Debian Linux Security Advisory 5438-1 - A flaw was found in Asterisk, an Open Source Private Branch Exchange. A buffer overflow vulnerability affects users that use PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query record parse_query(), while the issue in CVE-2022-24793 is in parse_rr(). A workaround is to disable DNS resolution in PJSIP config (by setting nameserver_count to zero) or use an external resolver implementation instead.
36f72d3d649edb95df059fb18d510eb21ac8c037e62356c078f3a169cddb0f4c
Red Hat Security Advisory 2023-3614-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.4.
9c2f46c33295c1b0e7ecb18249a60f635ddabddc6a6d5b912f2e4088da5e5897
PHPJabbers Forum Script version 3.0 suffers from a persistent cross site scripting vulnerability.
f4e5ffeaf79c0daafb1b71a6644d88419b69e1fe0a50fcf7dc1b56f73028642a
PHPJabbers Forum Script version 3.0 suffers from a cross site scripting vulnerability.
7c7fa0e33bc0473aac31afaf92ccaa826276ae56d152f8c973b054659b1aed19
Red Hat Security Advisory 2023-3612-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.4. Issues addressed include a denial of service vulnerability.
ea9917b98cd5b9cbd392b57a3ac838f9c1a315a3707d8b46feb8cd1c85c208ee
Debian Linux Security Advisory 5435-2 - Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in information disclosure or denial of service.
c1fcf596ee1cf44b8cea35182003229a26d8a8252f42c3fdec4a778bcd034ed3
This Metasploit module exploits an SQL injection vulnerability in the MOVEit Transfer web application that allows an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker can leverage an information leak be able to upload a .NET deserialization payload.
b18ba528cf2f662442aa4037f5ec3d421c3b9cc9530694a34a9b358c25e66927
Ubuntu Security Notice 6161-2 - USN-6161-1 fixed vulnerabilities in .NET. The update introduced a regression with regards to how the runtime imported X.509 certificates. This update fixes the problem. It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges.
67ee7be668513048889aa6b43f011d07bf3cb753ec723bc38e4592358e37c481
PHPJabbers STIVA Blog Script version 4.1 suffers from a cross site scripting vulnerability.
7041d8c30f1fb64eafc1e8a95150416a4545cef4895c1bfcbaf4b5cd4888c47e
Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.
80569651d5cc8033bbdb7f6416fafc8f5509382decbdaab9937ba65ff11a16de
Ubuntu Security Notice 6188-1 - Matt Caswell discovered that OpenSSL incorrectly handled certain ASN.1 object identifiers. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service.
3e33127cafc3fd6f8d97bd093f3f532861cd023f096611f010ee2d37f3305390
Ubuntu Security Notice 6184-1 - It was discovered that CUPS incorrectly handled certain memory operations. An attacker could possibly use this issue to cause CUPS to crash, resulting in a denial of service, or possibly obtain sensitive information.
d939dfb7a4a8b857fe788402db822e7c8cbd0336516fa86a5332922209c7838b
Advanced ASP Chat version 2.0 suffers from a database disclosure vulnerability.
d0759a6a21a6859cc658221b9d3c3eb88a0dccd988e1af4d2a9d075c3eedc50b
Adult Video Script version 3.0 suffers from local and remote file inclusion vulnerabilities.
e264208c1c42c41c7c3f960f862ab82fde6a4b9793769fd169535d090527b2ec
Adiscon LogAnalyzer version 4.1.5 suffers from a cross site scripting vulnerability.
879d0a184f8d10f47f9c9425e7e551ed507dbb61347b1b8e4f7f3148039accce
Ubuntu Security Notice 6187-1 - William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service. It was discovered that the TUN/TAP driver in the Linux kernel did not properly initialize socket data. A local attacker could use this to cause a denial of service.
89823737d37fd6db3070e194a86809b3c820df253fef685096a594196fd7d2d3
Red Hat Security Advisory 2023-3777-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Issues addressed include a bypass vulnerability.
eac49ab19a4977a5129c40dcb9ec56c063b8f1781e110306c05c06f444e44d60
PHPJabbers Knowledge Base Builder version 3.0 suffers from a cross site scripting vulnerability.
85e042ec2dbd0ef8f9cc0a10d3182794ac492c297c35c8619dbf85ec10b47e2b
Red Hat Security Advisory 2023-3776-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.
d86c3835c48ca3d3ea0b220e1fa2588dff7a2ae26b121b5152184f72cd7a2421
Adapt Inventory Management System version 1.0.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
5d82550b4d898820fc65d1b241fcdc0044ee4347681fb99564390a22ce0274e1
Active Newspaper version 2.0 suffers from an html injection vulnerability.
d7788acd25934e4f336dd671dc9fb07b6d931cf95efc7ba4b66d3b2cb52cd854
Ubuntu Security Notice 6186-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
852bc0984d64527371695ee9feac0d312b46b12c591411f7a5be5f0ffb1c93a2
Red Hat Security Advisory 2023-3780-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Issues addressed include a bypass vulnerability.
bddb6f1e11a6ba9c52be0f94ca826d2448c508019f60d2f892b5aa469b5fe32e
Smart Office Web version 20.28 suffers from information disclosure due to an insecure direct object reference vulnerability.
0e404965ef5239207c525c44d321cb98b5082332677616c1825d478aca12e3c8
Ubuntu Security Notice 6185-1 - It was discovered that the TUN/TAP driver in the Linux kernel did not properly initialize socket data. A local attacker could use this to cause a denial of service. It was discovered that the Real-Time Scheduling Class implementation in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service.
be2e9478a6761c035541dad4eff6b7f5f36c9c99263510c8055de1ab00fac4e0