Services that are running and bound to the loopback interface on the Artica Proxy version 4.50 are accessible through the proxy service. In particular, the tailon service is running as the root user, is bound to the loopback interface, and is listening on TCP port 7050. Using the tailon service, the contents of any file on the Artica Proxy can be viewed.
0693c2ce363baaef7b371443418fb29623edc052f8d82f02eea207672f271e4b
The Rich Filemanager feature of Artica Proxy versions 4.40 and 4.50 provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user. This provides an unauthenticated attacker complete access to the file system.
4e458aef9f797d0714e86e3cbbbe7fdd8225fa1b68b23cd60a66a992d28a4eb5
The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user. Version 4.50 is affected.
8e2ee354af5fde39323dcb9b78bd8d0b892172400746b1b66015b3a87cbd8630
Artica Proxy versions 4.40 and 4.50 suffer from a local file inclusion protection bypass vulnerability that allows for path traversal.
ee5d3d2cce629647f1cc48769c74910aca7883ad99b79b7b1c766a0e28a65ddf
Ubuntu Security Notice 6679-1 - It was discovered that FRR incorrectly handled certain malformed OSPF LSA packets. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service.
3efcd48e104a143fe730fd8974e6c97f3e55c468d9f86582780097369d74b591
Ubuntu Security Notice 6676-1 - Vojtěch Vobr discovered that c-ares incorrectly handled user input from local configuration files. An attacker could possibly use this issue to cause a denial of service via application crash.
dbe62c177736e67d0f34559bcd12eaefa58499419a3ef18ef50db23f6bb5ade7
Ubuntu Security Notice 6649-2 - USN-6649-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Alfred Peters discovered that Firefox did not properly manage memory when storing and re-accessing data on a networking channel. An attacker could potentially exploit this issue to cause a denial of service. Johan Carlsson discovered that Firefox incorrectly handled Set-Cookie response headers in multipart HTTP responses. An attacker could potentially exploit this issue to inject arbitrary cookie values. Gary Kwong discovered that Firefox incorrectly generated codes on 32-bit ARM devices, which could lead to unexpected numeric conversions or undefined behaviour. An attacker could possibly use this issue to cause a denial of service. Ronald Crane discovered that Firefox did not properly manage memory when accessing the built-in profiler. An attacker could potentially exploit this issue to cause a denial of service.
57493f4eb5405080e87d75b58868c8d0c8ea4844948fc6ac9afc75823a5e7a6f
Ubuntu Security Notice 6678-1 - It was discovered that libgit2 mishandled equivalent filenames on NTFS partitions. If a user or automated system were tricked into cloning a specially crafted repository, an attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that libgit2 did not perform certificate checking by default. An attacker could possibly use this issue to perform a machine-in-the-middle attack. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
7b3086cc98d56d838c607776e3a17b3c2150866662ba214c0dc65ab02e4712cb
Ubuntu Security Notice 6677-1 - It was discovered that libde265 could be made to dereference invalid memory. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that libde265 could be made to write out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
e5b123a14132e2de2966b2dd309e46adfd9dcc9597f183fc3ef618a6d4a7dcb7
Red Hat Security Advisory 2024-1188-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include code execution, denial of service, memory leak, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
f149b4e2e5b84c510b0c155de2d3290d8c9826d0679ef81dccc32677afb3f3aa
Red Hat Security Advisory 2024-1184-03 - An update for squid is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.
ad1ee345710e0e3ea9c4caee996df8040b5dd4f88e74182f747cdd04e46715b1
Red Hat Security Advisory 2024-1155-03 - An update for fence-agents is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
23d1bea8da267bfe3bc89ca123382f1c39ae2bd0ea7f14b35386ce99ff37e47b
Red Hat Security Advisory 2024-1154-03 - An update for libfastjson is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include integer overflow and out of bounds write vulnerabilities.
2413847e67634013cdba3c241f650cac94e1132673a065c1f3d0d3f5b6285e17
Red Hat Security Advisory 2024-1153-03 - An update for squid is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include buffer over-read, denial of service, and null pointer vulnerabilities.
8a9dab6dcb9dac238e73892aee925d081d09109fcb76fb12ee375e9f2f2b5374
Red Hat Security Advisory 2024-1152-03 - An update for frr is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include an out of bounds read vulnerability.
27c2d640abc5974df3aa82d9face327f2a25b5856e4db125d44263c9990b6088
Red Hat Security Advisory 2024-1150-03 - An update for buildah is now available for Red Hat Enterprise Linux 9.
3b380d599f1e214465c02c27a990fbb02861e6c1f243873037b7a30d987161db
Red Hat Security Advisory 2024-1149-03 - An update for skopeo is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.
525387cfb707a737f6df33baa347a2ed18323b86081446653b13dc85bb5620ca
Red Hat Security Advisory 2024-1147-03 - An update for rear is now available for Red Hat Enterprise Linux 9.
a1cd84e4d8783e595fc61534742738d82ef55551522f48ac7ab3a25fd696fd00
Red Hat Security Advisory 2024-1142-03 - An update for haproxy is now available for Red Hat Enterprise Linux 9.
434273256431b6b9e831c9835bcb2fba3864ee3f7558795df1229f26598ab968
Red Hat Security Advisory 2024-1141-03 - An update for mysql is now available for Red Hat Enterprise Linux 9.
3b8aba46791df095cab2743a4eddaa36c75383d877b17f82c8b0fe40a9d30a8c
Red Hat Security Advisory 2024-1139-03 - An update for keylime is now available for Red Hat Enterprise Linux 9.
fa35c06d9a9f91bb17064642bf3aa279c64078f6ebe03a1438ad2b0d3fda3091
Red Hat Security Advisory 2024-1134-03 - An update for tomcat is now available for Red Hat Enterprise Linux 9. Issues addressed include a HTTP request smuggling vulnerability.
9a81153a104aad1e11caad5121684b4f2b581244c55931558e6c262084aa7073
Red Hat Security Advisory 2024-1131-03 - An update for golang is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.
07317300f9ef35fff58ace3e538cfee5970f7fa9af1833f349ff98fe72f9bb02
Red Hat Security Advisory 2024-1130-03 - An update for openssh is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.
81ece00c1a0fa3af166446b3fac05f48fad824008e773bbee6b4296a6a0afd61
Red Hat Security Advisory 2024-1129-03 - An update for curl is now available for Red Hat Enterprise Linux 9. Issues addressed include an information leakage vulnerability.
f2c74eb6648115701a1cab86282a4e0339dc9ed69a0324caf51dd6902fa56d93