Full Disclosure

null pointer deference in MiniZinc via a crafted Preferences.json file

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
A null pointer deference existed in MiniZinc v.2.7.6 via a crafted Preferences.json file.

[VulnerabilityType Other]
null pointer deference

[Vendor of Product]
MiniZinc

[Affected Product Code Base]
MiniZinc - 2.7.6

[Reference]
https://github.com/MiniZinc/libminizinc/issues/729

[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-46050 to this...

Full Disclosure

arithmetic exception in S-lang via the function tt_sprintf()

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
S-Lang v2.3.2 was discovered to contain an arithmetic exception via the function tt_sprintf().

[VulnerabilityType Other]
FPE

[Vendor of Product]
S-Lang

[Affected Product Code Base]
S-Lang - 2.3.2

[Reference]
http://lists.jedsoft.org/lists/slang-users/2023/0000003.html

[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-45927 to this
vulnerability.

Full Disclosure

null pointer deference in gnome gtk via parse_settings() at xsettings-client.c

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
gnome gtk ac60bc60 was discovered to contain a segmentation violation via the function parse_settings() at
xsettings-client.c.

[VulnerabilityType Other]
null pointer deference

[Vendor of Product]
gnome

[Affected Product Code Base]
gtk - ac60bc60

[Reference]
https://gitlab.gnome.org/GNOME/gtk/-/issues/5983

[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name...

Full Disclosure

NULL pointer dereference in freedesktop Mesa via check_xshm()

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
freedesktop Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function check_xshm().

[Vulnerability Type]
NULL pointer dereference

[Vendor of Product]
freedesktop

[Affected Product Code Base]
Mesa - 23.0.4

[Reference]
https://gitlab.freedesktop.org/mesa/mesa/-/issues/9859

[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-45931 to...

Full Disclosure

null pointer deference in nano via read_the_list()

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
Nano v6.2 was discovered to contain a segmentation violation via the function read_the_list().

[VulnerabilityType Other]
null pointer deference

[Vendor of Product]
nano

[Affected Product Code Base]
nano - 6.2

[Reference]
https://savannah.gnu.org/bugs/index.php?64465

[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-45932 to this
vulnerability.

Full Disclosure

SEGV in S-Lang via fixup_tgetstr()

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
S-Lang v2.3.2 was discovered to contain a SEGV via the function fixup_tgetstr().

[VulnerabilityType Other]
SEGV

[Vendor of Product]
S-Lang

[Affected Product Code Base]
S-Lang - 2.3.2

[Reference]
http://lists.jedsoft.org/lists/slang-users/2023/0000002.html

[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-45929 to this
vulnerability.

Full Disclosure

null pointer deference in gnome gtk via init_randr15() at gdkscreen-x11.c

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
gnome gtk f2a28891 was discovered to contain a segmentation violation via the function init_randr15() at
gdkscreen-x11.c.

[VulnerabilityType Other]
null pointer deference

[Vendor of Product]
gnome

[Affected Product Code Base]
gtk - f2a28891

[Reference]
https://gitlab.gnome.org/GNOME/gtk/-/issues/5984

[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name...

Full Disclosure

NULL pointer dereference in QT via the function QXcbConnection::initializeAllAtoms()

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
QT v6.2, v6.5, and v6.6 was discovered to contain a NULL pointer dereference via the function
QXcbConnection::initializeAllAtoms().

[VulnerabilityType Other]
null pointer deference

[Vendor of Product]
qt

[Affected Product Code Base]
qt - 6.6, 6.5, 6.2

[Reference]
https://bugreports.qt.io/browse/QTBUG-115599

[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name...

Full Disclosure

Buffer Overflow in graphviz via via a crafted config6a file

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
Buffer Overflow vulnerability in graphviz v.2.43.0 allows a remote attacker to execute arbitrary code via a crafted
config6a file.

[Vulnerability Type]
Buffer Overflow

[Vendor of Product]
graphviz

[Affected Product Code Base]
graphviz - 2.43.0

[Reference]
https://gitlab.com/graphviz/graphviz/-/issues/2441

[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name...

Full Disclosure

null pointer deference in MiniZinc via a crafted .mzn file

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
Null pointer deference happens in MiniZinc v.2.7.6 via a crafted .mzn file.

[VulnerabilityType Other]
null pointer deference

[Vendor of Product]
MiniZinc

[Affected Product Code Base]
MiniZinc - 2.7.6

[Reference]
https://github.com/MiniZinc/libminizinc/issues/730

[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-46046 to this
vulnerability.

Full Disclosure

null pointer deference in Sane via a crafted config file

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
A null pointer deference occurred in Sane v.1.2.1 via a crafted config file to the sanei_configure_attach() function.

[VulnerabilityType Other]
null pointer deference

[Vendor of Product]
sane

[Affected Product Code Base]
sane - 1.2.1

[Reference]
https://gitlab.com/sane-project/backends/-/issues/708

[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-46047...

Full Disclosure

null pointer deference in tex-live

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
A null pointer deference existed in tex-live v.944e257 via a crafted file to the texk/web2c/pdftexdir/tounicode.c
function.

[VulnerabilityType Other]
null pointer deference

[Vendor of Product]
tex-live

[Affected Product Code Base]
tex-live - 944e257

[Reference]
https://tug.org/pipermail/tex-live/2023-August/049406.html

[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned...

Full Disclosure

null pointer deference in tex-live via a crafted cmr10.pfb

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
A null pointer deference occurred in tex-live 944e257 via a crafted cmr10.pfb config file.

[VulnerabilityType Other]
null pointer deference

[Vendor of Product]
tex-live

[Affected Product Code Base]
tex-live - 944e257

[Reference]
https://tug.org/pipermail/tex-live/2023-August/049400.html

[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-46048 to this...

Full Disclosure

Buffer overflow in Sane

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
A buffer overflow existed in Sane v.1.2.1 via a crafted config file to the init_options() function.

[Vulnerability Type]
Buffer Overflow

[Vendor of Product]
sane

[Affected Product Code Base]
sane - 1.2.1

[Reference]
https://gitlab.com/sane-project/backends/-/issues/709

[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-46052 to this
vulnerability.

Full Disclosure

null pointer deference in LLVM

Posted by Meng Ruijie on Jan 26

[Vulnerability description]
A null pointer deference existed in LLVM v.15.0.0 via a crafted pdflatex.fmt file.

[VulnerabilityType Other]
null pointer deference

[Vendor of Product]
llvm

[Affected Product Code Base]
llvm - LLVM-15

[Reference]
https://github.com/llvm/llvm-project/issues/67388

[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-46049 to this
vulnerability.

Full Disclosure

Minor firefox DoS - semi silently polluting ~/Downloads with files (part 2)

Posted by Georgi Guninski on Jan 18

Minor firefox DoS - semi silently polluting ~/Downloads with files (part 2)

Tested on: firefox 121 and chrome 120 on GNU/linux

Date: Thu Jan 18 08:38:28 AM UTC 2024

This is barely a DoS, but since it might affect Chrome too we decided
to disclose it.

If firefox user visits a specially crafted page, then firefox
may create many files in `~/Downloads`,
The user is notified about this in a small dialog, but there is
no option to stop the...

Full Disclosure

Re: ODR violation in Redis Raft

Posted by Jeffrey Walton on Jan 18

I fail to see how a One Definition Rule (ODR) violation results in a
Remote Code Execution.

Can you share your PoC, please?

Jeff

Full Disclosure

Infinite loop leading to buffer overflow in TinyDTLS

Posted by Meng Ruijie on Jan 17

[Suggested description]
An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. An infinite loop bug exists during the handling of a
ClientHello handshake message. This bug allows remote attackers to cause a denial of service by sending a malformed
ClientHello handshake message with an odd length of cipher suites, which triggers an infinite loop (consuming all
resources) and a buffer over-read that can disclose sensitive...

Full Disclosure

Assertion failure in check_certificate_request() of TinyDTLS

Posted by Meng Ruijie on Jan 17

[Suggested description]
An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. An assertion failure in check_certificate_request()
causes the server to exit unexpectedly (a denial of service).

[VulnerabilityType Other]
Improper Handling of exception conditions

[Vendor of Product]
https://github.com/contiki-ng/tinydtls

[Affected Product Code Base]
contiki-ng tinydtls - master branch 53a0d97

[Affected Component]
the service of dtls...

Full Disclosure

Misues same epoch number within TCP lifetime in TinyDTLS

Posted by Meng Ruijie on Jan 17

[Suggested description]
An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. DTLS servers allow remote attackers to reuse the
same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability
allows remote attackers to obtain sensitive application (data of connected clients).

[VulnerabilityType Other]
Improper Handling of exception conditions

[Vendor of Product]...

Full Disclosure

Buffer over-read in TinyDTLS

Posted by Meng Ruijie on Jan 17

[Suggested description]
An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. Incorrect handling of over-large packets in
dtls_ccm_decrypt_message() causes a buffer over-read that can expose sensitive information.

[Vulnerability Type]
Buffer Overflow

[Vendor of Product]
https://github.com/contiki-ng/tinydtls

[Affected Product Code Base]
contiki-ng tinydtls - master branch 53a0d97

[Affected Component]
the service of dtls servers...

Full Disclosure

Buffer over-read in dtls_sha256_update of TinyDTLS

Posted by Meng Ruijie on Jan 17

[Suggested description]
An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. A buffer over-read exists in the dtls_sha256_update
function. This bug allows remote attackers to cause a denial of service (crash) and possibly read sensitive information
by sending a malformed packet with an over-large fragment length field, due to servers incorrectly handling malformed
packets.

[Vulnerability Type]
Buffer Overflow

[Vendor of...

Full Disclosure

Legends of IdleOn - I Reject Your RNG And Substitute My Own

Posted by Soatok Dreamseeker on Jan 17

Hello Full Disclosure mailing list!

Legends of IdleOn is a popular free-to-play game on Android, iOS, Steam,
and Web. While playing around with it last year, I got curious and noticed
a trivial way to manipulate the random number generator.

After six months of radio silence from the developer, including asking the
Discord moderators for help getting the developer's attention, I've decided
to publish this publicly:...

Full Disclosure

ODR violation in Redis Raft

Posted by Meng Ruijie on Jan 17

[Suggested description]
Redis raft master-1b8bd86 to master-7b46079 was discovered to contain an ODR violation via the component
hiredisAllocFns at /opt/fs/redisraft/deps/hiredis/alloc.c.

[VulnerabilityType Other]
AddressSanitizer: odr-violation

[Vendor of Product]
Redis

[Affected Product Code Base]
raft - master-1b8bd86 to master-7b46079

[Affected Component]
affected executable

[Attack Type]
Remote

[Impact Code execution]
true

[Impact...

Full Disclosure

Incorrect handshake in TinyDTLS

Posted by Meng Ruijie on Jan 17

About CVE-2021-42141:

[Suggested description]
An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. One incorrect handshake could complete with
different epoch numbers in the packets Client_Hello, Client_key_exchange, and Change_cipher_spec, which may cause
denial of service.

[VulnerabilityType Other]
Improper Handling of exception conditions

[Vendor of Product]
https://github.com/contiki-ng/tinydtls

[Affected Product Code...

Full Disclosure

Mishandle epoch number in TinyDTLS servers

Posted by Meng Ruijie on Jan 17

About CVE-2021-42142:

[Suggested description]
An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. DTLS servers mishandle the early use of a large
epoch number. This vulnerability allows remote attackers to cause a denial of service and false-positive packet drops.

[VulnerabilityType Other]
Improper Handling of exception conditions

[Vendor of Product]
https://github.com/contiki-ng/tinydtls

[Affected Product Code Base]...

Full Disclosure

Re: cpio privilege escalation vulnerability via setuid files in cpio archive

Posted by Harry Sintonen via Fulldisclosure on Jan 14

Tar does set setuid bit, but tar is not vulnerable. This is not an attack.

The user is responsible for extracting the archives to secure location
and not letting other users access to insecure setuid binaries. See:

https://www.gnu.org/software/tar/manual/html_section/Security.html#Security-rules-of-thumb

These same security considerations also apply to cpio.

Full Disclosure

Backdoor.Win32 Carbanak (Anunak) / Named Pipe Null DACL

Posted by malvuln on Jan 14

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/b8e1e5b832e5947f41fd6ae6ef6d09a1.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32 Carbanak (Anunak)
Vulnerability: Named Pipe Null DACL
Family: Carbanak
Type: PE32
MD5: b8e1e5b832e5947f41fd6ae6ef6d09a1
Vuln ID: MVID-2024-0667
Dropped files: AlhEXlUJ.exe, AlhEXlUJbVpfX1EMVw.bin
Disclosure: 01/09/2024...

Full Disclosure

Re: cpio privilege escalation vulnerability via setuid files in cpio archive

Posted by Harry Sintonen via Fulldisclosure on Jan 14

So does for example tar. The same rules that apply to tar also apply to
cpio:

"Extract from an untrusted archive only into an otherwise-empty directory.
This directory and its parent should be accessible only to trusted users."

This is a user error, not a vulnerability in cpio.

Full Disclosure

CyberDanube Security Research 20240109-0 | Multiple Vulnerabilities in JetNet Series

Posted by Thomas Weber via Fulldisclosure on Jan 14

CyberDanube Security Research 20240109-0
-------------------------------------------------------------------------------
title| Multiple Vulnerabilities
product| Korenix JetNet Series
vulnerable version| See "Vulnerable versions"
fixed version| -
CVE number| CVE-2023-5376, CVE-2023-5347
impact| High
homepage| https://www.korenix.com/
found|...

Full Disclosure

Re: cpio privilege escalation vulnerability via setuid files in cpio archive

Posted by Georgi Guninski on Jan 14

Hi, thanks for the feedback :)

Which version of tar is vulnerable to this attack? I am pretty sure
this was fixed in tar and zip `long long` ago.

tar and zip on fedora 38 are definitely not vulnerable, they clear
the setuid bit.

I continue to suspect this is vulnerability because:
1. There is directory traversal protection for untrusted archives
2. tar and zip and not vulnerable

bash script for setuid files in tar:

#!/bin/bash

mkdir -p...

Full Disclosure

Re: cpio privilege escalation vulnerability via setuid files in cpio archive

Posted by fulldisclosure on Jan 14

Am 08.01.24 um 10:25 schrieb Georgi Guninski:

It's not a vulnerability, as

a) cpio archives must archive that flag as cpio is part of RPM packages
and those
must be able to contain setuid flags. Otherwise, you would need to add
chmod u+s  cmds to any %POST
section. Breaking this, would invalidate so many existing packages =>
won't happen

note: initramfs makes use of cpio as well, but setuid is not needed
here, as it's...

Full Disclosure

Re: [SBA-ADV-20220120-01] MOKOSmart MKGW1 Gateway Improper Session Management

Posted by SBA - Advisory via Fulldisclosure on Jan 14

MITRE assigned CVE-2023-51059 for this issue.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6571-1

Ubuntu Security Notice 6571-1 - Youssef Rebahi-Gilbert discovered that Monit did not properly process credentials for disabled accounts. An attacker could possibly use this issue to login to the platform with an expired account and a valid password.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6038-2

Ubuntu Security Notice 6038-2 - USN-6038-1 fixed several vulnerabilities in Go 1.18. This update provides the corresponding updates for Go 1.13 and Go 1.16. CVE-2022-29526 and CVE-2022-30630 only affected Go 1.16. It was discovered that the Go net/http module incorrectly handled Transfer-Encoding headers in the HTTP/1 client. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6568-1

Ubuntu Security Notice 6568-1 - The ClamAV package was updated to a new upstream version to remain compatible with signature database downloads.

Advisory Files ≈ Packet Storm

OX App Suite 7.10.6 Access Control / Cross Site Scripting

OX App Suite version 7.10.6-rev51 suffers from an access control vulnerability. Version 7.10.6-rev34 suffers from multiple cross site scripting vulnerabilities.

Advisory Files ≈ Packet Storm

OX App Suite 7.10.6 XSS / Command Execution / LDAP Injection

OX App Suite version 7.10.6-rev50 suffers from remote code execution and LDAP injection vulnerabilities. Version 7.10.6-rev33 suffers from a cross site scripting vulnerability.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6569-1

Ubuntu Security Notice 6569-1 - it was discovered that libclamunrar incorrectly handled directories when extracting RAR archives. A remote attacker could possibly use this issue to overwrite arbitrary files and execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. It was discovered that libclamunrar incorrectly validated certain structures when extracting RAR archives. A remote attacker could possibly use this issue to execute arbitrary code.

Advisory Files ≈ Packet Storm

Microsoft SQL Server db_ddladmin Privilege Escalation

Microsoft SQL Server versions 2014 through 2022 suffers from a db_ddladmin privilege escalation vulnerability. When escalated to Microsoft as a concern, they instead opted to update their documentation to note that this is possible instead of addressing the issue.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0089-03

Red Hat Security Advisory 2024-0089-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6567-1

Ubuntu Security Notice 6567-1 - Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the USB xHCI controller device. A privileged guest attacker could possibly use this issue to cause QEMU to crash, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that QEMU incorrectly handled the TCG Accelerator. A local attacker could use this issue to cause QEMU to crash, leading to a denial of service, or possibly execute arbitrary code and escalate privileges. This issue only affected Ubuntu 20.04 LTS.

Full Disclosure

cpio privilege escalation vulnerability via setuid files in cpio archive

Posted by Georgi Guninski on Jan 08

cpio privilege escalation vulnerability via setuid files in cpio archive

Happy New Year, let in 2024 happiness be with you! :)

When extracting archives cpio (at least version 2.13) preserves
the setuid flag, which might lead to privilege escalation.

One example is r00t extracts to /tmp/ and scidiot runs /tmp/micq/backd00r
without further interaction from root.

We believe this is vulnerability, since directory traversal in cpio
is considered...

Full Disclosure

OXAS-ADV-2023-0006: OX App Suite Security Advisory

Posted by Martin Heiland via Fulldisclosure on Jan 08

Dear subscribers,

We're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX AppSuite, Dovecot and PowerDNS at YesWeHack.

This advisory has also been published at https://documentation.open-xchange.com/security/advisories/.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH

Internal reference: MWB-2315
Type:...

Full Disclosure

OXAS-ADV-2023-0005: OX App Suite Security Advisory

Posted by Martin Heiland via Fulldisclosure on Jan 08

Dear subscribers,

We're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX AppSuite, Dovecot and PowerDNS at YesWeHack.

This advisory has also been published at https://documentation.open-xchange.com/security/advisories/.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH

Internal reference: MWB-2261
Type:...

Full Disclosure

SSH-Snake: Automated SSH-Based Network Traversal

Posted by Joshua Rogers on Jan 08

SSH-Snake is a powerful tool designed to perform automatic network
traversal using SSH private keys discovered on systems, with the objective
of creating a comprehensive map of a network and its dependencies,
identifying to what extent a network can be compromised using SSH and SSH
private keys starting from a particular system.

SSH-Snake can automatically reveal the relationship between systems which
are connected via SSH, which would normally...

Advisory Files ≈ Packet Storm

Gentoo Linux Security Advisory 202401-12

Gentoo Linux Security Advisory 202401-12 - Multiple vulnerabilities have been found in Synapse, the worst of which could result in information leaks. Versions greater than or equal to 1.96.0 are affected.

Advisory Files ≈ Packet Storm

Gentoo Linux Security Advisory 202401-11

Gentoo Linux Security Advisory 202401-11 - Multiple vulnerabilities have been found in Apache Batik, the worst of which could result in arbitrary code execution. Versions greater than or equal to 1.17 are affected.

Advisory Files ≈ Packet Storm

Gentoo Linux Security Advisory 202401-10

Gentoo Linux Security Advisory 202401-10 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could lead to remote code execution. Versions greater than or equal to 115.6.0:esr are affected.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6499-2

Ubuntu Security Notice 6499-2 - USN-6499-1 fixed vulnerabilities in GnuTLS. This update provides the corresponding update for Ubuntu 18.04 LTS. It was discovered that GnuTLS had a timing side-channel when handling certain RSA-PSK key exchanges. A remote attacker could possibly use this issue to recover sensitive information.

Advisory Files ≈ Packet Storm

Gentoo Linux Security Advisory 202401-09

Gentoo Linux Security Advisory 202401-9 - Multiple vulnerabilities have been found in Eclipse Mosquitto which could result in denial of service. Versions greater than or equal to 2.0.17 are affected.

Advisory Files ≈ Packet Storm

Gentoo Linux Security Advisory 202401-08

Gentoo Linux Security Advisory 202401-8 - Multiple vulnerabilities have been discovered in util-linux which can lead to denial of service or information disclosure. Versions greater than or equal to 2.37.4 are affected.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0071-03

Red Hat Security Advisory 2024-0071-03 - An update for squid is now available for Red Hat Enterprise Linux 9. Issues addressed include buffer over-read, denial of service, and null pointer vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0072-03

Red Hat Security Advisory 2024-0072-03 - An update for squid is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include buffer over-read, denial of service, and null pointer vulnerabilities.

Advisory Files ≈ Packet Storm

Gentoo Linux Security Advisory 202401-07

Gentoo Linux Security Advisory 202401-7 - A vulnerability was found in R which could allow for remote code execution. Versions greater than or equal to 4.0.4 are affected.

Advisory Files ≈ Packet Storm

Gentoo Linux Security Advisory 202401-06

Gentoo Linux Security Advisory 202401-6 - A vulnerability has been found in CUPS filters where remote code execution is possible via the beh filter. Versions greater than or equal to 1.28.17-r2 are affected.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6549-4

Ubuntu Security Notice 6549-4 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information.

Advisory Files ≈ Packet Storm

Gentoo Linux Security Advisory 202401-04

Gentoo Linux Security Advisory 202401-4 - Several vulnerabilities have been found in WebKitGTK+, the worst of which can lead to remote code execution. Versions greater than or equal to 2.42.3:4 are affected.

Advisory Files ≈ Packet Storm

Gentoo Linux Security Advisory 202401-05

Gentoo Linux Security Advisory 202401-5 - A vulnerability has been found in RDoc which allows for command injection. Versions greater than or equal to 6.3.2 are affected.

Advisory Files ≈ Packet Storm

Debian Security Advisory 5596-1

Debian Linux Security Advisory 5596-1 - Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange.