ABB Cylon Aspect version 3.08.01 has a directory traversal vulnerability that can be exploited by an unauthenticated attacker to list the contents of arbitrary directories without reading file contents, leading to information disclosure of directory structures and filenames. This may expose sensitive system details, aiding in further attacks. The issue lies in the listFiles() function of the persistenceManagerAjax.php script, which calls PHP's readdir() function without proper input validation of the directory POST parameter.
6fe5412f92cf9da09187b01562243fec9b9cf0b1251cbfd3a890fd1a773702c5Palo Alto Networks GlobalProtect versions 5.1.x, 5.2.x, 6.0.x, 6.1.x, 6.3.x and versions less than 6.2.5 suffer from a local privilege escalation vulnerability.
bdf5f12114d9810353407e9bf2aa69dff68a900d64bc056a6fe658b1f27ea756Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
2b9e96572a7002c3e53b79683cf92f8172217e64c17ecaaf612eb68c2a7556ecUbuntu Security Notice 7061-1 - Hunter Wittenborn discovered that Go incorrectly handled the sanitization of environment variables. An attacker could possibly use this issue to run arbitrary commands. Sohom Datta discovered that Go did not properly validate backticks as Javascript string delimiters, and did not escape them as expected. An attacker could possibly use this issue to inject arbitrary Javascript code into the Go template.
366aa6bc269ca28c4b992ad13527bd77d7968a9ad5dcd84915ed51954acbe4c1Ubuntu Security Notice 7022-3 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
abe3896117665188580a1dbccbf924257f2bb30260e8e6292a0ede48e9e053f6Ubuntu Security Notice 7060-1 - It was discovered that EDK II did not check the buffer length in XHCI, which could lead to a stack overflow. A local attacker could potentially use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Laszlo Ersek discovered that EDK II incorrectly handled recursion. A remote attacker could possibly use this issue to cause EDK II to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
4da85379bce0bd996f69858bb941555e77ae2c4f4a4eeb00ea9f355b115bb3edDebian Linux Security Advisory 5787-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
f4228d9be2e94b5178c0ed22259a02e549ea50feae6bfd6228876d967a2f1977Ubuntu Security Notice 7059-1 - Fabian Vogt discovered that OATH Toolkit incorrectly handled file permissions. A remote attacker could possibly use this issue to overwrite root owned files, leading to a privilege escalation attack.
a238ccdfc4dd16f55ee4565782ae895c255c561f32b8e490049e5e3041d303d0Android GKI kernels contain broken non-upstream Speculative Page Faults MM code that can lead to use-after-free conditions.
66f3d20525ff0676542d2ca32e25362978413e0665982d4a600608e52b0a2fcfRed Hat Security Advisory 2024-7958-03 - An update for firefox is now available for Red Hat Enterprise Linux 9. Issues addressed include a use-after-free vulnerability.
cf56dcaf4106898501c231eb5b6e2d40d23a617ee4a0cf0f16c80eeafe647fdaRed Hat Security Advisory 2024-7875-03 - An update for net-snmp is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include buffer overflow and null pointer vulnerabilities.
bfb4f424d33f632351116317ccc496f237de754375206c1277443c5a6f1922b5Red Hat Security Advisory 2024-7869-03 - An update for.NET 8.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include code execution and denial of service vulnerabilities.
0362279b75a2628874ca61c29a2f1b53c2f1041de5e5b0b0578f08131524462dRed Hat Security Advisory 2024-7868-03 - An update for.NET 8.0 is now available for Red Hat Enterprise Linux 8. Issues addressed include code execution and denial of service vulnerabilities.
76429578bbb0ceed040c04152fe294b3388c64cd241ad4b03527ed4fd5c21a46Red Hat Security Advisory 2024-7867-03 - An update for.NET 6.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.
e8ca91e87cbffbe6cef3f92b63caefa2394939c1abdc349c42edba3a6baf0ceeRed Hat Security Advisory 2024-7861-03 - An update to the images for Red Hat build of Apicurio Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Issues addressed include a code execution vulnerability.
e76013bfc832f63d8d448637cc58cb22ea429d3fae6f530c4cdb59d7133ddb37Red Hat Security Advisory 2024-7856-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include bypass and denial of service vulnerabilities.
c2e8f5f911eac42ae59fdfa7e8258cb32a1d7091bbd6b7bc7dc3f63fc7800d10Red Hat Security Advisory 2024-7854-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include bypass and denial of service vulnerabilities.
95ca81691ca97832a0802a6c5e3b066045e2c06e140d254b8e177b9a701d809dRed Hat Security Advisory 2024-7852-03 - An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.
6f821c3ab8a8cfb7877610a0c982d1f114fb350a53d231d6688c12de4b495935Red Hat Security Advisory 2024-7594-03 - Red Hat OpenShift Container Platform release 4.15.36 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include code execution and out of bounds write vulnerabilities.
0dfe4d19fbde52ed6143060e174763f2cd2e09cc8c746123999ba05fcdfc864dI2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
54eebdb1cfdbe6aeb1f60e897c68c6b2921c36ce921350d45d21773256c99874
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed