Ubuntu Security Notice 6220-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that for some Intel processors the INVLPG instruction implementation did not properly flush global TLB entries when PCIDs are enabled. An attacker could use this to expose sensitive information or possibly cause undesired behaviors.
e3f6ae7b7feaf80a5f0392b1f566c22266ff2458d59396b185290a15a3e54bd9Red Hat Security Advisory 2023-4038-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.
b42f6272c8c7fddf2249cabdb0bf9b19272c6444286b291de14c13370dc28260Ubuntu Security Notice 6218-1 - A use-after-free was discovered in Firefox when handling workers. An attacker could potentially exploit this to cause a denial of service, or execute arbitrary code.
966445a8523204307dc01ff6e07c491cde8da7b283f20acf361db6406cedb1cbRed Hat Security Advisory 2023-4037-01 - An update for bind9.16 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
becb7066d10dfc31d0da91a6b7e02efb6981de67b80f8a84a18ed57190b7c992jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.
aec4d0bde2e1b17624594a8ea9564e017baab16a62c45a923b69e9410b5db405The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. This is the cross platform package.
ab6c398a6b60e85afd462af68f301ccef35f60a158cbbdd7e462030178c598b8The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hard-coded encryption key and missing file type validation on the ur_upload_profile_pic function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with subscriber-level capabilities or above to upload arbitrary files on the affected site's server which may make remote code execution possible. This was partially patched in version 3.0.2 and fully patched in version 3.0.2.1.
617e7a31e8613b2fc41dfb20282c61f763065187b026a8188f18e87a77f289a5Ubuntu Security Notice 6217-1 - McKee-Harris, Matt Cotterell, and Jack Moran discovered that .NET did not properly update account lockout maximum failed attempts. An attacker could possibly use this issue to bypass the security feature and attempt to guess more passwords for an account.
6848ace880c436072ff79fe03d2c13de4774d3feff0a23f6c2842338b627bf34Red Hat Security Advisory 2023-4032-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.
5c73f78766f92a8eb634aca8aadf9dac83904c1c56404db35eca47bdf87d2abfFrappe Framework (ERPNext) version 13.4.0 suffers from a remote code execution vulnerability.
5a97cac7d4a1e11432f6ce200fb4fffe43db0a0754d90d15a613fa8b05f89ba9Spring Cloud version 3.2.2 suffers from a remote command execution vulnerability.
d181f87e1828ab23231c1663a6b6c2406af8e9283ea467e7f313997dacb282edRed Hat Security Advisory 2023-4039-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.
79c745dae0e4a96887a92346201fafff379f8553e65ad01401ec7cb0436a84c6Red Hat Security Advisory 2023-4034-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.
4a5158a0332de2f9544f7ef4fb9f874620df54c370aaefcae4faec249535a8a1Red Hat Security Advisory 2023-4033-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.
769605a7ad35f0daf38e521bc2fa72daec355ff0f28a65f5298d1651be8c9b52Red Hat Security Advisory 2023-4036-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.
8d61165472772112c3e82bb47d7e6b7af07d15f2baa367f1ea11df1f38d219baRed Hat Security Advisory 2023-4035-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include buffer overflow and denial of service vulnerabilities.
b2a625f052f26d493dd20d4b4e6799bb0b54fd62b19e9cf1c70573ba4694f509Red Hat Security Advisory 2023-3976-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.24.
19f9a8422cfdc08ebdb690ed21c53a279d57c9e1b4c9561c047f6ae6aaa634efRed Hat Security Advisory 2023-4030-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.
50fe6b5b36dccdf0e45e4ac232a0ff31b4cf2d557f4bffd2d51c0a6904975387Banner RotatorCMS version 1.0 suffers from a database disclosure vulnerability.
b27246139e06d65cee5536bab5d85839356bd732a55ae71b5d58cba4d91b2cb3Avidi Media version 2.0 appears to leave default credentials installed after installation.
09cf3e05ccb374c53770542c230cad40b6ee8705d33539b62fa335bbea91d3f6AtTestimonials CMS version 1.2 suffers from a missing authentication vulnerability.
25d086a35855db7c7da8146896c3e57db3cb50c116ee28a000e75f38a1630bfdAtom CMS version 2.0 suffers from a directory traversal vulnerability.
2976ad9d9a890a4a7e519cdf0c2b48e9b33c256ea38b4aa392ab90ba39e47ee5Nedal CMS version 1.2 suffers from a remote SQL injection vulnerability.
b91d5afa134c3c2ad67707723e8fc7b15b3bf49936c128f5b56c596d7c7fa06cAsanhamayesh CMS version 3.4.6 suffers from a directory traversal vulnerability.
9ff09660c188f1add4a4ddaf6112383528cc77dedd30e4292cd0e25ad46b4370ARTISTRY LIMITED LMS version 0.5 appears to leave default credentials installed after installation.
bf3f3eeffc16bf117b38dd82826882f4821b1a20ceee272a0cf3f270eac98a81
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed