2113420246b0b046bb9f32e18dWordPress BackUpWordPress version 3.8 appears to leave backups in a world accessible directory under the document root.
0aa2086e4896317bbe3e7bdbf4459a1d7ed4b988564f1de3d17a4038856e606eZstore version 6.5.4 suffers from a database disclosure vulnerability.
59ef2a6ae2dedf274f03866554742255b38accdbc92491e12e38cf45e9ba3fd8Red Hat Security Advisory 2023-3741-01 - The c-ares C library defines asynchronous DNS requests and provides name resolving API. Issues addressed include a denial of service vulnerability.
8783d76c406bb3dbdd7902bd839ae0f4e25d1290d7045d5be51a4596aef627dbDebian Linux Security Advisory 5435-1 - Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in information disclosure or denial of service.
dfca8e4b23324ea3fd1686d46452b9a26062e6cab430b4598ba6351a0f959fc6Ad Manager Pro version 3.05 suffers from a backup disclosure vulnerability.
9849adf143ac40f826534802c5f270e16d48ad28e11911067998927a139fda16Active Matrimonial CMS version 1.4 suffers from an html injection vulnerability.
4f76c6ed2c67cc6b8b75cac164fbea9625d1673592f28718c07536a4c040b3cfRed Hat Security Advisory 2023-3711-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include buffer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
196186a82819b64abfb35d95f92fbdf909a0e1469d2a1617734772b452b11b4dRed Hat Security Advisory 2023-3715-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a memory leak vulnerability.
9b8b53521738368a749fe60c780351f9820f05a28d78796091f980340ba474e6Acon Architecture and Construction Website CMS version 1.2 appears to leave default credentials installed after installation.
70ef2d8bc91eb56a1a4440da226b2cf249319048b28003a05fa920674c61c763ACJWEB DESIGNER version 1.0 suffers from a remote SQL injection vulnerability.
1476b83d361f5d3b12a5630e5e0b2a06fcf04b60ef0362ae9f733f5b20894725Red Hat Security Advisory 2023-3714-01 - PostgreSQL is an advanced object-relational database management system.
1980932e5150f22b5f57c035b3ff2943d17686a6d61283f8449cf87085fa2a42
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed