Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. This is the LTS source code release.
a26699704bb4ddf2684e4adc1f46d5f3de9a9a8959f147970f969cc32b2f0d9eThe AudioCodes VoIP phones can be managed centrally, whereby configuration files are provided and requested by the phones at a central location. These configuration files can also be provided in encrypted form. This is intended to protect sensitive information within the configuration files from unauthorized access. Due to the use of a hardcoded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve sensitive information. Firmware versions greater than or equal to 3.4.8.M4 are affected.
aa8123253e08b34d540bf926ba4a87654940b99a7e069721ef96a63db69bac95The AudioCodes VoIP phones store sensitive information, e.g. credentials and passwords, in encrypted form in their configuration files. These encrypted values can also be automatically configured, e.g. via the "One Voice Operation Center" or other central device management solutions. Due to the use of a hardcoded cryptographic key, an attacker with access to these configuration files is able to decrypt the encrypted values and retrieve sensitive information, e.g. the device root password. Firmware versions greater than or equal to 3.4.8.M4 are affected.
29414b5c1036f3966c46308f74f15451f22b582e783e487f7aa45422c6dfd70fAudioCodes VoIP Phones with firmware versions greater than or equal to 3.4.4.1000 have been found to have validation of firmware images that only consists of simple checksum checks for different firmware components.
87f14d8fb3d841332987f94e0d0b781df7d013b6b805f919c5e4b88c417fe4f0Hyip Rio version 2.1 suffers from an arbitrary file upload vulnerability that can be leveraged to commit cross site scripting attacks.
cb26d9e78a7f34adc181f96e6e2bfa835fe0ee3bd358f8c8da79954a82c3bbe6Ubuntu Security Notice 6294-1 - Ben Kallus discovered that HAProxy incorrectly handled empty Content-Length headers. A remote attacker could possibly use this issue to manipulate the payload and bypass certain restrictions.
eb07f489e5aa114922ba5706f886aedf4d3738378f6fb7e9a080692a4e5c88c3Red Hat Security Advisory 2023-4664-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.3 images. Issues addressed include a denial of service vulnerability.
e6adec08a41db66a6b16db061aa69314b8013291796ba90e7c9baac7c7edf27cRed Hat Security Advisory 2023-4612-01 - Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of Red Hat support for Spring Boot 2.7.13 serves as a replacement for Red Hat support for Spring Boot 2.7.12, and includes security, bug fixes and enhancements. For more information, see the release notes linked in the References section. Issues addressed include bypass, code execution, denial of service, and deserialization vulnerabilities.
9fce17aaf4b1e17b6dd5371a535e817dbb5fd71c7e4c095fca880dd19e594fbdUbuntu Security Notice 6293-1 - It was discovered that OpenStack Heat incorrectly handled certain hidden parameter values. A remote authenticated user could possibly use this issue to obtain sensitive data.
2e00a7841fa65b3e3dd44f551e88dbaeb78958b20f0f4b7ede21df21c6997015Ubuntu Security Notice 6292-1 - It was discovered that Ceph incorrectly handled crash dumps. A local attacker could possibly use this issue to escalate privileges to root.
75967740ce1a9069be3b5ffdad890e66bf3af3e56b32fbff26a28baf8de418c4Ubuntu Security Notice 6291-1 - Hanno Bock discovered that GStreamer incorrectly handled certain datetime strings. An attacker could possibly use this issue to cause a denial of service or expose sensitive information.
6ed2a0d160c0f8456980f4faa4f374ee99df919ed0cff56e9c25486aace22156Red Hat Security Advisory 2023-4603-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.9.
4fce8c6ec3e22dae0e2f20b975bc266affa67f262d5a7425975c79e3cd79cf1aRed Hat Security Advisory 2023-4582-01 - Red Hat OpenStack Platform 17.1 (Wallaby) director Operator containers are now available. Issues addressed include a code execution vulnerability.
83d9f3399f06049a50aecd7cab6994d78263156f001b66a39abef4a0dfe9753bUbuntu Security Notice 6290-1 - It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files with the tiffcrop utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that LibTIFF incorrectly handled certain image files. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04.
dea439e173df06f4701c3d819ad53b19bb3bf0a6496304490d18dec1b8d0c9e5Red Hat Security Advisory 2023-4628-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP response splitting, bypass, integer overflow, out of bounds write, and use-after-free vulnerabilities.
2421b3b97cc7191c9230548e299fe246f93d5b82a4d21e6fa8eaf14abddaa1f0Red Hat Security Advisory 2023-4629-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section. Issues addressed include HTTP response splitting, bypass, integer overflow, and use-after-free vulnerabilities.
6c109e8112c245ff647417e707926d11d65d612b66e7ae46f1f05cb3ab724077Red Hat Security Advisory 2023-4654-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
f65b71e2d93a61d8fd6e9baa0836136297d958349bf5dfab6550b04986c6a67bUbuntu Security Notice 6289-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
56a23505c39e15a9992e4da11ed2253e380d5dccf0c819aca7b95fda96df2aafExcessWeb and Network CMS version 4.0 suffers from a database disclosure vulnerability.
3804ccc9e62f4f0b3d7f7e5d2646a5827031767b52189c5bfbdb8fee5663b88fEvsanati Radyo version 1.0 suffers from an ignored default credential vulnerability.
1326815dc9e9bd378da2493a7d90ff8ff159f77ddbce953e96b82a55038a3c8cEvent Locations CMS version 1.0.1 suffers from a cross site scripting vulnerability.
ef6dfc0bf961f4476c4574b9af2ecbb1525f1e15fc02221c257a9d4d1ad082f6Erim Upload version 4 suffers from a database disclosure vulnerability.
0a5d9f97ad99a2e396c97011db6206b01062091d026186ae3e3e5346edff23b4E-partenaire LMS version 1.0.0 suffers from a cross site scripting vulnerability.
ccf167601a645dc0cec6d60d6fb1c3ef568c4f66b01fd8e2878bd91b70a103f4EMH CMS version 0.1 suffers from a cross site scripting vulnerability.
c58615aff6cd57a5ca22a34be62372e9e81249eb20b812f9a35ccd440af33052The H2 database contains an alias function which allows for arbitrary Java code to be used. This functionality can be abused to create an exec functionality to pull our payload down and execute it. H2's web interface contains restricts MANY characters, so injecting a payload directly is not favorable. A valid database connection is required. If the database engine was configured to allow creation of databases, the module default can be used which utilizes an in memory database. Some Docker instances of H2 don't allow writing to folders such as /tmp, so we default to writing to the working directory of the software. This Metasploit module was tested against H2 version 2.1.214, 2.0.204, 1.4.199 (version detection fails).
07a91f31f74a5616ef0d92c5c535db18babf8aacc5e32f1b0d759b6219544cc8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed