Debian Linux Security Advisory 5749-1 - Chris Williams discovered a flaw in the handling of mounts for persistent directories in Flatpak, an application deployment framework for desktop apps. A malicious or compromised Flatpak app using persistent directories could take advantage of this flaw to access files outside of the sandbox.
49a4d77eea8ea35889feae10e2fadeec7696c09090cf0416837385589db5c828LG Simple Editor versions 3.21.0 and below suffer from an unauthenticated command injection vulnerability. The vulnerability can be exploited by a remote attacker to inject arbitrary operating system commands which will get executed in the context of NT AUTHORITY\SYSTEM.
1545a24bd538b0cf083c22f759cc58d69ea50fc039903cf220c2e8a20cefba46This Metasploit module exploits OpenMetadata versions 1.2.3 and below by chaining an API authentication bypass using JWT tokens along with a SpEL injection vulnerability to achieve arbitrary command execution.
713b618c2038aeb7f9469836947b05f8ccdf1cf0b8060c24f46869e85e9e93cdThis Metasploit module exploits CVE-2024-27348, a remote code execution vulnerability that exists in Apache HugeGraph Server in versions before 1.3.0. An attacker can bypass the sandbox restrictions and achieve remote code execution through Gremlin, resulting in complete control over the server.
b97d3ebb5977b249d01dc6eda8963e68e3e2fb294c007a301ee0a7f467c4e02dUbuntu Security Notice 6961-1 - It was discovered that BusyBox did not properly validate user input when performing certain arithmetic operations. If a user or automated system were tricked into processing a specially crafted file, an attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. It was discovered that BusyBox incorrectly managed memory when evaluating certain awk expressions. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS.
032e3b951d2c4a3d5616153f6ad7f551b1b064e6766e37c7e54cc6e5d999d625Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. This is the LTS source code release.
d67ab299e5ca05dad3da299a5ea73d60209372a5becd7f13b9a33c290338a4e6GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.
9ca0ddaccce28a74fa18d738744190afb3b0daebef74e6ad686bf7bef99abd60Red Hat Security Advisory 2024-5418-03 - An update for bind9.16 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.
c7d702e6f25f2c9be85e5d742c89a8b129957d7a6edb735119b0adcf87546676Red Hat Security Advisory 2024-5411-03 - An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.14. Red Hat Product Security has rated this update as having a security impact of critical. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.
068e4971be0ae9f67e2e1098b8d7d7b931eec474ff5000fc99f1fd09a52b5db5Feberr version 13.4 suffers from an ignored default credential vulnerability.
2e393c441ce609493774dac1c3e5f681c5ce98d1b3702bb114041fdb03335768Red Hat Security Advisory 2024-5410-03 - An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.12. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.
eb18e0ae04d57031458b02850dcf16f3d15d47b1f69b7c3e2bd0ce55d7adfc56Ubuntu Security Notice 6960-1 - Nick Browning discovered that RMagick incorrectly handled memory under certain operations. An attacker could possibly use this issue to cause a denial of service through memory exhaustion.
d8fb4e58635a7b08d39335638b93c2207f742867e7703c2b45154b56063f9b45Farmacia Gama version 1.0 suffers from a cross site scripting vulnerability.
2caf36ad25ddb5e5fcd4a26fd8ac2e62e0dee3d76fbd95e698130d2b8730632eRed Hat Security Advisory 2024-5406-03 - An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.13. Red Hat Product Security has rated this update as having a security impact of critical. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.
ebc166c50f26fb0b417e894435c5b45a9476ead6a4e3b5918dbe1f7abdb30746Ecommerce version 1.15 suffers from an ignored default credential vulnerability.
58fa74be204710f788c9686f571d322e9e021b828a468d977d0fd4a321e926aaRed Hat Security Advisory 2024-5405-03 - An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.15. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.
663a4609326d571bebbb166ff0bf2010076f838204e7b0ccdd0d93918af8667bUbuntu Security Notice 6951-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
40333bcb6bfcef7ef0b04b1f7dd14dc7bd1927d82916fa3e2c056ec935a480ddCovid-19 Contact Tracing System version 1.0 suffers from a cross site scripting vulnerability.
daa17a59d2ea2f605f71d11b3ba6860a33f90c5ea08d666ce8a3af42e59af5faRed Hat Security Advisory 2024-5402-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8. Issues addressed include out of bounds read and use-after-free vulnerabilities.
87f6e5a9338154d5d05e5c0879da5ab7e24370cf7ca44814bc7c8a909cf40b4cRed Hat Security Advisory 2024-5396-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include out of bounds read and use-after-free vulnerabilities.
dfedab7cda430f6109fa56dadc489bc25762e6c1275dd075d77106e1bffded6fCar Rental Management System version 1.0 suffers from a cross site scripting vulnerability.
5fa10fefdc9cde30dce20a655fe24cebef24d4c036fcbee0b4bb1c708bc895edBloodBank version 1.1 suffers from an ignored default credential vulnerability.
e7484cc3dee661f45c55f97b4e23233108b80b1c4fe04adf3e05b62052052b97Red Hat Security Advisory 2024-5395-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include out of bounds read and use-after-free vulnerabilities.
46a7b8e3d0be756d884c46e1b9b7654fe5d640c70be8175dd7eeda94436f54deBhojon Restaurant Management System version 2.9 suffers from an ignored default credential vulnerability.
d6e06dde4900dda1d73c9d43d3fd7bdc675753e54128cdc173c7bd195c2bae96FlatPress version 1.3.1 suffers from a path traversal vulnerability.
93132facf1686cadc1ae8f70b92c43ad1314fd717d542ca0f3d2460a2af23e80
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed