– Ubuntu Security Notice 7049-2 – USN-7049-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that PHP incorrectly handled parsing multipart form data. A remote attacker could possibly use this issue to inject payloads and cause PHP to ignore legitimate data. – Read More – Packet Storm
– Ubuntu Security Notice 7110-1 – Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. – Read More – Packet Storm
– Ubuntu Security Notice 7089-5 – Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the...
– Ubuntu Security Notice 7071-2 – A security issue was discovered in the Linux kernel. An attacker could possibly use this to compromise the system. – Read More – Packet Storm
– Ubuntu Security Notice 7111-1 – Philippe Antoine discovered that Go incorrectly handled crafted HTTP/2 streams. An attacker could possibly use this issue to cause a denial of service. Marten Seemann discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting in a denial of service. Ameya Darshan...
– Ubuntu Security Notice 7088-5 – Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. – Read More – Packet Storm
– Ubuntu Security Notice 7112-1 – It was discovered that the GD Graphics Library did not perform proper bounds checking while handling BMP and WebP files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. – Read More – Packet Storm
– Ubuntu Security Notice 7089-6 – Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the...
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– TX Text Control .NET Server For ASP.NET has an issue where it was possible to change the configured system path for reading and writing files in the underlying operating system with privileges of the user running a web application. – Read More – Packet Storm
– Siemens Energy Omnivise T3000 version 8.2 SP3 suffers from local privilege escalation, cleartext storage of passwords in configuration and log files, file system access allowing for arbitrary file download, and IP whitelist bypass. – Read More – Packet Storm
– Red Hat Security Advisory 2024-9601-03 – An update for tigervnc is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include buffer overflow and privilege escalation vulnerabilities. – Read More – Packet Storm
– Ubuntu Security Notice 7107-1 – It was discovered that Minizip in zlib incorrectly handled certain zip header fields. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. – Read More – Packet Storm
– Proof of concept remote code execution exploit for PHP-CGI that affects versions 8.1 before 8.1.29, 8.2 before 8.2.20, and 8.3 before 8.3.8. – Read More – Packet Storm
– This is a bash script that is a vulnerability checker for CVE-2024-4577 designed to scan multiple domains for an argument injection vulnerability in PHP-CGI. This tool allows security researchers and system administrators to quickly assess whether their systems or a list of domains are potentially vulnerable to this specific security issue. This issue affected PHP-CGI versions 8.1 before 8.1.29, 8.2...
– Ubuntu Security Notice 7109-1 – Philippe Antoine discovered that Go incorrectly handled crafted HTTP/2 streams. An attacker could possibly use this issue to cause a denial of service. Marten Seemann discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting in a denial of service. Ameya Darshan...
– Proof of concept remote code execution exploit for GravCMS 1.10.7 that leverages an arbitrary YAML write / update. – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Ubuntu Security Notice 7089-4 – Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the...
– This Metasploit module lets you obtain remote code execution in Palo Alto Expedition versions 1.2.91 and below. The first vulnerability, CVE-2024-5910, allows to reset the password of the admin user, and the second vulnerability, CVE-2024-9464, is an authenticated OS command injection. In a default installation, commands will get executed in the context of www-data. When credentials are provided, this module...
– Post Content – Read More – Packet Storm
– Siemens Energy Omnivise T3000 version 8.2 SP3 suffers from local privilege escalation, cleartext storage of passwords in configuration and log files, file system access allowing for arbitrary file download, and IP whitelist bypass. – Read More – Packet Storm
– TX Text Control .NET Server For ASP.NET has an issue where it was possible to change the configured system path for reading and writing files in the underlying operating system with privileges of the user running a web application. – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– Post Content – Read More – Packet Storm
– [[{“value”:” Posted by Filip Palian on Nov 12 Hej, Let’s keep it short … ===== Intro ===== A “sudo make me a sandwich” security issue has been identified in the TX Text Control .NET Server for ASP.NET[1]. According to the vendor[2], “the most powerful, MS Word compatible document editor that runs in all browsers”. Likely all versions are affected however,...
– [[{“value”:” Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Nov 12 SEC Consult Vulnerability Lab Security Advisory < 20241112-0 > ======================================================================= title: Multiple vulnerabilities product: Siemens Energy Omnivise T3000 vulnerable version: >=8.2 SP3 fixed version: see solution section CVE number: CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879 impact: High…“}]] – Read More – Full Disclosure
– Red Hat Security Advisory 2024-9114-03 – An update for gnome-shell and gnome-shell-extensions is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability. – Read More – Packet Storm
– Red Hat Security Advisory 2024-9317-03 – An update for NetworkManager is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability. – Read More – Packet Storm
– Debian Linux Security Advisory 5809-1 – Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to privilege escalation, information disclosure, incorrect validation or an open redirect. – Read More – Packet Storm
– Red Hat Security Advisory 2024-9325-03 – An update for cockpit is now available for Red Hat Enterprise Linux 9. – Read More – Packet Storm
– Red Hat Security Advisory 2024-9331-03 – An update for krb5 is now available for Red Hat Enterprise Linux 9. Issues addressed include a memory leak vulnerability. – Read More – Packet Storm
– Debian Linux Security Advisory 5811-1 – An out-of-bounds write vulnerability when handling crafted streams was discovered in mpg123, a real time MPEG 1.0/2.0/2.5 audio player/decoder for layers 1, 2 and 3, which could result in the execution of arbitrary code. – Read More – Packet Storm
– Red Hat Security Advisory 2024-9333-03 – An update for openssl and openssl-fips-provider is now available for Red Hat Enterprise Linux 9. Issues addressed include a use-after-free vulnerability. – Read More – Packet Storm
– Debian Linux Security Advisory 5810-1 – Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. – Read More – Packet Storm
– Red Hat Security Advisory 2024-9439-03 – An update for fontforge is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability. – Read More – Packet Storm
– Ubuntu Security Notice 7102-1 – Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.40 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. –...
– HASOMED Elefant versions prior to 24.04.00 and Elefant Software Updater versions prior to 1.4.2.1811 suffer from having an unprotected exposed firebird database, unprotected FHIR API, multiple local privilege escalation, and hardcoded service password vulnerabilities. – Read More – Packet Storm
– Ubuntu Security Notice 7100-1 – Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code....
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
