Proof of concept code for a critical Microsoft Outlook vulnerability for Windows that allows hackers to remotely steal hashed passwords by simply receiving an email.
82650f1794c39715f1ff003f78302ace745bb32d6a7b8594b0d5025474d9963bUbuntu Security Notice 5954-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory when invalidating JIT code while following an iterator. An attacker could potentially exploits this issue to cause a denial of service.
9a904798e7771b7468e2663f1514597410be79efd31e38ffa22747567f7a3706Red Hat Security Advisory 2023-1278-01 - An update for openstack-nova is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important.
84ce34082ecf15b501d3f5dd5b16dc64a671e600f50f733f68297abfc0d89c00Debian Linux Security Advisory 5374-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or spoofing.
ef900a452c188015da475ec656d55f96626688e7c22638f3904a9534481df7d1Ubuntu Security Notice 5958-1 - It was discovered that FFmpeg could be made to dereference a null pointer. An attacker could possibly use this to cause a denial of service via application crash. These issues only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that FFmpeg could be made to access an out-of-bounds frame by the Apple RPZA encoder. An attacker could possibly use this to cause a denial of service via application crash or access sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.10.
b710f29c60cd37296fe80fdbacdb69f11d2246bd09c99140cec31c3ea61c73c5Red Hat Security Advisory 2023-1277-01 - An update for openstack-swift is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important.
36644484a5a040c57b80a6074bb74fb811251c415a5cef71c761b1ad092101d5This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
e9baba7701a76a51f3d85a62c383a3c9dcd97fa900b859bc7db114c1868af8a8For various versions of Bitbucket, there is an authenticated command injection vulnerability that can be exploited by injecting environment variables into a user name. This module achieves remote code execution as the atlbitbucket user by injecting the GIT_EXTERNAL_DIFF environment variable, a null character as a delimiter, and arbitrary code into a user's user name. The value (payload) of the GIT_EXTERNAL_DIFF environment variable will be run once the Bitbucket application is coerced into generating a diff. This Metasploit module requires at least admin credentials, as admins and above only have the option to change their user name.
2e6c2f7e0c503ac745181fc0724f59c7184beaea61b5d14bb0460c6ed729952cUbuntu Security Notice 5957-1 - Cody Sixteen discovered that LibreCAD incorrectly handled memory when parsing DXF files. An attacker could use this issue to cause LibreCAD to crash, leading to a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. Lilith of Cisco Talos discovered that LibreCAD incorrectly handled memory when parsing DWG files. An attacker could use this issue to cause LibreCAD to crash, leading to a denial of service, or possibly execute arbitrary code.
35b7c93aae7d5f74307e9f519fbae61a8f696262b1f794b5aa9bd13b6f828db7Red Hat Security Advisory 2023-1275-01 - An update for etcd is now available for Red Hat OpenStack Platform. Issues addressed include a denial of service vulnerability.
d066674ef76779d85d203477eb3b6fa620ffdcbf7da90af5ab48dfdcfd299f79Ubuntu Security Notice 5956-1 - Dawid Golunski discovered that PHPMailer was not properly escaping user input data used as arguments to functions executed by the system shell. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. It was discovered that PHPMailer was not properly escaping characters in certain fields of the code_generator.php example code. An attacker could possibly use this issue to conduct cross-site scripting attacks. This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 18.04 ESM.
222714e4ee696b2603d69df38c77117f2e5b2027b932d6a069bca47f30bd053cUbuntu Security Notice 5956-2 - USN-5956-1 fixed vulnerabilities in PHPMailer. It was discovered that the fix for CVE-2017-11503 was incomplete. This update fixes the problem. Dawid Golunski discovered that PHPMailer was not properly escaping user input data used as arguments to functions executed by the system shell. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM.
80b3365b80c510d9ed0f8f67ed3b629ab7b2e844952fb217a7a549d591be9150Ubuntu Security Notice 5855-2 - USN-5855-1 fixed a vulnerability in ImageMagick. This update provides the corresponding update for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. It was discovered that ImageMagick incorrectly handled certain PNG images. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause ImageMagick to stop responding, resulting in a denial of service, or possibly obtain the contents of arbitrary files by including them into images.
58d142057396cfff41f3cfe91792056150a83a0fbb85ec3df97fe31bcfa39599Red Hat Security Advisory 2023-1281-01 - An update for python-werkzeug is now available for Red Hat OpenStack Platform. Issues addressed include a remote shell upload vulnerability.
987d8f013217b57d1857239f6881cfb726cc3c00c621957b53627dccfc7f4cd9Microsoft SQL Server 2014, 2016, 2017, 2019, and 2022 appears to ignore audit rules for sys.sysxlgns allowing an attacker with administrative permissions to extract password hashes under the radar. Microsoft told the researcher they are not willing to fix it but acknowledge it as a security problem.
220eab344c9585b4ceae5580fc752834a0002dfd5cc1a78c95445e4b2af32787Ubuntu Security Notice 5955-1 - It was discovered that Emacs did not properly manage certain files when using htmlfontify functionality. A local attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary commands.
3e5afaf10660a14b4806e0904ed1caa4be875fa6f629208eb6a34f05e9c17b4bRed Hat Security Advisory 2023-1280-01 - OpenStack Image Service provides discovery, registration, and delivery services for virtual disk images. The Image Service API server provides a standard REST interface for querying information about virtual disk images stored in a variety of back-end stores, including OpenStack Object Storage. Clients can register new virtual disk images with the Image Service, query for information on publicly available disk images, and use the Image Service's client library for streaming virtual disk images.
89e295e70434f59184fd0ddbd0e9497e8e195386dd84f491494e3d2d339783d6XNU NFSSVC suffers from root check bypass and use-after-free vulnerabilities due to insufficient locking in upcall worker threads.
dd5db6e40185f5ad1603a814730e94b92ca2cfb3086268f82937050b80986d44Red Hat Security Advisory 2023-1252-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.
7548f82ad1f400310a720ee4ef5fe58596bafca33572d7237bb20bbb6ceab239Red Hat Security Advisory 2023-1251-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.
847addabd4c70200f55c5357a7517feb7e01f2770c95653cbeaf703093cb2031Red Hat Security Advisory 2023-1279-01 - Cinder is the replacement of nova-volume in Folsom and beyond, used for block storage.
1db5fa931e1b684f03db27c5a19241aad360cc9acaf7c54b3d3d28af04b2cc4dRed Hat Security Advisory 2023-1276-01 - Collectd plugin for gathering resource usage statistics from containers created with the libpod library.
a16eb2a2847860a00ae42648bc936fd6cb73f65f58c813756e77b17e14c0ccd2
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed