It has been discovered that the upstream source tarballs for xz-utils, the XZ-format compression utilities, are compromised and inject malicious code, at build time, into the resulting liblzma5 library. Included in this archive are not only the advisory but additional data and a testing script to see if you're affected.
24e782ee2711640bef44e50dae3e4bd40c2ec8ddbbf87dbc1461e7d4aa22e1dbThis Metasploit module exploits a buffer overflow at the administration interface (8080 or 4117) of WatchGuard Firebox and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary called wgagent using pre-authentication endpoint /agent/login. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Successful exploitation results in remote code execution as user nobody.
1f32659ebb0c531de30e029fb76fabee6201b5794d59ccb2568e849b2451ba91Debian Linux Security Advisory 5649-1 - Andres Freund discovered that the upstream source tarballs for xz-utils, the XZ-format compression utilities, are compromised and inject malicious code, at build time, into the resulting liblzma5 library.
a36f16841d48439de0dca87969734d17803a93009098f4ca6fe3dd1c574bdc99Debian Linux Security Advisory 5648-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
d045fe2df3a7b0da1744ec322c6841faa9dc1ec5194d51870e6e7ca36abd50d6Soholaunch version 4.9.4 r44 suffers from a remote shell upload vulnerability.
38cf97e11373ce1137705690e0184e70046c7384264c09e97f32c832e3026b02Ubuntu Security Notice 6707-4 - Lonial Con discovered that the netfilter subsystem in the Linux kernel did not properly handle element deactivation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Notselwyn discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
1e54ff144f57b2bd5a30a36e13436904969117b6a92329a52019596e2864df7aUbuntu Security Notice 6704-4 - It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service. Quentin Minster discovered that the KSMBD implementation in the Linux kernel did not properly handle session setup requests. A remote attacker could possibly use this to cause a denial of service.
4c20532debf7fe54f300253a8836c32c86a73b576ba2f48d948c642e26473036The FoF Pretty Mail extension version 1.1.2 for Flarum suffers from a local file inclusion vulnerability.
1dbbfbdf1a7bf4060fdff75fb8aff1ab0bc5375217ca00dc2d7c0cf611ab7316The FoF Pretty Mail extension version 1.1.2 for Flarum suffers from a server-side template injection vulnerability.
256571d01cca1bc252f84933681faf1ff9f922f6835db1ae3b7bc099a7571ea6The FoF Pretty Mail extension version 1.1.2 for Flarum suffers from a command injection vulnerability.
7685501581e9f699e06c56b0eddcfccbd5e014e303d78ffd724d6a188077faa5Intel PowerGadget version 3.6 suffers from a local privilege escalation vulnerability.
7c432edb9faa64203476b212e783bee97c24deb2ea70d71ff8bea318abd872feRed Hat Security Advisory 2024-1570-03 - Updated images are now available for Red Hat Advanced Cluster Security. Issues addressed include a denial of service vulnerability.
fc473960b45c7dead718a19c5497a2d2cefaf2ace8dddbdd11c7ab3b3f104830
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed