Ubuntu Security Notice 6578-1 - Vishal Mishra and Anita Gaud discovered that .NET did not properly validate X.509 certificates with malformed signatures. An attacker could possibly use this issue to bypass an application's typical authentication logic. Morgan Brown discovered that .NET did not properly handle requests from unauthenticated clients. An attacker could possibly use this issue to cause a denial of service.
1a5ffa31cec024f4e71d57b72c2f478574b69113780d92f067efda5d9346b0e0Debian Linux Security Advisory 5598-1 - A security issue was discovered in Chromium, which could result in the execution of arbitrary code, denial of service, or information disclosure.
fc63d222e51570fb223395a2aa8d1fb25f8cd15178ff88be15918e0297228dc0Ubuntu Security Notice 6560-2 - USN-6560-1 fixed several vulnerabilities in OpenSSH. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Fabian Bäumer, Marcus Brinkmann, Joerg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being downgraded. This issue is known as the Terrapin attack. This update adds protocol extensions to mitigate this issue.
279f23efe6b36684994928a454f01081c5330f4103d3e9a111b6c5ff07c9a1f6Ubuntu Security Notice 6579-1 - It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing external DTDs, which could trigger a use-after-free error. If a user or automated system were tricked into processing a specially crafted XML document, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
2c7f1904a8605b02abe1cc4cb1f85e2e9495b578c47b07e5a54f32d06a2a6fcfWordPress POST SMTP Mailer plugin versions 2.8.7 and below suffer from authorization bypass and cross site scripting vulnerabilities.
1bdd84a69d04f6ca05b840e49215c74a3095a9b4cd20f08c7cd6c500f98bc02fUbuntu Security Notice 6574-1 - Takeshi Kaneko discovered that Go did not properly handle comments and special tags in the script context of html/template module. An attacker could possibly use this issue to inject Javascript code and perform a cross site scripting attack. This issue only affected Go 1.20 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.04. It was discovered that Go did not properly validate the "//go:cgo_" directives during compilation. An attacker could possibly use this issue to inject arbitrary code during compile time.
b8c2a5761a1b9b637336f2af66c0577c0e91e5d6928b1d69d773c8f5060e8589Ubuntu Security Notice 6562-2 - USN-6562-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. DoHyun Lee discovered that Firefox did not properly manage memory when used on systems with the Mesa VM driver. An attacker could potentially exploit this issue to execute arbitrary code. George Pantela and Hubert Kario discovered that Firefox using multiple NSS NIST curves which were susceptible to a side-channel attack known as "Minerva". An attacker could potentially exploit this issue to obtain sensitive information. Andrew Osmond discovered that Firefox did not properly validate the textures produced by remote decoders. An attacker could potentially exploit this issue to escape the sandbox.
b0f78c407c1b7675cfb31191c04f588fe6093e29a445623eb97e433bacb31e61Ubuntu Security Notice 6577-1 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that a race condition existed in the Linux kernel when performing operations with kernel objects, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or execute arbitrary code.
f5c75748cbd05864595b53a3d62429463f197d9429e3dc98c4eef18615631d48Ubuntu Security Notice 6575-1 - It was discovered that Twisted incorrectly escaped host headers in certain 404 responses. A remote attacker could possibly use this issue to perform HTML and script injection attacks. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that Twisted incorrectly handled response order when processing multiple HTTP requests. A remote attacker could possibly use this issue to delay responses and manipulate the responses of second requests.
ed3e7c5783d3f0cb002940795e80215d7f03c457363997ab4d6217f8021d22d0SimpleWebServer version 2.2-rc2 remote denial of service exploit.
f28d2fac5ba23248c7daf412b3466478c3b79c9d6a68bdebdc204f08f7f5b755PHPJabbers Event Ticketing System version 1.0 suffers from a missing rate limiting vulnerability.
4a6a8a2bb5c05efbc11ad1d41c847ca080200973fefae103ae2349b0fa2e4aaaPHPJabbers Meeting Room Booking System version 1.0 suffers from a CSV injection vulnerability.
56f185b937b316878476083d1cb2130c91c994c67ad4c681560e1a113757915bPHPJabbers Meeting Room Booking System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
e6821affd91c6976ec243ea146e7afbb0ed24afc9759a1132aa2d0f6d32f79c1PHPJabbers Event Ticketing System version 1.0 suffers from cross site scripting and html injection vulnerabilities.
2caf4aa999009c25ac7c26798df4e4a0ac8a097c8ef866861469f934e7b3bfcaUbuntu Security Notice 6576-1 - Lonial Con discovered that the netfilter subsystem in the Linux kernel did not properly handle an expired catchall element in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
b0ba67caed49782e02acb79bc82218723de010303bc990330e8f7b8c0eddeaafUbuntu Security Notice 6549-5 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information.
7f3d37463aea9418aa3b6ed179287539adb8654a4eb628b52ca84b3bcc0b8b01Ubuntu Security Notice 6548-5 - It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service.
204de9cbd7ff5168f434bb4b9cdf4bb3f661850230f6e8189a021bda661538c8PHPJabbers Cinema Booking System version 1.0 suffers from a missing rate limiting vulnerability.
0e9a8392414859c263da5455715b136476e5d9dfa821e24aa22cabb38d54a54aPHPJabbers Cinema Booking System version 1.0 suffers from a CSV injection vulnerability.
14a6d24c101a22f1c0d7244c66f7b75fdd605e2e723016e983aa91ff8f4b8c2ePHPJabbers Meeting Room Booking System version 1.0 suffers from a missing rate limiting vulnerability.
2bb4e829d1153014ad902eedd4e84ffd1c4f36ed68b0e4d4f52e2bb2a7835bf5PHPJabbers Cleaning Business Software version 1.0 suffers from a CSV injection vulnerability.
fa8e25420d535f17cc1424b804b5e0097c947ebbbb9c26ec4b178c3e61d4fa5aPHPJabbers Cinema Booking System version 1.0 suffers from reflective and persistent cross site scripting vulnerabilities.
65d36ac9160ab1c240f6675581e697453542fa0e4bd126a1f51e746ce51641f2PHPJabbers Cleaning Business Software version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
e47debdf9fc3c3d01a9a065adc30bc2b0166bcf23690c6d3ac8b4dd15242abfaPHPJabbers Cleaning Business Software version 1.0 suffers from multiple missing rate limiting vulnerabilities.
381abe9a5a62fc40721ed1c1d5e23bc493b0edb0ae470d82c9f5996553920898PHPJabbers Shared Asset Booking System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
55b8208f2ccd19891ff073a3c0c73038d621c5100ca8bca74d3b845c3b903e9a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed