It has been discovered that the upstream source tarballs for xz-utils, the XZ-format compression utilities, are compromised and inject malicious code, at build time, into the resulting liblzma5 library. Included in this archive are not only the advisory but additional data and a testing script to see if you're affected.
24e782ee2711640bef44e50dae3e4bd40c2ec8ddbbf87dbc1461e7d4aa22e1db
This Metasploit module exploits a buffer overflow at the administration interface (8080 or 4117) of WatchGuard Firebox and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary called wgagent using pre-authentication endpoint /agent/login. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Successful exploitation results in remote code execution as user nobody.
1f32659ebb0c531de30e029fb76fabee6201b5794d59ccb2568e849b2451ba91
Debian Linux Security Advisory 5649-1 - Andres Freund discovered that the upstream source tarballs for xz-utils, the XZ-format compression utilities, are compromised and inject malicious code, at build time, into the resulting liblzma5 library.
a36f16841d48439de0dca87969734d17803a93009098f4ca6fe3dd1c574bdc99
Debian Linux Security Advisory 5648-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
d045fe2df3a7b0da1744ec322c6841faa9dc1ec5194d51870e6e7ca36abd50d6
Soholaunch version 4.9.4 r44 suffers from a remote shell upload vulnerability.
38cf97e11373ce1137705690e0184e70046c7384264c09e97f32c832e3026b02
Ubuntu Security Notice 6707-4 - Lonial Con discovered that the netfilter subsystem in the Linux kernel did not properly handle element deactivation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Notselwyn discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
1e54ff144f57b2bd5a30a36e13436904969117b6a92329a52019596e2864df7a
Ubuntu Security Notice 6704-4 - It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service. Quentin Minster discovered that the KSMBD implementation in the Linux kernel did not properly handle session setup requests. A remote attacker could possibly use this to cause a denial of service.
4c20532debf7fe54f300253a8836c32c86a73b576ba2f48d948c642e26473036
The FoF Pretty Mail extension version 1.1.2 for Flarum suffers from a local file inclusion vulnerability.
1dbbfbdf1a7bf4060fdff75fb8aff1ab0bc5375217ca00dc2d7c0cf611ab7316
The FoF Pretty Mail extension version 1.1.2 for Flarum suffers from a server-side template injection vulnerability.
256571d01cca1bc252f84933681faf1ff9f922f6835db1ae3b7bc099a7571ea6
The FoF Pretty Mail extension version 1.1.2 for Flarum suffers from a command injection vulnerability.
7685501581e9f699e06c56b0eddcfccbd5e014e303d78ffd724d6a188077faa5
Intel PowerGadget version 3.6 suffers from a local privilege escalation vulnerability.
7c432edb9faa64203476b212e783bee97c24deb2ea70d71ff8bea318abd872fe
Red Hat Security Advisory 2024-1570-03 - Updated images are now available for Red Hat Advanced Cluster Security. Issues addressed include a denial of service vulnerability.
fc473960b45c7dead718a19c5497a2d2cefaf2ace8dddbdd11c7ab3b3f104830
Ubuntu Security Notice 6715-1 - It was discovered that unixODBC incorrectly handled certain bytes. An attacker could use this issue to execute arbitrary code or cause a crash.
90500728052033e5941baa0debec66d17de2cf01ce56e1158e2523b231aff382
Ubuntu Security Notice 6719-1 - Skyler Ferrante discovered that the util-linux wall command did not filter escape sequences from command line arguments. A local attacker could possibly use this issue to obtain sensitive information.
ca6568bf9c3d47e1fa51be307d45564e306e622e9860f212c34d8a91f5a5e9de
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
46bd0f4474337144b30816fb2d8f14e72a26d0391f24fe0b7b619acdcdad8c0c
Event Management version 1.0 suffers from a remote SQL injection vulnerability.
5135d01cd318616d2a8b1711363d2378d7b2686ffcd1083f2936d0248e4164fd
The util-linux wall command does not filter escape sequences from command line arguments. The vulnerable code was introduced in commit cdd3cc7fa4 (2013). Every version since has been vulnerable. This allows unprivileged users to put arbitrary text on other users terminals, if mesg is set to y and wall is setgid. CentOS is not vulnerable since wall is not setgid. On Ubuntu 22.04 and Debian Bookworm, wall is both setgid and mesg is set to y by default.
c3644f61b4f68f9fafd4782ffb69bd4b73d2b6ff8ac981711c3329c0a8408077
The 13th International Workshop on Cyber Crime, or IWCC, 2024 call for papers has been announced. It will take place July 30th through August 2nd, 2024 in Vienna, Austria.
1733e3ae10dcafe0a95572942e32ff6c6d0ff3ba67769c57dd88c93c006e53e6
The server in Circontrol Raption versions through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The pwrstudio web application of EV Charger (in the server in Circontrol Raption through 5.6.2) is vulnerable to OS command injection.
2a13323836730c890a63f333a24fcfb62637513c16193386327b7be986133bb0
Apple Security Advisory 03-25-2024-1 - Safari 17.4.1 addresses code execution and out of bounds write vulnerabilities.
f471ba7362f0f2b90319b73a7dc453ffcc58fe3527cb6cd08febf40e4748b5be
Red Hat Security Advisory 2024-1557-03 - An update is now available for Red Hat OpenShift Builds 1.0. Issues addressed include denial of service and traversal vulnerabilities.
d29131168c6739c5f0e4cc9ca1fc6e36a8598723c0d447439443d07a778f5f03
Red Hat Security Advisory 2024-1555-03 - An update for.NET 6.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.
d54151bacb05204bba9e5815332d0b2dc57e10762149b6a53a140110b66a0156
Red Hat Security Advisory 2024-1554-03 - An update for.NET 6.0 is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.
83824ae558a589ad40270cf3400f18a45b628d62f041edcab023885a5dd3d023
Dell Security Management Server versions prior to 11.9.0 suffer from a local privilege escalation vulnerability.
265530e02c210729e3640de0f5f23192ea5b21cae936f5ed87be61a93898f695
Red Hat Security Advisory 2024-1553-03 - An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.
30063cb073472365838f87d661f1130cf3a33293c62da11e429b2ab2ba96dba0