Debian Linux Security Advisory 4783-1 - Fabian Vogt discovered a flaw in sddm, a modern display manager for X11. A local attacker can take advantage of a race condition when creating the Xauthority file to escalate privileges.
dae94fe733cb181789d3d0eb0c0c969c208250934490d6cb40341be35ed4ac65Debian Linux Security Advisory 4784-1 - Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to run insecure deserialization, embed spam, perform various Cross-Site Scripting (XSS) or Cross-Site Request Forgery (CSRF) attacks, escalate privileges, run arbitrary code, and delete arbitrary files.
4165858d7c746130e9c88d3c07ccdc273b6fcf2fe7fe4cde601f8d423e1c8b2eDebian Linux Security Advisory 4785-1 - It was discovered that raptor2, an RDF parser library, is prone to heap-based buffer overflow flaws, which could result in denial of service, or potentially the execution of arbitrary code, if a specially crafted file is processed.
26a8b918f3c828a200f98ba726790ff349ec3534dabcf98f304f90d88fc92ac8Debian Linux Security Advisory 4786-1 - It was discovered that a boundary check in libexif, a library to parse EXIF files, could be optimised away by the compiler, resulting in a potential buffer overflow.
4746926a84776a97bc99df4ffa0bb2f0445a5ae0670bb2a26dd98c54a37bddbdDebian Linux Security Advisory 4787-1 - Two vulnerabilities were discovered in moin, a Python clone of WikiWiki.
9efaf0a37eacf7946eee98a31d4a0154cf38440f20166b7c7bdeb81320833545Debian Linux Security Advisory 4788-1 - A use-after-free was found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
bc4176d8c29f8cedbb473570305da436881f2c797041aa1bb26436ce9bb82fa6Debian Linux Security Advisory 4789-1 - It was discovered that codemirror, a browser-based text editor implemented in JavaScript, was vulnerable to regular expression denial-of-service.
4c3e8a2631768c7f7ad2596d88e8f3bcbc03a017ceaadd527438f6af21da142fDebian Linux Security Advisory 4790-1 - A use-after-free was found in Thunderbird, which could potentially result in the execution of arbitrary code.
a24bba99e6f62b1a8545628a896b8371c3593d1819b5504e8b11b4bd9b56bc47Debian Linux Security Advisory 4791-1 - Ken Gaillot discovered a vulnerability in the Pacemaker cluster group, the ACL restrictions could be bypassed via unrestricted IPC communication, resulting in cluster-wide arbitrary code execution with root privileges.
ea258fb8e2dd23dc2bd8cbfc14d1af322b234d32a12d5b7453873e66f8770b6bDebian Linux Security Advisory 4792-1 - Two vulnerabilities in the certificate list syntax verification and in the handling of CSN normalization were discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unauthenticated remote attacker can take advantage of these flaws to cause a denial of service (slapd daemon crash) via specially crafted packets.
608859abc6939eba759e6ac68d503d152466f70de25040483e7e63834641f8a6Debian Linux Security Advisory 4793-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure, phishing, cross-site scripting or a DNS rebinding attack.
7a7bef45311620bafb2f5c889b4c7cfed77fb009b5027cf57f1768378ba7c955Debian Linux Security Advisory 4794-1 - A heap-based buffer overflow flaw was discovered in MuPDF, a lightweight PDF viewer, which may result in denial of service or the execution of arbitrary code if malformed documents are opened.
2d238f41013ff33b23d9f9cfd2dd8bf4c295258e88abc0ccdd0053bf84820b31Debian Linux Security Advisory 4795-1 - Demi Obeneour discovered that unbounded recursion in the ASN1 parser of libkrb5 could result in denial of service.
a8750dc66434076b67cffbc9c200856ec34772ee6a38f6636c761503f96805a0Debian Linux Security Advisory 4796-1 - Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.
5850e3a36ebaa0db9e00ff05e35bb5e379b48d097c2815bad96f14506467cb2cDebian Linux Security Advisory 4797-1 - Vulnerabilities have been discovered in the webkit2gtk web engine.
93fd37c701da2126e2aa679ea16d6c5e79d5f32de9b7c7497b5f1edc25c2df16Debian Linux Security Advisory 4798-1 - It was discovered that SPIP, a website engine for publishing, did not correctly validate its input. This would allow authenticated users to execute arbitrary code.
825a3413ca53bbeaa502503af037ea444dd328eb3f2f41c45bb519d2b523905bDebian Linux Security Advisory 4799-1 - Guenal Davalan reported a flaw in x11vnc, a VNC server to allow remote access to an existing X session. x11vnc creates shared memory segments with 0777 mode. A local attacker can take advantage of this flaw for information disclosure, denial of service or interfering with the VNC session of another user on the host.
6e35fbf88956a94bb03529ff9baef63632a0fad61fde4b835d48e9777fb9a807Debian Linux Security Advisory 4800-1 - Two vulnerabilities were discovered in libproxy, an automatic proxy configuration management library, which could result in denial of service, or possibly, execution of arbitrary code.
2069f57f0853f074e22b8929a0ef30347c5a359b8e1f3f5de728a589696ac7a2This Metasploit module uses the NiFi API to create an ExecuteProcess processor that will execute OS commands. The API must be unsecured (or credentials provided) and the ExecuteProcess processor must be available. An ExecuteProcessor processor is created then is configured with the payload and started. The processor is then stopped and deleted.
b437b66f2c8618f8c04df9a7df92d09d11a6da720c7f0e0b83b4d0ced50bc1b8nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.
b29dd2210d1fa0d5110aba618de0c58f5b04b5237a8c34c165f031ae81d980eeUbuntu Security Notice 4646-2 - USN-4646-1 fixed vulnerabilities in poppler. The fix for CVE-2019-10871 introduced a regression causing certain applications linked against poppler to fail. This update backs out the fix pending further investigation. It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service. Various other issues were also addressed.
9431298902d09c73f0540e5bc84aa3b66ae7db15eebf0512eb5803b2aee5d378Ubuntu Security Notice 4649-1 - Jens Mueller discovered that xdg-utils incorrectly handled certain URI. An attacker could possibly use this issue to expose sensitive information.
b91273898d91df8743509775544405d15654918f86c428cb861971e6926cf9daWhitepaper called Weaponize GhostWriting Injection. This is part 5 of a 5 part series of papers.
3d099a69228585c470a148ebe081be2da6d34c0d0dfd0ebd47cfdcc1cef8b097Whitepaper called Disable Dynamic Code Mitigation (ACG). This is part 4 of a 5 part series of papers.
d6f9a7c37019c5bda76e8bcb2576b76d7396ed3886e915eba4a11c4457397857Whitepaper called Exploit WNF Callback. This is part 3 of a 5 part series of papers.
9664b39e787231b3245fe5981dad6081e60b1c547f615b949c49188c2fdc68ac
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed