Gentoo Linux Security Advisory 202402-28 - Multiple vulnerabilities have been discovered in Samba, the worst of which can lead to remote code execution. Versions greater than or equal to 4.18.9 are affected.
c1b77ea663583d7b2f9d45426761c56ddbb0b4ac671059fc79dbe605a5da5b12Debian Linux Security Advisory 5626-1 - It was discovered that malformed DNSSEC records within a DNS zone could result in denial of service against PDNS Recursor, a resolving name server.
49eaeb41d9120ce6fe9d1df8ab49ae3be8aab753012780b8c6b75059b99b0463Gentoo Linux Security Advisory 202402-27 - A vulnerability has been discovered in Glade which can lead to a denial of service. Versions greater than or equal to 3.38.2 are affected.
653f6856f17d7d35bb9fb4999d8dcf1015fc7781ecc66eadfa5cc20831dd7623This is a custom firmware written for the Proxmark3 device. It extends the currently available firmware. This release is nicknamed "DEFCON is Cancelled".
535ace3d2395d745aab82b77f7bf83ac08ab9ffb328c07ee2e4ddf340d09536aGentoo Linux Security Advisory 202402-26 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions greater than or equal to 115.7.0:esr are affected.
cc533856037ce3489c1c38f7382c14f40155a8adae6b4f28af227d8e9f39964aBack in 2022, the researcher released a proof of concept to bypass the Backdoor:JS/Relvelshe.A detection in Windows Defender but it no longer works as it was mitigated. However, adding a simple javascript try catch error statement and eval'ing the hex string, it executes as of the time of this post.
7ab1d57cbbb29f8168521971a747af06eab9ef184d9f61ee316413db3f71e0c9This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multiple commas can also be used to achieve the bypass. This issue was addressed. The fix was short lived as the researcher found yet another third trivial bypass. Previously, the researcher disclosed 3 bypasses using rundll32 javascript, but this example leverages the VBSCRIPT and ActiveX engines.
59fee3164e2fd340144dd80b39280328ebce07f8d7f86686261fc6d4a98c71ebGentoo Linux Security Advisory 202402-25 - Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. Versions greater than or equal to 115.7.0 are affected.
f6a33c383a67744f956589ebca1e53b97ec85a5c78492b16031da34f30606da1Gentoo Linux Security Advisory 202402-21 - Multiple vulnerabilities have been discovered in QtNetwork, the worst of which could lead to execution of arbitrary code. Versions greater than or equal to 6.6.1-r2 are affected.
c9b10b422bfa2fd5f272ddbc98f5162d947f596980bacc005f9eaac00543c155InstantCMS version 2.16.1 suffers from a persistent cross site scripting vulnerability that appears to require administrative access.
7923340c990b9cceb58ce85ba5207a9c3605de4fca54417c061ae374af5da4a9Gentoo Linux Security Advisory 202402-24 - Multiple vulnerabilities have been discovered in Seamonkey, the worst of which can lead to remote code execution. Versions greater than or equal to 2.53.10.2 are affected.
741d35d4bdb23d0b8fa49dc043b5dea8050951485082052e828d295f45be0db1Gentoo Linux Security Advisory 202402-23 - Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 121.0.6167.139 are affected.
f4454cfd0cbe05bc91dbf64927220dcb289f6b1c63b52526cc67f7720db5413eGentoo Linux Security Advisory 202402-22 - Multiple vulnerabilities have been discovered in intel-microcode, the worst of which can lead to privilege escalation. Versions greater than or equal to 20230214_p20230212 are affected.
90ac5f72428988f5743803eb4e6cc56e7eb12428e8c5282266fe0bc0bb97ad82SureMDM On-Premise versions prior to 6.31 suffer from CAPTCHA bypass and user enumeration vulnerabilities.
ee08755ff2c77c77422dc3e6137cfea65ccefc051f98543715278a5b354c366cGentoo Linux Security Advisory 202402-20 - A vulnerability has been discovered in Thunar which may lead to arbitrary code execution Versions greater than or equal to 4.17.3 are affected.
83355da959645c487a209c226eb25e43186cdf716cdaadcb62ea7d17fc40aa56Online Library Management System version 3 suffers from a password reset vulnerability due to a logic flaw of allowing the same email address to be set for multiple users.
96e568ac958cfa59e4d69f8e48e162fd23c330d0dfb5ffe9d4c9a3b792fb411cGentoo Linux Security Advisory 202402-19 - A vulnerability has been discovered in libcaca which can lead to arbitrary code execution. Versions greater than or equal to 0.99_beta19-r4 are affected.
0245e60107a0303350e4c76919c42747fe3e6976194d4f228f49c0d993a4e02fGentoo Linux Security Advisory 202402-18 - Multiple vulnerabilities have been discovered in Exim, the worst of which can lead to remote code execution. Versions greater than or equal to 4.97.1 are affected.
baabebed21673e40b564e5721f4a8c2ad8b2d62a34a694a4ab0c3fd9b9eddfdcGentoo Linux Security Advisory 202402-17 - Multiple vulnerabilities have been discovered in CUPS, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 2.4.7 are affected.
0468bc739c556dc5d72d0990bb0d5e50e913c2c05719800d5e77718a1d6861e0Employee Management System version 1.0 suffers from a remote SQL injection vulnerability. Original discovery of this finding is attributed to Ozlem Balci in January of 2024.
eac3ee07605d15d68a5d408fecb91498a9bfab9973368c0e16d4816f4539dc97Chrome has an issue where the chrome.pageCapture.saveAsMHTML() extension API can be used on blocked origins due to a racy access check.
c081d9b3a89b0a80ccfbb9fc08c3373284b83957b305d8759f551dfbed038c66Gentoo Linux Security Advisory 202402-16 - Multiple vulnerabilities have been discovered in Apache Log4j, the worst of which can lead to remote code execution. Versions less than or equal to 1.2.17 are affected.
79e0825715a2197c39850bba10de0d238187f4c93dcdf24c6b31b702cdb3131eGentoo Linux Security Advisory 202402-15 - A vulnerability has been discovered in e2fsprogs which can lead to arbitrary code execution. Versions greater than or equal to 1.46.6 are affected.
a2eafff769a48f4258c44d663d740cd5000c7ee83f88308b3caffea113cb1bebWonderCMS version 4.3.2 remote exploit that leverages cross site scripting to achieve remote code execution.
371582d2faf62d5876bcf7818755a049e5f6d427635c029647db990dfb673374User Registration and Login and User Management System version 3.1 suffers from a remote SQL injection vulnerability.
a778aabc9984b218ebd37f1e8af2db7ea6c66baaade706530c48a38013537c6f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed