Debian Linux Security Advisory 5688-1 - It was discovered that missing input sanitising in the Atril document viewer could result in writing arbitrary files in the users home directory if a malformed epub document is opened.
ce64dbc7042d36045420d8024d1749d0ba1c9d8b43b3a218aec4ed4925c70038Debian Linux Security Advisory 5687-1 - A security issue was discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. Google is aware that an exploit for CVE-2024-4671 exists in the wild.
fefd1de1decbc1434a5c297ec454790b8b54743c888a645237a73641ccde75e5This Metasploit module abuses a feature of the sudo command on Progress Kemp LoadMaster. Certain binary files are allowed to automatically elevate with the sudo command. This is based off of the file name. Some files have this permission are not write-protected from the default bal user. As such, if the file is overwritten with an arbitrary file, it will still auto-elevate. This module overwrites the /bin/loadkeys file with another executable.
0ba86964552be2e15d8dfa5aee3dc906633226221f56038c5adfd5023d1cef02Gentoo Linux Security Advisory 202405-33 - Multiple vulnerabilities have been discovered in PoDoFo, the worst of which could lead to code execution. Versions greater than or equal to 0.10.1 are affected.
0f079a3a9ed1b14c17eed0010b2a3a9dab852edc5acc1505fb4bbe146a15d7c1Gentoo Linux Security Advisory 202405-32 - Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. Versions greater than or equal to 115.10.0 are affected.
3283b7e266237a6df6b8dc58a8f3b51eb90071121c21462cfd91730f52a3efb9Gentoo Linux Security Advisory 202405-31 - A vulnerability has been discovered in Kubelet, which can lead to privilege escalation. Versions greater than or equal to 1.28.5 are affected.
cb7809ea80edc32b1ba6a8545c37a92c5980f394bbdd184747356f927ef58e32Ubuntu Security Notice 6771-1 - It was discovered that SQL parse incorrectly handled certain nested lists. An attacker could possibly use this issue to cause a denial of service.
d4667d289a8e91d1ce3a98ab4961c911970232c5d3603980b0eb0eb6e4153694Panel.SmokeLoader malware suffers from cross site request forgery, and cross site scripting vulnerabilities.
ef278eac34255b166212b8c3d391b9134c5e614f5beadcfc77d5664154f0a7dePanel.SmokeLoader malware suffers from a cross site scripting vulnerability.
bcc5e47df8b2d6bd47ac6d8b30cb4be97dade1f97e3d46af383c50831ef76904Esteghlal F.C.'s site suffers from a cross site scripting vulnerability.
27a3e849215cdeb3acce420536732c6bb9d4b0fd92ff4c0bea2720714ce42eceRed Hat Security Advisory 2024-2822-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.
5b1278591beedae5fcae4e4762e94641b13117bc5eda0f8c60a271d4a510d203Red Hat Security Advisory 2024-2821-03 - An update for bind and dhcp is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
4f8df9f8e47e09d47ac5674f3aa068dfee1a6f8902e6fd33cfbc244643a3e3beRed Hat Security Advisory 2024-2820-03 - An update for varnish is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.
7c390b54da0eca65e2b0663efdcf83e2ef3a714b13ba783f9605f2507f6564b5Red Hat Security Advisory 2024-2817-03 - An update is now available for Red Hat OpenShift GitOps v1.10.5 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.
5fce456a49aae23326971a5dc5d1b6f6787c2fbe0337f175c0e28b439bce0a90Red Hat Security Advisory 2024-2816-03 - An update is now available for Red Hat OpenShift GitOps v1.12.2 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.
2fa82a942dce95cbb513c3cf36904fe9b5c32c8666f3c99124b2530f409d5f89Red Hat Security Advisory 2024-2815-03 - An update is now available for Red Hat OpenShift GitOps v1.11.4 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.
e257c2473fdc2c975650cc94f9b18c0bcf3f118ddcb9feb68d8d3ffb3342ec84In mmu_insert_pages_no_flush(), when a HUGE_HEAD page is mapped to a 2M aligned GPU address, this is done by creating an Address Translation Entry (ATE) at MIDGARD_MMU_LEVEL(2) (in other words, an ATE covering 2M of memory is created). This is wrong because it assumes that at least 2M of memory should be mapped. mmu_insert_pages_no_flush() can be called in cases where less than that should be mapped, for example when creating a short alias of a big native allocation. Later, when kbase_mmu_teardown_pgd_pages() tries to tear down this region, it will detect that unmapping a subsection of a 2M ATE is not possible and write a log message complaining about this, but then proceed as if everything was fine while leaving the ATE intact. This means the higher-level code will proceed to free the referenced physical memory while the ATE still points to it.
02b7002e9ef87f42111b8b994ec26a71eab28f5f71c23d3899c25a6cc7a85c92
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed