Services that are running and bound to the loopback interface on the Artica Proxy version 4.50 are accessible through the proxy service. In particular, the tailon service is running as the root user, is bound to the loopback interface, and is listening on TCP port 7050. Using the tailon service, the contents of any file on the Artica Proxy can be viewed.
0693c2ce363baaef7b371443418fb29623edc052f8d82f02eea207672f271e4bThe Rich Filemanager feature of Artica Proxy versions 4.40 and 4.50 provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user. This provides an unauthenticated attacker complete access to the file system.
4e458aef9f797d0714e86e3cbbbe7fdd8225fa1b68b23cd60a66a992d28a4eb5The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user. Version 4.50 is affected.
8e2ee354af5fde39323dcb9b78bd8d0b892172400746b1b66015b3a87cbd8630Artica Proxy versions 4.40 and 4.50 suffer from a local file inclusion protection bypass vulnerability that allows for path traversal.
ee5d3d2cce629647f1cc48769c74910aca7883ad99b79b7b1c766a0e28a65ddfUbuntu Security Notice 6679-1 - It was discovered that FRR incorrectly handled certain malformed OSPF LSA packets. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service.
3efcd48e104a143fe730fd8974e6c97f3e55c468d9f86582780097369d74b591Ubuntu Security Notice 6676-1 - Vojtěch Vobr discovered that c-ares incorrectly handled user input from local configuration files. An attacker could possibly use this issue to cause a denial of service via application crash.
dbe62c177736e67d0f34559bcd12eaefa58499419a3ef18ef50db23f6bb5ade7Ubuntu Security Notice 6649-2 - USN-6649-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Alfred Peters discovered that Firefox did not properly manage memory when storing and re-accessing data on a networking channel. An attacker could potentially exploit this issue to cause a denial of service. Johan Carlsson discovered that Firefox incorrectly handled Set-Cookie response headers in multipart HTTP responses. An attacker could potentially exploit this issue to inject arbitrary cookie values. Gary Kwong discovered that Firefox incorrectly generated codes on 32-bit ARM devices, which could lead to unexpected numeric conversions or undefined behaviour. An attacker could possibly use this issue to cause a denial of service. Ronald Crane discovered that Firefox did not properly manage memory when accessing the built-in profiler. An attacker could potentially exploit this issue to cause a denial of service.
57493f4eb5405080e87d75b58868c8d0c8ea4844948fc6ac9afc75823a5e7a6fUbuntu Security Notice 6678-1 - It was discovered that libgit2 mishandled equivalent filenames on NTFS partitions. If a user or automated system were tricked into cloning a specially crafted repository, an attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that libgit2 did not perform certificate checking by default. An attacker could possibly use this issue to perform a machine-in-the-middle attack. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
7b3086cc98d56d838c607776e3a17b3c2150866662ba214c0dc65ab02e4712cbUbuntu Security Notice 6677-1 - It was discovered that libde265 could be made to dereference invalid memory. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that libde265 could be made to write out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
e5b123a14132e2de2966b2dd309e46adfd9dcc9597f183fc3ef618a6d4a7dcb7Red Hat Security Advisory 2024-1188-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include code execution, denial of service, memory leak, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
f149b4e2e5b84c510b0c155de2d3290d8c9826d0679ef81dccc32677afb3f3aaRed Hat Security Advisory 2024-1184-03 - An update for squid is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.
ad1ee345710e0e3ea9c4caee996df8040b5dd4f88e74182f747cdd04e46715b1Red Hat Security Advisory 2024-1155-03 - An update for fence-agents is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
23d1bea8da267bfe3bc89ca123382f1c39ae2bd0ea7f14b35386ce99ff37e47bRed Hat Security Advisory 2024-1154-03 - An update for libfastjson is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include integer overflow and out of bounds write vulnerabilities.
2413847e67634013cdba3c241f650cac94e1132673a065c1f3d0d3f5b6285e17Red Hat Security Advisory 2024-1153-03 - An update for squid is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include buffer over-read, denial of service, and null pointer vulnerabilities.
8a9dab6dcb9dac238e73892aee925d081d09109fcb76fb12ee375e9f2f2b5374Red Hat Security Advisory 2024-1152-03 - An update for frr is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include an out of bounds read vulnerability.
27c2d640abc5974df3aa82d9face327f2a25b5856e4db125d44263c9990b6088Red Hat Security Advisory 2024-1150-03 - An update for buildah is now available for Red Hat Enterprise Linux 9.
3b380d599f1e214465c02c27a990fbb02861e6c1f243873037b7a30d987161dbRed Hat Security Advisory 2024-1149-03 - An update for skopeo is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.
525387cfb707a737f6df33baa347a2ed18323b86081446653b13dc85bb5620caRed Hat Security Advisory 2024-1147-03 - An update for rear is now available for Red Hat Enterprise Linux 9.
a1cd84e4d8783e595fc61534742738d82ef55551522f48ac7ab3a25fd696fd00Red Hat Security Advisory 2024-1142-03 - An update for haproxy is now available for Red Hat Enterprise Linux 9.
434273256431b6b9e831c9835bcb2fba3864ee3f7558795df1229f26598ab968Red Hat Security Advisory 2024-1141-03 - An update for mysql is now available for Red Hat Enterprise Linux 9.
3b8aba46791df095cab2743a4eddaa36c75383d877b17f82c8b0fe40a9d30a8cRed Hat Security Advisory 2024-1139-03 - An update for keylime is now available for Red Hat Enterprise Linux 9.
fa35c06d9a9f91bb17064642bf3aa279c64078f6ebe03a1438ad2b0d3fda3091Red Hat Security Advisory 2024-1134-03 - An update for tomcat is now available for Red Hat Enterprise Linux 9. Issues addressed include a HTTP request smuggling vulnerability.
9a81153a104aad1e11caad5121684b4f2b581244c55931558e6c262084aa7073Red Hat Security Advisory 2024-1131-03 - An update for golang is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.
07317300f9ef35fff58ace3e538cfee5970f7fa9af1833f349ff98fe72f9bb02Red Hat Security Advisory 2024-1130-03 - An update for openssh is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.
81ece00c1a0fa3af166446b3fac05f48fad824008e773bbee6b4296a6a0afd61Red Hat Security Advisory 2024-1129-03 - An update for curl is now available for Red Hat Enterprise Linux 9. Issues addressed include an information leakage vulnerability.
f2c74eb6648115701a1cab86282a4e0339dc9ed69a0324caf51dd6902fa56d93
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed