Device Manager Express versions 7.8.20002.47752 and below suffer from code execution, command execution, cross site scripting, remote SQL injection, and traversal vulnerabilities.
9f6dbcbbd09678c80d311d3e820d1c82de2bd7a04264742755ac9d8302b00c0fFroxlor versions 2.0.6 and below suffer from a bug that allows authenticated users to change the application logs path to any directory on the OS level which the user www-data can write without restrictions from the backend which leads to writing a malicious Twig template that the application will render. That leads to remote command execution under the user www-data.
a4048c5b1f41c4347f4543f9ad125a92d70622eb396c52b2aaf555132f774674Ubuntu Security Notice 5884-1 - Kirill Tkhai discovered that the XFS file system implementation in the Linux kernel did not calculate size correctly when pre-allocating space in some situations. A local attacker could use this to expose sensitive information. Lee Jones discovered that a use-after-free vulnerability existed in the Bluetooth implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
9fb79a1f43ccc6d619c96a07def2979ca05b8979050b2933267dc0bc2e17d747Ubuntu Security Notice 5882-1 - Gjoko Krstic discovered that DCMTK incorrectly handled buffers. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. Omar Ganiev discovered that DCMTK incorrectly handled buffers. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
c5cb6242b728dd849603bd9f7d301fe81cf301245cdd8770323901120e074b6bDebian Linux Security Advisory 5358-1 - Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for launching a denial of service attack or the execution of arbitrary code.
af27f2dc4d2e27bc3dbab6aae8f01920efe10398bf7112aa8d1bf8bfe6bb6c8cDebian Linux Security Advisory 5357-1 - yvvdwf found a data exfiltration vulnerability while performing local clone from malicious repository even using a non-local transport. Joern Schneeweisz found a path traversal vulnerability in git-apply that a path outside the working tree can be overwritten as the acting user.
1d3b09b9eb94b59ea608248a20c9b4e2bc7dca85f2496bce60579f548dcd692dRed Hat Security Advisory 2023-0777-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.56. Issues addressed include bypass, code execution, cross site request forgery, cross site scripting, denial of service, deserialization, and improper authorization vulnerabilities.
3a8eeb8e8d119d082a4db10c5e51ebd4d57e468c790416e84f2a0365b3436e63Red Hat Security Advisory 2023-0778-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.56.
b0f7f8eee987e2e6e2dcaabf7c4fe7bacb12571d25cd64b63d580c759f794a67Ubuntu Security Notice 5883-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
42ecf192cd658944c9911950524453182140573973b7872b42e621102bc1581bRed Hat Security Advisory 2023-0902-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.
41fd94e2b8750df20acb23f9bcf766903e6f027f48fe587fa7a2deddd5f8ad54Red Hat Security Advisory 2023-0903-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.
e654eac723ba89308f27ad22d9907fbb419acdd6265aa776349d65a061bbd52aYoga Class Registration System version 1.0 suffers from multiple remote SQL injection vulnerabilities.
5cfa2a48930887864eca956544f0d00e2f2bae1b18a0149cfafbab2cdc9c34fe
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed