Ubuntu Security Notice 5359-1 - Danilo Ramos discovered that rsync incorrectly handled memory when performing certain zlib deflating operations. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code.
d86fd6c18100320089eb6c892b3934a7fd83a90dab64630caba832caecfe673fSpring Cloud Function versions prior to 3.1.7 and 3.2.3 are vulnerable to remote code execution due to using an unsafe evaluation context with user-provided queries. By crafting a request to the application and setting the spring.cloud.function.routing-expression header, an unauthenticated attacker can gain remote code execution. Both patched and unpatched servers will respond with a 500 server error and a JSON encoded message.
191fd2ef6dcf8a98bc701657de72fbfe2250e9ec9091b7372a38ea1abcff6241Ubuntu Security Notice 5356-1 - Alexandre Bartel discovered that DOSBox incorrectly handled long lines in certain files. An attacker could possibly use this issue to execute arbitrary code. Alexandre Bartel discovered that DOSBox incorrectly performed access control over certain directories. An attacker could possibly use this issue to execute arbitrary code.
e3839ee571468680b81112957309e74a8af6ee0fa66b2e646caf9672ba1cf90fIdeaRE RefTree versions prior to 2021.09.17 suffer from a path traversal vulnerability.
6c01288d24fb06203fba1bbb4a1569c7c1519c40ba0e613d0c951377f72407e7IdeaRE RefTree versions prior to 2021.09.17 suffer from a remote shell upload vulnerability.
7a1f36a186daaabfb1cb5a35f53c2411f1ac4fc02655a8038cdac234c32dd9fdUbuntu Security Notice 5358-1 - It was discovered that the network traffic control implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the IPsec implementation in the Linux kernel did not properly allocate enough memory when performing ESP transformations, leading to a heap-based buffer overflow. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
6014beb1c2288fa564666e3a8cc2728d4f9100f4d4f9d8585a4f7e619cce7702Chrome has an issue where a malformed message sent to DeserializeFromMessage may trigger deserialization of out-of-bounds data.
f016c2cc33607e475f4fb0feaf3b97c31f557eea1cb21d5c1b76fc4fa4ad9003Ubuntu Security Notice 5357-1 - It was discovered that the IPsec implementation in the Linux kernel did not properly allocate enough memory when performing ESP transformations, leading to a heap-based buffer overflow. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
d5cfae3dd3a1ace57560baad4ec8506d71d870b74dea62b48667b6febe4c77dbUbuntu Security Notice 5355-2 - USN-5355-1 fixed a vulnerability in zlib. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Danilo Ramos discovered that zlib incorrectly handled memory when performing certain deflating operations. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code.
bd7bd9de57a4bed18909c272ff1654178c42449228d7c6020d29b7ecf83a4081EG Free AntiVirus version 2020 suffers from an unquoted service path vulnerability that can lead to privilege escalation.
f5afeadbe9a6dd42729251f44605027c495f8ca53f5077f1ef0566b30d207ffdSpoofer version 1.4.6 suffers from an unquoted service path vulnerability that can lead to privilege escalation.
6e36f8ead3bb9754bebd29f1138b16de9f85c211a2321e246d8956e9be5fe982Ubuntu Security Notice 5355-1 - Danilo Ramos discovered that zlib incorrectly handled memory when performing certain deflating operations. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code.
23634ab2e48f0bdf4e10ce11f4dbd2b9a409a2e06ec401c9576d2434ceac9f05Ubuntu Security Notice 5354-1 - It was discovered that Twisted incorrectly filtered HTTP headers when clients are being redirected to another origin. A remote attacker could use this issue to obtain sensitive information. It was discovered that Twisted incorrectly processed SSH handshake data on connection establishments. A remote attacker could use this issue to cause Twisted to crash, resulting in a denial of service.
28a1644f437a131ccaec80f877806282a493d263fdc6b3e0fd3064a659d80b35Medical Hub Directory Site version 1.0 suffers from a remote blind SQL injection vulnerability. This research was submitted on the same day Packet Storm received similar findings from Saud Alenazi.
485f05f134b2d3819d19208535bf09e2d66a1a262580141bc9a9964b00e68204Message System version 1.0 suffers from a remote SQL injection vulnerability that can lead to remote code execution.
f726216137cb25cc61ebd0212e3d991811ebe3e9be1b4d7c85db6f64b5cdf1beMessage System version 1.0 suffers from a persistent cross site scripting vulnerability.
4f43e6605407609b1bcdd1c5a3be22479cef1d68b174b04b20a647976713db71
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed