Red Hat Security Advisory 2024-1013-03

Red Hat Security Advisory 2024-1013-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a buffer overflow vulnerability.

February 28^th 2024 at 15:54

Red Hat Security Advisory 2024-1019-03

Red Hat Security Advisory 2024-1019-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include null pointer, privilege escalation, and use-after-free vulnerabilities.

February 28^th 2024 at 15:54

Red Hat Security Advisory 2024-1004-03

Red Hat Security Advisory 2024-1004-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a buffer overflow vulnerability.

February 28^th 2024 at 15:53

Red Hat Security Advisory 2024-0954-03

Red Hat Security Advisory 2024-0954-03 - The components for Red Hat OpenShift for Windows Containers 10.15.0 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Issues addressed include a privilege escalation vulnerability.

February 28^th 2024 at 15:53

Red Hat Security Advisory 2024-0999-03

Red Hat Security Advisory 2024-0999-03 - An update for kernel is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Issues addressed include a use-after-free vulnerability.

February 28^th 2024 at 15:53

Red Hat Security Advisory 2024-0946-03

Red Hat Security Advisory 2024-0946-03 - Red Hat OpenShift Container Platform release 4.13.35 is now available with updates to packages and images that fix several bugs and add enhancements.

February 28^th 2024 at 15:51

Red Hat Security Advisory 2024-0948-03

Red Hat Security Advisory 2024-0948-03 - Red Hat OpenShift Container Platform release 4.13.35 is now available with updates to packages and images that fix several bugs and add enhancements.

February 28^th 2024 at 15:51

Red Hat Security Advisory 2024-0941-03

Red Hat Security Advisory 2024-0941-03 - Red Hat OpenShift Container Platform release 4.14.14 is now available with updates to packages and images that fix several bugs and add enhancements.

February 28^th 2024 at 15:47

Red Hat Security Advisory 2024-0944-03

Red Hat Security Advisory 2024-0944-03 - Red Hat OpenShift Container Platform release 4.14.14 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a cross site scripting vulnerability.

February 28^th 2024 at 15:47

Red Hat Security Advisory 2024-0766-03

Red Hat Security Advisory 2024-0766-03 - Red Hat OpenShift Container Platform release 4.15.0 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

February 28^th 2024 at 15:45

Red Hat Security Advisory 2024-0269-03

Red Hat Security Advisory 2024-0269-03 - An update for run-once-duration-override-container, run-once-duration-override-operator-bundle-container, and run-once-duration-override-operator-container is now available for RODOO-1.1-RHEL-9. Issues addressed include a denial of service vulnerability.

February 28^th 2024 at 15:45

Exploit-DB Updates
[local] (shellcode) Linux-x64 - create a shell with execve() sending argument using XOR (/bin//sh) [55 bytes]
February 28^th 2024 at 00:00

[local] (shellcode) Linux-x64 - create a shell with execve() sending argument using XOR (/bin//sh) [55 bytes]

(shellcode) Linux-x64 - create a shell with execve() sending argument using XOR (/bin//sh) [55 bytes]

February 28^th 2024 at 00:00

Exploit-DB Updates
[webapps] Blood Bank v1.0 - Multiple SQL Injection
February 28^th 2024 at 00:00

[webapps] Blood Bank v1.0 - Multiple SQL Injection

Blood Bank v1.0 - Multiple SQL Injection

February 28^th 2024 at 00:00

Exploit-DB Updates
[webapps] WP Rocket < 2.10.3 - Local File Inclusion (LFI)
February 28^th 2024 at 00:00

[webapps] WP Rocket < 2.10.3 - Local File Inclusion (LFI)

WP Rocket

February 28^th 2024 at 00:00

Exploit-DB Updates
[local] Saflok - Key Derication Function Exploit
February 28^th 2024 at 00:00

[local] Saflok - Key Derication Function Exploit

Saflok - Key Derication Function Exploit

February 28^th 2024 at 00:00

Exploit-DB Updates
[webapps] WP Fastest Cache 1.2.2 - Unauthenticated SQL Injection
February 28^th 2024 at 00:00

[webapps] WP Fastest Cache 1.2.2 - Unauthenticated SQL Injection

WP Fastest Cache 1.2.2 - Unauthenticated SQL Injection

February 28^th 2024 at 00:00

Exploit-DB Updates
[webapps] WordPress Plugin Admin Bar & Dashboard Access Control Version: 1.2.8 - "Dashboard Redirect" field Stored Cross-Site Scripting (XSS)
February 28^th 2024 at 00:00

[webapps] WordPress Plugin Admin Bar & Dashboard Access Control Version: 1.2.8 - "Dashboard Redirect" field Stored Cross-Site Scripting (XSS)

WordPress Plugin Admin Bar & Dashboard Access Control Version: 1.2.8 - "Dashboard Redirect" field Stored Cross-Site Scripting (XSS)

February 28^th 2024 at 00:00

Advisory Files ≈ Packet Storm
Gentoo Linux Security Advisory 202402-33
February 27^th 2024 at 15:16

Gentoo Linux Security Advisory 202402-33

Gentoo Linux Security Advisory 202402-33 - A vulnerability has been found in PyYAML which can lead to arbitrary code execution. Versions greater than or equal to 5.4 are affected.

February 27^th 2024 at 15:16

Ubuntu Security Notice USN-6661-1

Ubuntu Security Notice 6661-1 - Yi Yang discovered that the Hotspot component of OpenJDK 17 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. It was discovered that the Hotspot component of OpenJDK 17 did not properly verify bytecode in certain situations. An attacker could possibly use this issue to bypass Java sandbox restrictions.

February 27^th 2024 at 15:15

Ubuntu Security Notice USN-6662-1

Ubuntu Security Notice 6662-1 - Yi Yang discovered that the Hotspot component of OpenJDK 21 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. It was discovered that the Hotspot component of OpenJDK 21 did not properly verify bytecode in certain situations. An attacker could possibly use this issue to bypass Java sandbox restrictions.

February 27^th 2024 at 15:15

Ubuntu Security Notice USN-6305-2

Ubuntu Security Notice 6305-2 - USN-6305-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. It was discovered that PHP incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information.

February 27^th 2024 at 15:15

Ubuntu Security Notice USN-6663-1

Ubuntu Security Notice 6663-1 - As a security improvement, this update prevents OpenSSL from returning an error when detecting wrong padding in PKCS#1 v1.5 RSA, to prevent its use in possible Bleichenbacher timing attacks.

February 27^th 2024 at 15:15

Ubuntu Security Notice USN-6657-1

Ubuntu Security Notice 6657-1 - Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Dnsmasq icorrectly handled validating DNSSEC messages. A remote attacker could possibly use this issue to cause Dnsmasq to consume resources, leading to a denial of service. It was discovered that Dnsmasq incorrectly handled preparing an NSEC3 closest encloser proof. A remote attacker could possibly use this issue to cause Dnsmasq to consume resources, leading to a denial of service.

February 27^th 2024 at 15:10

Ubuntu Security Notice USN-6658-1

Ubuntu Security Notice 6658-1 - It was discovered that libxml2 incorrectly handled certain XML documents. A remote attacker could possibly use this issue to cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code.

February 27^th 2024 at 15:10

Ubuntu Security Notice USN-6659-1

Ubuntu Security Notice 6659-1 - It was discovered that libde265 could be made to write out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that libde265 could be made to read out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service.

February 27^th 2024 at 15:10

Ubuntu Security Notice USN-6656-1

Ubuntu Security Notice 6656-1 - It was discovered that PostgreSQL incorrectly handled dropping privileges when handling REFRESH MATERIALIZED VIEW CONCURRENTLY commands. If a user or automatic system were tricked into running a specially crafted command, a remote attacker could possibly use this issue to execute arbitrary SQL functions.

February 27^th 2024 at 15:10

Ubuntu Security Notice USN-6660-1

Ubuntu Security Notice 6660-1 - Yi Yang discovered that the Hotspot component of OpenJDK 11 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. It was discovered that the Hotspot component of OpenJDK 11 did not properly verify bytecode in certain situations. An attacker could possibly use this issue to bypass Java sandbox restrictions.

February 27^th 2024 at 15:10

Red Hat Security Advisory 2024-0990-03

Red Hat Security Advisory 2024-0990-03 - An update for rh-postgresql12-postgresql is now available for Red Hat Software Collections.

February 27^th 2024 at 14:59

Red Hat Security Advisory 2024-0992-03

Red Hat Security Advisory 2024-0992-03 - An update for rh-postgresql10-postgresql is now available for Red Hat Software Collections.

February 27^th 2024 at 14:59

Red Hat Security Advisory 2024-0998-03

Red Hat Security Advisory 2024-0998-03 - Red Hat OpenShift distributed tracing 3.1.0.

February 27^th 2024 at 14:59

Red Hat Security Advisory 2024-0989-03

Red Hat Security Advisory 2024-0989-03 - Red Hat Multicluster GlobalHub 1.0.2 General Availability release images, which fix bugs, provide security updates, and update container images. Issues addressed include denial of service and traversal vulnerabilities.

February 27^th 2024 at 14:58

Red Hat Security Advisory 2024-0980-03

Red Hat Security Advisory 2024-0980-03 - An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support. Issues addressed include a use-after-free vulnerability.

February 27^th 2024 at 14:58

Red Hat Security Advisory 2024-0981-03

Red Hat Security Advisory 2024-0981-03 - An update for unbound is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

February 27^th 2024 at 14:58

Red Hat Security Advisory 2024-0982-03

Red Hat Security Advisory 2024-0982-03 - An update for unbound is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

February 27^th 2024 at 14:58

Red Hat Security Advisory 2024-0983-03

Red Hat Security Advisory 2024-0983-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a spoofing vulnerability.

February 27^th 2024 at 14:58

Red Hat Security Advisory 2024-0984-03

Red Hat Security Advisory 2024-0984-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a spoofing vulnerability.