Debian Linux Security Advisory 5471-1 - A security vulnerability has been discovered in libhtmlcleaner-java, a Java HTML parser library. An attacker was able to cause a denial of service (StackOverflowError) if the parser runs on user supplied input with deeply nested HTML elements. This update introduces a new nesting depth limit which can be overridden in cleaner properties.
f96281f975f20155fb343f0d82fab4ed0c0a3a6cbbc5a26c074cca92130006baUbuntu Security Notice 6277-1 - It was discovered that Dompdf was not properly validating untrusted input when processing HTML content under certain circumstances. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. It was discovered that Dompdf was not properly validating processed HTML content that referenced PHAR files, which could result in the deserialization of untrusted data. An attacker could possibly use this issue to execute arbitrary code.
eae7a63a1314510fba016ace5f4fa58f3b235300091023f8fe1215a16f0a875bRed Hat Security Advisory 2023-4531-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
011026b4b36f55daf3ed81b46636357bc0bab4bb6f8cd65f801fa0d7c9a04ecbGNOME Files version 43.4 (nautilus) on Fedora 37 will extract zip archives with setuid files for other user identifiers that can be leveraged to escalate privileges.
ac80117ac673973985c2dd78f43ddd88009c6d2d28c771696ceaab5aceb3f410Red Hat Security Advisory 2023-4456-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.8. Issues addressed include an add administrator vulnerability.
b0a498344d09cd12609bee557f305594f2cff6126e3cae1cdc620fc9159bf3ecRed Hat Security Advisory 2023-4536-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs. Issues addressed include HTTP request smuggling and bypass vulnerabilities.
2f06bbbf8bfb035c3cc29869030ff9c394d94f4a61e802e88783692206313bf6Ubuntu Security Notice 6267-2 - USN-6267-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Max Vlasov discovered that Firefox Offscreen Canvas did not properly track cross-origin tainting. An attacker could potentially exploit this issue to access image data from another site in violation of same-origin policy. Alexander Guryanov discovered that Firefox did not properly update the value of a global variable in WASM JIT analysis in some circumstances. An attacker could potentially exploit this issue to cause a denial of service. Mark Brand discovered that Firefox did not properly validate the size of an untrusted input stream. An attacker could potentially exploit this issue to cause a denial of service.
5fb0b898aafa28294fb8ccc08119b1fe47db5b53b2d6374b96b0c7fd72049ccaRed Hat Security Advisory 2023-4523-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
fe1e1a7beeb477da26be10905af4664fbab2fbeccfcd8c098362265bd0c72eebVarient News Magazine Script version 2.2 appears to leave default credentials installed after installation.
55d39fc316be771eae1077981f65e91b1c5c157ca82a0c7e5a445518f84094dfRed Hat Security Advisory 2023-4459-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.8.
58c55fc1f8686d749cce82dbeb1f696f569b11acb8df93ed3cda8bdbe810d8c7Red Hat Security Advisory 2023-4539-01 - PostgreSQL is an advanced object-relational database management system.
4492727b610b193728ddfd73abfdc3f4792530283ba77b397c75d148b3f29e29Red Hat Security Advisory 2023-4529-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards.
05f36faf9f4f406416529bd6b79e5d7d84f5904b90b4f43e01da22ebffbf76aaVideo Whisper Conference version 1.01 suffers from a cross site scripting vulnerability.
b40ba81d48018c21e4e30b598f994c663576e363ae861549806e4e66a2267a20Red Hat Security Advisory 2023-4535-01 - PostgreSQL is an advanced object-relational database management system.
bb0d93dc4642fdfdca0f3a521e54d8fafc5d8a05d94ed117e60752d51d43bb29Red Hat Security Advisory 2023-4520-01 - The python-requests package contains a library designed to make HTTP requests easy for developers.
d0c1dc5e356e4b5ead6eee269f7ceb50713f9d3eba95d0dfa54c4f53d0db6666Videoflix CMS version 1.3 appears to leave default credentials installed after installation.
1b188b1961144abfb1aff317f94f1ba0b540456dddba84057ab90b4a73e6bb7cRed Hat Security Advisory 2023-4537-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs. Issues addressed include HTTP request smuggling and bypass vulnerabilities.
26418c8a5be7babeeb199c8a8e789c7d53171594bcc88de2f5638715da3afb4bRed Hat Security Advisory 2023-4524-01 - Libcap is a library for getting and setting POSIX.1e draft 15 capabilities. Issues addressed include integer overflow and memory leak vulnerabilities.
9393191fe2906786aaecc95ef657be2b2d21d0856639034a2d51cd3151f514e6Red Hat Security Advisory 2023-4517-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.
18ca1a2d2bb8e1e5c625c86b54b8da16e838e8069670bd47e1b837b47fd7e8baVirtues cpanelCMS version 1.0 suffers from a remote SQL injection vulnerability.
b0dd987501a8980f27a1a2c335dab1ec406d02a79b945305fa4690813000c747Voodoo Chat version 1.3 suffers from a cross site scripting vulnerability.
11f7a2efbdf14e9500b0a6e971a896bbac171caeed20cc661f2b4ad1b5c02e2eeneblur CMS version 1.0 suffers from a remote SQL injection vulnerability.
4d67639c944054e33175ed2e55a36b45439dd449f6e73134fe454cc1d6a7bb71Red Hat Security Advisory 2023-4527-01 - PostgreSQL is an advanced object-relational database management system.
224d7a7ab3268b731ca5e1b6146c6fc24f536b48dce67839bd62d8aa4f6246e2Red Hat Security Advisory 2023-4541-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.
afd57de8197f4fa2f3f6f819900ae0f78bac5331e50d8a51481ca5b1e5bb9e15CMS BMGI International version 4.0 suffers from a remote SQL injection vulnerability.
336a8b483f9aec691b3187aad233253738b3431f58b9ba29e3f0951d22563235
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed