Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
b2e3ff03fa2be9058a9ffbedd12b0a670433bd16c8cc6c432ab48dabc2df1898
jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.
5674649cb5463b17483b4b4890dd1892b295b619eea8c1a2230452f2df7677c6
Chrome checks in ReduceJSLoadPropertyWithEnumeratedKey are not sufficient to prevent the engine from reading an out-of-bounds index from an enum cache.
d2720d577ee6196fb4e71365c0315fa67c9c9abb683aa559628add3042c1ecce
Chrome suffers from an issue with dangling FixedArray pointers in Torque that can lead to memory corruption.
1bf880f7ba1c3955eba8b9696b7db8f2836b2579a921f40d918c9f7f376eb6da
When deserializing an SkPath, there is some basic validation performed to ensure that the contents are consistent. This validation does not use safe integer types, or perform additional validation, so it's possible for a large path to overflow the point count, resulting in an unsafe SkPath object.
7e0793cb8767bd5e3e5ac3845bbfc7ec6d83d30f81733f1592b40df7805b3a2f
There is a race condition in edgetpu_pin_user_pages which is reachable from some unprivileged contexts, including the Camera app, or the Google Meet app.
f2c097f59fbb9a93bf14610f9faf8be4d99e83e00ca52f16c11b8af6ef496e22
Ubuntu Security Notice 6396-2 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information.
70922139c6b034f316eb5edab38f72e40e1c058b73dbdd7a944c8bf477ad69b9
Ubuntu Security Notice 6419-1 - Hong Phat Ly discovered that jQuery UI did not properly manage parameters from untrusted sources, which could lead to arbitrary web script or HTML code injection. A remote attacker could possibly use this issue to perform a cross-site scripting attack. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Esben Sparre Andreasen discovered that jQuery UI did not properly handle values from untrusted sources in the Datepicker widget. A remote attacker could possibly use this issue to perform a cross-site scripting attack and execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
05388b73a403c354a99e6e89119bc4f5977a6dc6cffe23761717eab763f7e15d
Ubuntu Security Notice 6418-1 - It was discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue was only fixed in Ubuntu 20.04 LTS. VÃt Å esták discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code.
efe81905e836b8c2f8ec1aa28b49b9d7d4e86625a9cac2b64a592023b82ead87
Red Hat Security Advisory 2023-5447-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.
064208411f350866ed68312f72f0c474f0a2ecea1dbbc546d9f0284e9cdd0f9b
Ubuntu Security Notice 6417-1 - It was discovered that the eBPF implementation in the Linux kernel contained a race condition around read-only maps. A privileged attacker could use this to modify read-only maps. It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service.
c26238a5fdacf3ea9d3afd0da623a96b6fd205a4238fb6b5c63f66ebabb02fb1
Ubuntu Security Notice 6416-1 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorised memory reads via a speculative side-channel attack. A local attacker could use this to expose sensitive information, including kernel memory.
331f2ead28b7e52720b6f311fc3698392b6dd99793aaafc88fa16cf568162c17
Ubuntu Security Notice 6415-1 - Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorised memory reads via a speculative side-channel attack. A local attacker could use this to expose sensitive information, including kernel memory. Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code.
ac0576ea83c3691a31572b17759cf26008e0d00fe1b127688ad4fc8be0c5c1ec
Ubuntu Security Notice 6414-2 - USN-6414-1 and USN-6378-1 fixed CVE-2023-43665 and CVE-2023-41164 in Django, respectively. This update provides the corresponding update for Ubuntu 18.04 LTS. Wenchao Li discovered that the Django Truncator function incorrectly handled very long HTML input. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service.
f10086f54f995b17b4c0765ad284f4a177e992a12092d7fc61d4ed48781a7141
Red Hat Security Advisory 2023-5446-01 - Release of Red Hat build of OptaPlanner 8.38.0 SP1. This release includes security fixes. Issues addressed include a bypass vulnerability.
53d098f168441f0611d96d6b72f382d80343ed03b08e2c001f78d65a86f0cf38
Debian Linux Security Advisory 5515-1 - A security issue was discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
cd387add5ecac48e0ec28d632aaa0667202aefef4687f0629b6c55ff658c3240
Ubuntu Security Notice 6414-1 - Wenchao Li discovered that the Django Truncator function incorrectly handled very long HTML input. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service.
0d512e8d90b6f3b9cbd71c856ea71fe9bdebfeb0c5275142aa20c6a6072f5c3f
Ubuntu Security Notice 6413-1 - It was discovered that GNU binutils was not properly performing checks when dealing with memory allocation operations, which could lead to excessive memory consumption. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU binutils was not properly performing bounds checks when processing debug sections with objdump, which could lead to an overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS.
85f3b8e66e6ca80cfad7a4b2fee86408e70eb04287c701f0932d49c7e4efa739
Ubuntu Security Notice 6412-1 - Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel contained a race condition during device removal, leading to a use-after- free vulnerability. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Hyunwoo Kim discovered that the Technotrend/Hauppauge USB DEC driver in the Linux kernel did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service.
eef2bb4192be147f56bfdab3849d216add0a381c00e18c6ca3934a0f72c58c02
Red Hat Security Advisory 2023-5438-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.3.1. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
715a89fbdb178aa9352737ec608e1714c879a975897a5589e3ce302464f340de
Red Hat Security Advisory 2023-5426-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.3.1 ESR. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
3ed2e8b6e60bd86bf45ecb7063e1303618ab239fe54fef1762deaf1e7cd91dc9
Red Hat Security Advisory 2023-5430-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.3.1. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
e43c4243435fb2eb1f7e39e4f150404f89cfef5c6ffc7f9039b21b760e43552b
Red Hat Security Advisory 2023-5442-01 - Red Hat Advanced Cluster Management for Kubernetes 2.8.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
8ae212f8203286d8bd562c1b68bea127cf49e8e6953d776786190637a7155566
Red Hat Security Advisory 2023-5432-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.3.1. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
cfeb933422ebc25e4ba3bf335f4dec82d2fef8d62873682c46a61b0105dd00ce
Red Hat Security Advisory 2023-5435-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.3.1. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
b31cecd703d813be4d834c2d617bca16bfd9101a06380b207168e84e7c809a82