Ubuntu Security Notice 6034-1 - It was discovered that Dnsmasq was sending large DNS messages over UDP, possibly causing transmission failures due to IP fragmentation. This update lowers the default maximum size of DNS messages to improve transmission reliability over UDP.
c4992069af8cbbce8803ac455250932b08babf1c097f9d0ca6ff6c63035da835Red Hat Security Advisory 2023-1888-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.3 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include denial of service and server-side request forgery vulnerabilities.
85bf3b91e2d99c1305171e27e674814c807c9b714eb4635e2b4a16597c700e46FUXA version 1.1.13-1186 suffers from an unauthenticated remote code execution vulnerability.
cbb0e89f28ebf1c78fd5850d727c4d515c8b23ab7bfbde50b88b1724076fde8bUbuntu Security Notice 6033-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for thisCVE, kernel support for the TCINDEX classifier has been removed. William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service.
5a30980fd0cd1ca4d29c020630f7aeac282e7c27dca316f9119d20f043479ba7WordPress PowerPress plugin versions 10.0 and below suffer from a persistent cross site scripting vulnerability.
7a161242837503ce4ceb255fa764b0a71fe52922df023f91fdc9de0b31e1b8a1Red Hat Security Advisory 2023-1899-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
51fc840e368ab7cc6efb3fa6881cc77590c05add2b6fc11f9d0ea0758d58cd11Chitor-CMS version 1.1.2 suffers from a remote SQL injection vulnerability.
c93afd2bb504aca28f00f2bc14a755d2ca6da27f477a579f3bcefc47748d4c43Ubuntu Security Notice 6032-1 - Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service. Gerald Lee discovered that the USB Gadget file system implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
08e97ef4623b43e166aa41785d752beb4eb1a28c2bfbe6ca623eb62bb0b636f5ProjeQtOr Project Management System version 10.3.2 suffers from a remote shell upload vulnerability.
11df5bbb884a4e261af2638f8b84e3b3864004d8c896f5c53daabe257a1e2d27Ubuntu Security Notice 6031-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Integrity Measurement Architecture implementation in the Linux kernel did not properly enforce policy in certain conditions. A privileged attacker could use this to bypass Kernel lockdown restrictions.
c49e938c59a6771a19744a8f7a0880c7e6c16e6feae1b07ba02a91e00363d912Piwigo version 13.6.0 suffers from a persistent cross site scripting vulnerability.
6d99fc5a4efc4a7693c6ee974883973affe0bbd8fd7c5de5933e83e56cc4d009Red Hat Security Advisory 2023-1893-01 - Red Hat Multicluster Engine Hotfix Security Update for Console. Red Hat Product Security has rated this update as having a security impact of Critical.
5a4b9ba13665b8f454d70a15f3981bf6b5d30070b62cdfc12799e26ac9c36173Franklin Fueling Systems TS-550 suffers from a password hash disclosure vulnerability.
5321c2e6d8a5ba0ee798a8ecbc4154af4303cab89fef43786dea99f1de8f6e68Red Hat Security Advisory 2023-1822-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
07b80dc6b1765b56b75fd3d553640522e17f3538ffa328a4f67f384864e65e91Ubuntu Security Notice 6028-1 - It was discovered that lixml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash.
6a9219280ebf42f90de0adb3002cf76e67028bdaf56fc73be1a03ea61e52c77aUbuntu Security Notice 6030-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service.
2945178b2c10e70e350ccc077d02e94eafd3a32e099949a0c9a5c79bcc51602dUbuntu Security Notice 6029-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the infrared transceiver USB driver did not properly handle USB control messages. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service.
f1b0f3adc16cd7f8b3fe2b2f0c71c8c141f48a93e4c9fdc3825271c325dd2624Swagger UI version 4.1.3 user interface misrepresentation of information proof of concept exploit.
74f00a654a2a4d31c2b12b82b8be249256b117d11759bd35353dda66a083ddc7Lilac-Reloaded for Nagios version 2.0.l8 remote code execution exploit.
6ffee98c00c5206f12408703ba6c7c3b76964dc70f90d0c5543feb3cd290ca06Serendipity version 2.4.0 suffers from a cross site scripting vulnerability.
f4c1bd2e59f59d1b035097995c6f354cb4a4695c5eb63b2e52d6404a15ad7288Red Hat Security Advisory 2023-1879-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
06d517c97370c59fdc96ca03d3f28b5640a7f91cc4903282bc6b22716ebe8c37Ubuntu Security Notice 6027-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Jiasheng Jiang discovered that the HSA Linux kernel driver for AMD Radeon GPU devices did not properly validate memory allocation in certain situations, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.
39f49abc79546dbf0c1c8b9ee0c0ae03dfb6d15515f347f1ec3c32d1c433e8d1Serendipity version 2.4.0 suffers from a remote shell upload vulnerability.
c7eb220591e15aa7f8416072c527c2edb70d1692e76bd61df36127eed0b03e9fOpenSSL Security Advisory 20230420 - The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash.
aafe0dcb9955f2ea6be0373a336c5f4cdd6794acce536fbb2b3c3d6df1f2a3bc
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed