TX Text Control .NET Server For ASP.NET has an issue where it was possible to change the configured system path for reading and writing files in the underlying operating system with privileges of the user running a web application.

This Metasploit module lets you obtain remote code execution in Palo Alto Expedition versions 1.2.91 and below. The first vulnerability, CVE-2024-5910, allows to reset the password of the admin user, and the second vulnerability, CVE-2024-9464, is an authenticated OS command injection. In a default installation, commands will get executed in the context of www-data. When credentials are provided, this module will only exploit the second vulnerability. If no credentials are provided, the module will first try to reset the admin password and then perform the OS command injection.

Ubuntu Security Notice 7089-4 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Ubuntu Security Notice 7105-1 - It was discovered that the NrbfDecoder component in .NET did not properly handle an instance of a type confusion vulnerability. An authenticated attacker could possibly use this issue to gain the privileges of another user and execute arbitrary code. It was discovered that the NrbfDecoder component in .NET did not properly perform input validation. An unauthenticated remote attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice 7103-1 - It was discovered that Ghostscript incorrectly handled parsing certain PS files. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Ghostscript incorrectly handled parsing certain PDF files. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10.

Ubuntu Security Notice 7101-1 - It was discovered that Pydantic incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause a denial of service via a crafted email string.

Ubuntu Security Notice 7100-2 - Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Red Hat Security Advisory 2024-9525-03 - An update for libsoup is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2024-9524-03 - An update for libsoup is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2024-9502-03 - An update for expat is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-9501-03 - An update for libsoup is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2024-9500-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-9498-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-9497-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-9485-03 - Control plane Operators for RHOSO 18.0.3. Issues addressed include a memory exhaustion vulnerability.

Red Hat Security Advisory 2024-9481-03 - An update for python-django is now available for Red Hat OpenStack Platform 18.0.3 . Issues addressed include a traversal vulnerability.

Red Hat Security Advisory 2024-9474-03 - An update for krb5 is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-9473-03 - An update for grafana is now available for Red Hat Enterprise Linux 9. Issues addressed include a cross site scripting vulnerability.

Red Hat Security Advisory 2024-9472-03 - An update for grafana-pcp is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-9470-03 - An update for cups is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2024-9468-03 - An update for python3.9 is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-9459-03 - An update for buildah is now available for Red Hat Enterprise Linux 9. Issues addressed include denial of service and traversal vulnerabilities.

Red Hat Security Advisory 2024-9458-03 - An update for python3.11-urllib3 is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-9457-03 - An update for python3.12-urllib3 is now available for Red Hat Enterprise Linux 9. Issues addressed include a remote shell upload vulnerability.