Debian Linux Security Advisory 5379-1 - Kim Alvefur discovered that insufficient message sender validation in dino-im, a modern XMPP/Jabber client, may result in manipulation of entries in the personal bookmark store without user interaction via a specially crafted message. Additionally an attacker can take advantage of this flaw to change how group chats are displayed or force a user to join or leave an attacker-selected groupchat.
e7e91174b6b74ca65394c6ad4132a0a2f37244154e102da74fd77c04ecc1be22Ubuntu Security Notice 5978-1 - It was discovered that the network queuing discipline implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs.
71cd680be098e8fe6428fa0aea346ac7a027ec8f5c40c0e9df401cd20a6cbc28Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.
628e139e7f12c2e5cac243778c3fe428c878aaf690e64cf650e0be14915eee1eThe SolarWinds Information Service (SWIS) is vulnerable to remote code execution by way of a crafted message received through the AMQP message queue. A malicious user that can authenticate to the AMQP service can publish such a crafted message whose body is a serialized .NET object which can lead to OS command execution as NT AUTHORITY\SYSTEM.
fbc6c5c5be944eb52ce167a061f21875f137dc6101b3184bad8a0d10c9afd154Apple Security Advisory 2023-03-27-9 - Studio Display Firmware Update 16.4 addresses a code execution vulnerability.
657cab4136729775a3c8939a9b4f446a9226251ec4c278ca9dc08d87bc886934Red Hat Security Advisory 2023-1486-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, code execution, and denial of service vulnerabilities.
34681b3994f7696e63749c33f2b4943d1f3991726eb9aa72976cb927c1014ab6rukovoditel version 3.2.1 suffers from a cross site scripting vulnerability.
898fcd6c42cf09cbd7ec5b6dc7da4c9a70126592c5acdb55261bfd7df9acfbafiBooking version 1.0.8 suffers from a remote shell upload vulnerability.
1d1a7039b4955d7dc4e5a704e51e320587047865279cc2297bb299611ef05245Red Hat Security Advisory 2023-1409-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.9.
ccbdea74072f5f91ca8ea4c3158780053cb6f9d1362b1546944f6471f738d613Apple Security Advisory 2023-03-27-8 - Safari 16.4 addresses bypass vulnerabilities.
595dddff94c26025f6dd6b1051bf71d1e83c8332b4e3ba7dc292a7e139562d86ReQlogic version 11.3 suffers from a cross site scripting vulnerability.
5227ba88f59a5d4cccd1b7cd664927cd29c2794c9b0bb18836fe0f6ab3662551This Metasploit module exploits an undocumented backdoor vulnerability in the Optergy Proton and Enterprise Building Management System (BMS) applications. Versions 2.0.3a and below are vulnerable. Attackers can exploit this issue by directly navigating to an undocumented backdoor script called Console.jsp in the tools directory and gain full system access. Successful exploitation results in root command execution using sudo as user optergy.
33babb5810832b13a94e71c123fd7427e2dfe9cd4f92a96b062b362c7592affdHashicorp Consul version 1.0 suffers from a remote command execution vulnerability.
cf1a6442030a5c5f6fd07b5a99052472a0dae35ed2b518c1ce2625d5f2fdf42bApple Security Advisory 2023-03-27-7 - watchOS 9.4 addresses bypass, code execution, integer overflow, out of bounds read, and use-after-free vulnerabilities.
b6879bb072dc3bcaf057025d49c0a283fb7726fa16d8a7f521acfcb3b1d18dd1Apple Security Advisory 2023-03-27-6 - tvOS 16.4 addresses bypass, code execution, integer overflow, out of bounds read, and use-after-free vulnerabilities.
e42f83fe6b5a103a0898eab7c9362686f11ad4ddf7d70f2e5929f0e69061f91cMoodle LMS version 4.0 suffers from a cross site scripting vulnerability.
e7721c0aa0560a87ed3a181e9975e3a660308037ece1716c759931eaf08ced82Ubuntu Security Notice 5977-1 - It was discovered that the network queuing discipline implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs.
99af519443a922498b72c03944c7ecee25171c7b6bce683a3cee5430e6cbb4b7Tunnel Interface Driver suffers from a denial of service vulnerability.
f7f2b8b68d017bf58a7d55306d242543aa84752d90337934f157a2539d4cadd4Apple Security Advisory 2023-03-27-5 - macOS Big Sur 11.7.5 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
d3cdaa1e0b2cb20a97257137b5dcffd5cb406a1e65cc4b68176609f11f239ba7OPSWAT Metadefender Core version 4.21.1 suffers from a privilege escalation vulnerability.
67ed76b4c862c969209c71ff4568ff584d8233722adbde52ad8523f8fddff6cdLabel Studio versions 1.5.0 and below suffer from a server-side request forgery vulnerability.
71c7c7e58dfd4fd19b14de8fbc71ae94220ca39129c624221250b9a297da7930Ubuntu Security Notice 5976-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs.
a6dd79b8c521b85e0e1a1074affe7a355a0374b601afa3bdb39197d6af2e1843X-Skipper-Proxy version 0.13.237 suffers from a server-side request forgery vulnerability.
876aed8ac1af7db0f1e7042dc3e6263dc7ae9ca1429d89517aef860913ece9e7Subrion CMS version 4.2.1 suffers from a persistent cross site scripting vulnerability.
2522ffebb3f430ee0af9c8551dc7b1c7ccd8d38777900a80d1fb438938e478faApple Security Advisory 2023-03-27-4 - macOS Monterey 12.6.4 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
739ebbc2aa08de0dd5a0e2a5bb4889f44cdd6fdabb272260bc18eca98e3250b8
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed