This archive contains all of the 106 exploits added to Packet Storm in February, 2024.
fbeeba3e5095c48fa40ffef93379125b9600aa791763df12b1e8c38c10bdd59aUbuntu Security Notice 6671-1 - It was discovered that php-nyholm-psr7 incorrectly parsed HTTP headers. A remote attacker could possibly use this issue to perform an HTTP header injection attack.
27772bf11ba58e6506ed22ecdca799a5cc5144ec12da1e50691c8a33285fc90dUbuntu Security Notice 6670-1 - It was discovered that php-guzzlehttp-psr7 incorrectly parsed HTTP headers. A remote attacker could possibly use these issues to perform an HTTP header injection attack.
f678a48ca90812aa9d2b76350886677e9b4c1db467f139d16a69adc2ef646f7cUbuntu Security Notice 6653-3 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
60fb5270aaf03325ad43e2f4dacecf3881635fbb18b2fa28485adf10dae290b5Ubuntu Security Notice 6651-3 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
744d885dd931ced61a93f137d603c1ca54fdfb04c50ba2fc69d8df0cf9dbac5cUbuntu Security Notice 6647-2 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
f482b4121fdbb18a1aa10eff28af9de753dabde4e2a5df33e96dc30e687a2222This Metasploit module leverages CVE-2023-38836, an improper sanitization bug in BoidCMS versions 2.0.0 and below. BoidCMS allows the authenticated upload of a php file as media if the file has the GIF header, even if the file is a php file.
4be34ec34fdd2c459e03d46cbe61a319a411480ce0b82004ab5d83d8fcc669d1Membership Management System version 1.0 suffers from a remote SQL injection vulnerability.
cae19e19f238f73a43ac344cc32149c7e4a9422e1a737c3718fa73459378ca49Red Hat Security Advisory 2024-1062-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.
2d3e9b962b45d7039c40346e4154f96659320078f3e65ab7ff78de78a568f6fcRed Hat Security Advisory 2024-1061-03 - An update is now available for Red Hat Satellite 6.13 for RHEL 8. Issues addressed include memory leak and server-side request forgery vulnerabilities.
c8b9e1718625993d763cbaa7495162ff7178e00c2ccf931bc990d779e30a5f99Red Hat Security Advisory 2024-1060-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a code execution vulnerability.
760ee5b7d8e2659215b52748f1d60365ac4849df90830cfd3f71064349e878dfRed Hat Security Advisory 2024-1059-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a code execution vulnerability.
02992f7c48d13d7834456c07f3822b6de0850dc4c50dc9baeb00d0d3540d8730Red Hat Security Advisory 2024-1058-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a code execution vulnerability.
92af62c9e4ab8b602262f8dc118f075d3342c33ab951114c5cfa8a7d29694672Red Hat Security Advisory 2024-1057-03 - An update is now available for Red Hat Ansible Automation Platform 2.4. Issues addressed include crlf injection and denial of service vulnerabilities.
3407cf846a6c1bbe9048acf63b6c00a1080be57ae948a844e870c3afc969c4b7Red Hat Security Advisory 2024-1055-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a privilege escalation vulnerability.
7b084c6248a49ae63aefe3bf540b3d0f51fe3d7a0d23371400895db3389725f7Red Hat Security Advisory 2024-1041-03 - An update for go-toolset-1.19-golang is now available for Red Hat Developer Tools. Issues addressed include a denial of service vulnerability.
3f062a1f296b2aa25dfc772bbb31e79bd632d6f244e205eece83d7306b91fec0
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed