Ubuntu Security Notice 7015-4 - USN-7015-1 fixed several vulnerabilities in Python. This update provides the corresponding update for CVE-2023-27043 for python2.7 and python3.5 in Ubuntu 14.04 LTS. It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python email module incorrectly quoted newlines for email headers. A remote attacker could possibly use this issue to perform header injection. It was discovered that the Python http.cookies module incorrectly handled parsing cookies that contained backslashes for quoted characters. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python zipfile module incorrectly handled certain malformed zip files. A remote attacker could possibly use this issue to cause Python to stop responding, resulting in a denial of service.
731455171671cb91b707afc30303c4767bd6902da1426dc4ddc34aaad8ed5c81Debian Linux Security Advisory 5791-1 - Elyas Damej discovered that a sandbox mechanism in ReportLab, a Python library to create PDF documents, could be bypassed which may result in the execution of arbitrary code when converting malformed HTML to a PDF document.
40f471c19c769dc43b6a721bbf7f55e00b564db69dcafda48f9c8375d8e96ac7ABB Cylon Aspect version 3.08.00 suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the PROXY HTTP POST parameter called by the yumSettings.php script.
745fecf29b9b2473e58492b59fb0c9e867cdd58cc5a3ecbb448313aaa681f34eUbuntu Security Notice 7066-1 - Damien Schaeffer discovered that Thunderbird did not properly manage certain memory operations when processing content in the Animation timelines. An attacker could potentially exploit this issue to achieve arbitrary code execution.
1e2bfe92e3d781ae5a8878212909846860ad74a31e7a16ce770405c65584fa6dDebian Linux Security Advisory 5790-1 - It was discovered that DOMPurify, a sanitizer for HTML, MathML and SVG was susceptible to nesting-based mXSS.
23913d3e979fc61eebe9070d04b073ddb60db7933133bb5fb757bcc16928b0f2Debian Linux Security Advisory 5789-1 - Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code.
e7fccad86bca93bda9c3bee7317c60c197d8f5c1e25808c962f2eea6506ee0a1Ubuntu Security Notice 7063-1 - Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon leaked the Pro token to unprivileged users by passing the token as an argument in plaintext. An attacker could use this issue to gain unauthorized access to an Ubuntu Pro subscription.
f8c9d08b839b179135a029666f583951a893111ec2fc7df0f1d087f6a3caa563The Vivo Fibra Askey RTF8225VW modem suffers from an input validation vulnerability that allows for full escalation to a functioning shell once logged in and using the restricted aspsh shell.
edf855b06c71dfe99f294649be53aad56d922600786e0dd75e802740e673d599Ubuntu Security Notice 7065-1 - Damien Schaeffer discovered that Firefox did not properly manage memory in the content process when handling Animation timelines, leading to a use after free vulnerability. An attacker could possibly use this issue to achieve remote code execution.
3287b6eb7ec0e218c5cd36a49c3b149301f146b0a2df5fd65beaf5cced626197WordPress File Manager Advanced Shortcode plugin version 2.3.2 suffers from a code injection vulnerability that allows for remote shell upload.
c3c91c881eefe624d3d7dfab709897221d26c0579d2ee6152e7b82b5bc372b7cTOTOLINK version 9.x suffers from a remote command injection vulnerability.
2d199fda1a45cace299043b1d5aee9484bc09d195d47bc791fc07cf405039920MagnusBilling version 7.x suffers from a remote command injection vulnerability.
5ef246092a4751995067e5ac1af2d01cdabaf77cc9815dfa3ede9fdd6aa0e69fBookstore Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
ed877cf678281828e8a763de125306c2d2d4c2a6136ecac65cf4e8c7a8da4566Peel Shopping versions 2.x and below 3.1 suffer from cross site scripting and remote SQL injection vulnerabilities. This was already noted discovery in 2012 by Cyber-Crystal but this data provides more details.
6b817e9573188b3c5ed4066030a3df4e2c7c9fa853b6fac524420a7c64d3e985
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed