Ubuntu Security Notice 7043-4 - USN-7043-1 fixed vulnerabilities in cups-filters. This update improves the fix for CVE-2024-47176 by removing support for the legacy CUPS printer discovery protocol entirely. Simone Margaritelli discovered that the cups-filters cups-browsed component could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute arbitrary code when a printer is used. This update disables support for the legacy CUPS printer discovery protocol. Simone Margaritelli discovered that cups-filters incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this issue to manipulate PPD files and execute arbitrary code when a printer is used.
d6735cd226521138a1caa83e35e3599310090e11b787a19fe17009e31c3e555aUbuntu Security Notice 7042-2 - USN-7042-1 fixed a vulnerability in cups-browsed. This update improves the fix by removing support for the legacy CUPS printer discovery protocol entirely. Simone Margaritelli discovered that cups-browsed could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute arbitrary code when a printer is used. This update disables support for the legacy CUPS printer discovery protocol.
c9d388e6e36edc217181c7dfaecdbff89ae45ef265bf94be3ca4b0635d69e57fABB Cylon Aspect version 3.08.01 suffers from an arbitrary file deletion vulnerability. Input passed to the file parameter in calendarFileDelete.php is not properly sanitized before being used to delete calendar files. This can be exploited by an unauthenticated attacker to delete files with the permissions of the web server using directory traversal sequences passed within the affected POST parameter.
af2f7d68963611fa4772fa49e8fd86c81c3df85b1983689743ab1d4ffc0561a5Ubuntu Security Notice 7043-3 - USN-7043-1 fixed a vulnerability in cups-filters. This update provides the corresponding update for Ubuntu 16.04 LTS Simone Margaritelli discovered that the cups-filters cups-browsed component could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute arbitrary code when a printer is used. This update disables support for the legacy CUPS printer discovery protocol.
8f1256b770d30fefb59acd2a2956a4df9f5307d5c3eaf0614673f777bd0fa0a0Ubuntu Security Notice 7041-3 - USN-7041-1 fixed a vulnerability in CUPS. This update provides the corresponding update for Ubuntu 16.04 LTS. Simone Margaritelli discovered that CUPS incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this issue to manipulate PPD files and execute arbitrary code when a printer is used.
ea597695f5313621b663d5d1cb8a50ef5d39c5e2a16b697081de6c02010e2d05ABB Cylon Aspect versions 3.08.00 and below suffer from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the SYSLOG HTTP POST parameter called by the syslogSwitch.php script.
bd108fa7ce900744b1676f5426423c1034cfcf86df1a6c72f006197b3c7c4616ABB Cylon Aspect versions 3.08.01 and below suffer from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the Footer HTTP POST parameter called by the caldavUtil.php script.
8a578a88dc628bdf9030f24dfeb5efed5a2916122d7b2c6617ee5215c5c7a0d4ABB Cylon Aspect versions 3.08.00 and below suffer from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the timeserver HTTP POST parameter called by the setTimeServer.php script.
7a951ff7fa25dce192577e79009a2ecc161d07c5d3e93a4698034aee54606ea7ABB Cylon Aspect versions 3.08.01 and below suffer from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the logFile GET parameter via the logYumLookup.php script is not properly verified before being used to download log files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.
30c77f451b21a376551521dd035b5e49e0e8791bc964c67769f0111ef659c202Ubuntu Security Notice 7056-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Masato Kinugawa discovered that Firefox did not properly validate javascript under the "resource://pdf.js" origin. An attacker could potentially exploit this issue to execute arbitrary javascript code and access cross-origin PDF content.
80c7f4192680b4c2101a2c6f637255686ae8913ec48a9a8254011849671e40e0Debian Linux Security Advisory 5786-1 - Integer overflows flaws were discovered in the Compound Document Binary File format parser of libgsf, the GNOME Project G Structured File Library, which could result in the execution of arbitrary code if a specially crafted file is processed.
98c0d59e2d6c56f5374ef98a8c7336b85fff3f90be2ec312d6bc3af96e794ba8ABB Cylon Aspect version 3.07.02 suffers from an authenticated arbitrary file disclosure vulnerability. Input passed through the file GET parameter through the downloadDb.php script is not properly verified before being used to download database files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.
bdeb7b96ce0490816b5aff85c7d91a69137f224971e0d812190f2924733b54d4Debian Linux Security Advisory 5783-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
d6e973db117eecd0774e6df97f98106f30600a1abd447da40462c767ea65fcb3Proof of concept code for a flaw in TeamViewer that enables an unprivileged user to load an arbitrary kernel driver into the system.
8e84c906525cb3028d5e2434a5ce1ee9c2d79ef078f6024e17e16888fa959853Ubuntu Security Notice 7054-1 - It was discovered that unzip did not properly handle unicode strings under certain circumstances. If a user were tricked into opening a specially crafted zip file, an attacker could possibly use this issue to cause unzip to crash, resulting in a denial of service, or possibly execute arbitrary code.
f929b28b770364cb20cced4b9f7c68ae7cbf43c718918fb91835f47e7343078fTransport Management System version 1.0 suffers from an arbitrary file upload vulnerability.
1cd66e393ca7966dfbaac0ad1a1b3a444b9752a015b512e8517095c91f4717e2Debian Linux Security Advisory 5781-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
1ef039858c6f77289a0121b0f10830b4ab7779904de169e39eb4e8d6420d6fe6Ubuntu Security Notice 7052-1 - It was discovered that GNOME Shell mishandled extensions that fail to reload, possibly leading to extensions staying enabled on the lock screen. An attacker could possibly use this issue to launch applications, view sensitive information, or execute arbitrary commands. It was discovered that the GNOME Shell incorrectly handled certain keyboard inputs. An attacker could possibly use this issue to invoke keyboard shortcuts, and potentially other actions while the workstation was locked.
d145ca7fe21493de973870eec17c6d14d6d8ba7536b1cb88569b36730ddfee8cUbuntu Security Notice 7043-2 - USN-7043-1 fixed a vulnerability in cups-filters. This update provides the corresponding update for Ubuntu 18.04 LTS. Simone Margaritelli discovered that the cups-filters cups-browsed component could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute arbitrary code when a printer is used. This update disables support for the legacy CUPS printer discovery protocol.
a09eaabe0ef1a2611294b49eb1f783c16957c290485e82b3cdd482bcfd685809Ubuntu Security Notice 6964-2 - USN-6964-1 fixed a vulnerability in ORC. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Noriko Totsuka discovered that ORC incorrectly handled certain specially crafted files. An attacker could possibly use this issue to execute arbitrary code.
2379cca9465cc096c3f11a0ee43e1be249d1c0ad024aecad3fd5165323bd6c1cUbuntu Security Notice 7041-2 - USN-7041-1 fixed a vulnerability in CUPS. This update provides the corresponding update for Ubuntu 18.04 LTS. Simone Margaritelli discovered that CUPS incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this issue to manipulate PPD files and execute arbitrary code when a printer is used.
00bb0d1161c328ea5fca70221a0d2f5a610de947f48d9998a0783ca4b84436f0An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective.
2328f6faa4b6ae3ca330a27bb8694e1604bd747c455740abb7e147c4bd02a379Simple Music Management System version 1.0 suffers from an arbitrary file upload vulnerability.
199208c90ef7b0a9bafb453966c1c18290282b16dd26a3535aa7d2869e44e262Printing Business Records Management System version 1.0 suffers from an arbitrary file upload vulnerability.
8751b24fbc8f067b192e862d9c15c970e7302c26f87c9d0cc2333260c476a884Online Eyewear Shop version 1.0 suffers from an arbitrary file upload vulnerability.
1f14cfc963330f0a01f9c4aced1f7de282ae44271edc1a4cd158e539df7c983e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed