Gentoo Linux Security Advisory 202405-1 - Multiple vulnerabilities have been discovered in Python and PyPy3, the worst of which can lead to privilege escalation. Versions greater than or equal to 3.10.14:3.10 are affected.
6e25bc5c65df63d8a01e63b802487986b9e6cedfc10b8dea10de68a2cc7d298eRed Hat Security Advisory 2024-2697-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Issues addressed include privilege escalation and use-after-free vulnerabilities.
28cf427d0beac33407994538d777095eed775c545fae88ea7c679c6980fbd9d3Red Hat Security Advisory 2024-2696-03 - An update for unbound is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
3f86b6a179632c87da0e0ab6eed7a66dc1715dc52f67a48e6d5a0b2c4ef6d57aUbuntu Security Notice 6757-2 - USN-6757-1 fixed vulnerabilities in PHP. Unfortunately these fixes were incomplete for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.10. This update fixes the problem. It was discovered that PHP incorrectly handled PHP_CLI_SERVER_WORKERS variable. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
9657a689d1e137641b5539b1d18e172041c6d3cba27fdc722c254145353f09b5Ubuntu Security Notice 6762-1 - It was discovered that GNU C Library incorrectly handled netgroup requests. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU C Library might allow context-dependent attackers to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU C Library when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. This issue only affected Ubuntu 14.04 LTS.
d27b3448167b5f41fb5b2319186a2bc0ba48401c34db2d5404f8fbe2f1e1273aSOPlanning version 1.52.00 suffers from a remote SQL injection vulnerability in projects.php.
e53b7e681658c99d38155029675c243627ca96d8d11916eba4a766fb4d6a4c69SOPlanning version 1.52.00 suffers from a cross site request forgery vulnerability in xajax_server.php.
a3c73b7d4acc8e32c7247c327692a33f62025c56af9edaa24b5dfff34103fc5aSOPlanning version 1.52.00 suffers from a cross site scripting vulnerability in groupe_save.php.
b3547a84c8cad40f1ad245d4773be05f04779afc966facea5aec1efac17e152dRed Hat Security Advisory 2024-2679-03 - An update for libxml2 is now available for Red Hat Enterprise Linux 9. Issues addressed include a use-after-free vulnerability.
39a91dbaa294030bbe404245ccf923197adb369925824c8a8d080f427edd7c83Red Hat Security Advisory 2024-2674-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
387a4de992d918b220a4f6ff305085446c7cfea776b68215b98fd2a049419d5aRed Hat Security Advisory 2024-2071-03 - Red Hat OpenShift Container Platform release 4.15.11 is now available with updates to packages and images that fix several bugs and add enhancements.
964d565d8c5778bee68062c997d805f52a05706ac5e0f82c92ff6ad5905fb116Red Hat Security Advisory 2024-2068-03 - Red Hat OpenShift Container Platform release 4.15.11 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.
71b5c8fde848288e0fe4749685a8526a45d9fec0dee13b6dc19ea863e590268aRed Hat Security Advisory 2024-2054-03 - Red Hat OpenShift Container Platform release 4.14.23 is now available with updates to packages and images that fix several bugs and add enhancements.
885731c279c034233138d0157717dfc72dce63e515d854f40c1ff26a21746054Red Hat Security Advisory 2024-2049-03 - Red Hat OpenShift Container Platform release 4.13.41 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.
e36bf4a41b44256e651722af16afe94a1920c4d839352ee1d6b3a9fb3c230865Debian Linux Security Advisory 5676-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
c8a90b6292a6c4c3420fce49648c7bda2ab98985db0fced3a1043d2b9fa2b7c6Ubuntu Security Notice 6747-2 - USN-6747-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service. Gary Kwong discovered that Firefox did not properly manage memory when running garbage collection during realm initialization. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory during JIT optimizations, leading to an out-of-bounds read vulnerability. An attacker could possibly use this issue to cause a denial of service or expose sensitive information. Nan Wang discovered that Firefox did not properly manage memory during WASM garbage collection. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. Various other issues were also addressed.
7c2c9d128db1252739be1d7a0b93beb403f7c031e510470fefa2f2f7a74db59dhtmlLawed versions 1.2.5 and below proof of concept remote command execution exploit.
f7c13b91b7562803551ff2c81af4d91f8007cf734173bc191c1002abafa0fa8fRed Hat Security Advisory 2024-2651-03 - An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.
973632fb4064029537b1b304fc430a77ef240763c28c8135e263ded1f9abb3a5Red Hat Security Advisory 2024-2645-03 - An update for podman is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
5b624408bbe646a1a11941932195d1ca4c0bec8298946108aaf85a425311ca13This archive contains all of the 132 exploits added to Packet Storm in April, 2024.
1cc0043aef39f0e6a8dc458f9a6338f05cc6e2563d003810dff7bc61cb8fa7b7Ubuntu Security Notice 6760-1 - George-Andrei Iosif and David Fernandez Gonzalez discovered that Gerbv did not properly initialize a data structure when parsing certain nested RS-274X format files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service.
17978e436015209b652836f16189a4839bd9524fb9c7fa08f62a850a68c2395bLonial Con discovered that the netfilter subsystem in the Linux kernel contained a memory leak when handling certain element flush operations. A local attacker could use this to expose sensitive information (kernel memory). Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel did not properly handle inactive elements in its PIPAPO data structure, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.
9e5eb976874c7a13fcf2a71119849f5abece485528a92084501d9c7e0d3b4529There is yet another attack possible against Protected Media Path process beyond the one involving two global XOR keys. The new attack may also result in the extraction of a plaintext content key value.
624d62ae93c4eb9ee488a2e78ae15c8b8b941fc79346a6f1e3994060ab88fc9bOnline Tours and Travels Management System version 1.0 suffers from a remote SQL injection vulnerability.
60e4ec4738d6f6a64d63d565ba22b2f196e6175494953c8782b5d9edc6f07301Red Hat Security Advisory 2024-2639-03 - The Migration Toolkit for Containers 1.7.15 is now available.
ed34d9644ec2e83ab816533bedba4ba49a737b46acbe9e9d8e0cb7afe744869e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed