This bug report describes a bug in systemd that allows a service with DynamicUser in collaboration with another service or user to create a setuid binary that can be used to access its UID beyond the lifetime of the service. This bug probably has relatively low severity, given that there are not many services yet that use DynamicUser, and the requirement of collaboration with another process limits the circumstances in which it would be useful to an attacker further; but in a system that makes heavy use of DynamicUser, it would probably have impact.
064bbdd76f48df03346ba02e71f7b8230c92792ac615692d64f9d04ec97b425cLavavo CD Ripper version 4.20 license activation name SEH buffer overflow exploit.
3983b9f05d055c78f6849eb93d3fb1883efee5a082c670dbddbea041819ff59eosTicket version 1.11 suffers from cross site scripting and local file inclusion vulnerabilities.
a3a0c940e3990234b185e1da84523131a41176574735f7fdcd88b7bd105ca85aUbuntu Security Notice 3956-1 - It was discovered that Bind incorrectly handled limiting the number of simultaneous TCP clients. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service.
3d24ed0e149890bba90071f8a75a8241b8ac0de8924929c8af98c07861a6b0c0Ubuntu Security Notice 3955-1 - It was discovered that tcpflow incorrectly handled certain malformed network packets. A remote attacker could send these packets to a target system, causing tcpflow to crash or possibly disclose sensitive information.
6cf5a53ec29be9040d1801329f4f20f949f71d9d030b7c6df3a273f9ac45bd7cUbuntu Security Notice 3922-3 - USN-3922-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.
803a4bbada6ca25b99730a60e87bb2e4bd4ffb9f3b9c099cee7b2e025aff543bRed Hat Security Advisory 2019-0886-01 - Red Hat AMQ Clients enable connecting, sending, and receiving messages over the AMQP 1.0 wire transport protocol to or from AMQ Broker 6 and 7. This update provides various bug fixes and enhancements in addition to the client package versions previously released on Red Hat Enterprise Linux 6 and 7.
51ee6ce89ffa1483a5ec9d03a365dbe195147c06ea7b02816c74f69960f40146Gentoo Linux Security Advisory 201904-25 - Multiple vulnerabilities have been found in QEMU, the worst of which could result in the arbitrary execution of code. Versions less than 3.1.0-r4 are affected.
b8ef2d5b31853634154b8d8df5f413eb259a7fcf09e7c186b608a5ad6e3aad61Gentoo Linux Security Advisory 201904-24 - Multiple vulnerabilities have been found in Ming, the worst of which could result in a Denial of Service condition. Versions less than 0.20181112 are affected.
89fc4c461140c0c378a047021c889a873387afdd57d749af13dc04ddb3fedb14JioFi 4G M2S version 1.0.2 suffers from a denial of service vulnerability.
bfb318c7283d8c93cf9ad2a4ebed7e3340ee93cda24996f05d110932ada60d32JioFi 4G M2S version 1.0.2 suffers from cross site scripting and html injection vulnerabilities.
a76563a625e94df0efd3181bfd88a48c5d42ad331df04f77b53be95efc39a591Backup Key Recovery version 2.2.4 denial of service proof of concept exploit.
fda5aaec9e849b7ef551fa6227f43b87a963b19943f7a75d681f96e9b8db2be9HeidiSQL Portable version 10.1.0.5464 denial of service proof of concept exploit.
fde7b9d442a468d221f6586a17c488a893198703baa9d9cfc49c3e636abd98f0AnMing MP3 CD Burner version 2.0 denial of service proof of concept exploit.
78466ee8b720a5ba53c6f0f8d1341df659ae685fbd0dc8043428a21c726da7c8testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
6118f08b88c0075f39820296f0d76889165dd67e64dbfdfd1104d6d122a938c9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed