Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1013-03

Red Hat Security Advisory 2024-1013-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a buffer overflow vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1019-03

Red Hat Security Advisory 2024-1019-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include null pointer, privilege escalation, and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-1004-03

Red Hat Security Advisory 2024-1004-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a buffer overflow vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0954-03

Red Hat Security Advisory 2024-0954-03 - The components for Red Hat OpenShift for Windows Containers 10.15.0 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Issues addressed include a privilege escalation vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0999-03

Red Hat Security Advisory 2024-0999-03 - An update for kernel is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Issues addressed include a use-after-free vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0946-03

Red Hat Security Advisory 2024-0946-03 - Red Hat OpenShift Container Platform release 4.13.35 is now available with updates to packages and images that fix several bugs and add enhancements.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0948-03

Red Hat Security Advisory 2024-0948-03 - Red Hat OpenShift Container Platform release 4.13.35 is now available with updates to packages and images that fix several bugs and add enhancements.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0941-03

Red Hat Security Advisory 2024-0941-03 - Red Hat OpenShift Container Platform release 4.14.14 is now available with updates to packages and images that fix several bugs and add enhancements.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0944-03

Red Hat Security Advisory 2024-0944-03 - Red Hat OpenShift Container Platform release 4.14.14 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a cross site scripting vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0766-03

Red Hat Security Advisory 2024-0766-03 - Red Hat OpenShift Container Platform release 4.15.0 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0269-03

Red Hat Security Advisory 2024-0269-03 - An update for run-once-duration-override-container, run-once-duration-override-operator-bundle-container, and run-once-duration-override-operator-container is now available for RODOO-1.1-RHEL-9. Issues addressed include a denial of service vulnerability.

Exploit-DB Updates

[local] (shellcode) Linux-x64 - create a shell with execve() sending argument using XOR (/bin//sh) [55 bytes]

(shellcode) Linux-x64 - create a shell with execve() sending argument using XOR (/bin//sh) [55 bytes]

Exploit-DB Updates

[webapps] Blood Bank v1.0 - Multiple SQL Injection

Blood Bank v1.0 - Multiple SQL Injection

Exploit-DB Updates

[webapps] WP Rocket < 2.10.3 - Local File Inclusion (LFI)

WP Rocket

Exploit-DB Updates

[local] Saflok - Key Derication Function Exploit

Saflok - Key Derication Function Exploit

Exploit-DB Updates

[webapps] WP Fastest Cache 1.2.2 - Unauthenticated SQL Injection

WP Fastest Cache 1.2.2 - Unauthenticated SQL Injection

Exploit-DB Updates

[webapps] WordPress Plugin Admin Bar & Dashboard Access Control Version: 1.2.8 - "Dashboard Redirect" field Stored Cross-Site Scripting (XSS)

WordPress Plugin Admin Bar & Dashboard Access Control Version: 1.2.8 - "Dashboard Redirect" field Stored Cross-Site Scripting (XSS)

Advisory Files ≈ Packet Storm

Gentoo Linux Security Advisory 202402-33

Gentoo Linux Security Advisory 202402-33 - A vulnerability has been found in PyYAML which can lead to arbitrary code execution. Versions greater than or equal to 5.4 are affected.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6661-1

Ubuntu Security Notice 6661-1 - Yi Yang discovered that the Hotspot component of OpenJDK 17 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. It was discovered that the Hotspot component of OpenJDK 17 did not properly verify bytecode in certain situations. An attacker could possibly use this issue to bypass Java sandbox restrictions.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6662-1

Ubuntu Security Notice 6662-1 - Yi Yang discovered that the Hotspot component of OpenJDK 21 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. It was discovered that the Hotspot component of OpenJDK 21 did not properly verify bytecode in certain situations. An attacker could possibly use this issue to bypass Java sandbox restrictions.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6305-2

Ubuntu Security Notice 6305-2 - USN-6305-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. It was discovered that PHP incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6663-1

Ubuntu Security Notice 6663-1 - As a security improvement, this update prevents OpenSSL from returning an error when detecting wrong padding in PKCS#1 v1.5 RSA, to prevent its use in possible Bleichenbacher timing attacks.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6657-1

Ubuntu Security Notice 6657-1 - Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Dnsmasq icorrectly handled validating DNSSEC messages. A remote attacker could possibly use this issue to cause Dnsmasq to consume resources, leading to a denial of service. It was discovered that Dnsmasq incorrectly handled preparing an NSEC3 closest encloser proof. A remote attacker could possibly use this issue to cause Dnsmasq to consume resources, leading to a denial of service.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6658-1

Ubuntu Security Notice 6658-1 - It was discovered that libxml2 incorrectly handled certain XML documents. A remote attacker could possibly use this issue to cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6659-1

Ubuntu Security Notice 6659-1 - It was discovered that libde265 could be made to write out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that libde265 could be made to read out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6656-1

Ubuntu Security Notice 6656-1 - It was discovered that PostgreSQL incorrectly handled dropping privileges when handling REFRESH MATERIALIZED VIEW CONCURRENTLY commands. If a user or automatic system were tricked into running a specially crafted command, a remote attacker could possibly use this issue to execute arbitrary SQL functions.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6660-1

Ubuntu Security Notice 6660-1 - Yi Yang discovered that the Hotspot component of OpenJDK 11 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. It was discovered that the Hotspot component of OpenJDK 11 did not properly verify bytecode in certain situations. An attacker could possibly use this issue to bypass Java sandbox restrictions.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0990-03

Red Hat Security Advisory 2024-0990-03 - An update for rh-postgresql12-postgresql is now available for Red Hat Software Collections.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0992-03

Red Hat Security Advisory 2024-0992-03 - An update for rh-postgresql10-postgresql is now available for Red Hat Software Collections.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0998-03

Red Hat Security Advisory 2024-0998-03 - Red Hat OpenShift distributed tracing 3.1.0.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0989-03

Red Hat Security Advisory 2024-0989-03 - Red Hat Multicluster GlobalHub 1.0.2 General Availability release images, which fix bugs, provide security updates, and update container images. Issues addressed include denial of service and traversal vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0980-03

Red Hat Security Advisory 2024-0980-03 - An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support. Issues addressed include a use-after-free vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0981-03

Red Hat Security Advisory 2024-0981-03 - An update for unbound is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0982-03

Red Hat Security Advisory 2024-0982-03 - An update for unbound is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0983-03

Red Hat Security Advisory 2024-0983-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a spoofing vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0984-03

Red Hat Security Advisory 2024-0984-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a spoofing vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0988-03

Red Hat Security Advisory 2024-0988-03 - An update for rh-postgresql13-postgresql is now available for Red Hat Software Collections.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0979-03

Red Hat Security Advisory 2024-0979-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0977-03

Red Hat Security Advisory 2024-0977-03 - An update for unbound is now available for Red Hat Enterprise Linux 9.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-0978-03

Red Hat Security Advisory 2024-0978-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support.

Exploit-DB Updates

[remote] TEM Opera Plus FM Family Transmitter 35.45 - XSRF

TEM Opera Plus FM Family Transmitter 35.45 - XSRF

Exploit-DB Updates

[webapps] Atlassian Confluence Data Center and Server - Authentication Bypass (Metasploit)

Atlassian Confluence Data Center and Server - Authentication Bypass (Metasploit)

Exploit-DB Updates

[remote] TEM Opera Plus FM Family Transmitter 35.45 - Remote Code Execution

TEM Opera Plus FM Family Transmitter 35.45 - Remote Code Execution

Exploit-DB Updates

[webapps] Wordpress Plugin Canto < 3.0.5 - Remote File Inclusion (RFI) and Remote Code Execution (RCE)

Wordpress Plugin Canto

Exploit-DB Updates

[webapps] Moodle 4.3 - Reflected XSS

Moodle 4.3 - Reflected XSS

Exploit-DB Updates

[remote] Executables Created with perl2exe < V30.10C - Arbitrary Code Execution

Executables Created with perl2exe

Exploit-DB Updates

[webapps] Zoo Management System 1.0 - Unauthenticated RCE

Zoo Management System 1.0 - Unauthenticated RCE

Exploit-DB Updates

[webapps] Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super admin

Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super admin

Exploit-DB Updates

[webapps] dawa-pharma 1.0-2022 - Multiple-SQLi

dawa-pharma 1.0-2022 - Multiple-SQLi

Exploit-DB Updates

[webapps] Moodle 4.3 - Insecure Direct Object Reference

Moodle 4.3 - Insecure Direct Object Reference

Exploit-DB Updates

[webapps] Automatic-Systems SOC FL9600 FastLine - Directory Transversal

Automatic-Systems SOC FL9600 FastLine - Directory Transversal

Exploit-DB Updates

[webapps] SuperStoreFinder - Multiple Vulnerabilities

SuperStoreFinder - Multiple Vulnerabilities

Exploit-DB Updates

[remote] Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'Credentials Disclosure'

Wyrestorm Apollo VX20

Exploit-DB Updates

[webapps] Online Shopping System Advanced - Sql Injection

Online Shopping System Advanced - Sql Injection

Exploit-DB Updates

[webapps] comments-like-dislike < 1.2.0 - Authenticated (Subscriber+) Plugin Setting Reset

comments-like-dislike

Exploit-DB Updates

[remote] IBM i Access Client Solutions v1.1.2 - 1.1.4, v1.1.4.3 - 1.1.9.4 - Remote Credential Theft

IBM i Access Client Solutions v1.1.2 - 1.1.4, v1.1.4.3 - 1.1.9.4 - Remote Credential Theft

Exploit-DB Updates

[dos] Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'DoS'

Wyrestorm Apollo VX20

Exploit-DB Updates

[remote] Flashcard Quiz App v1.0 - 'card' SQL Injection

Flashcard Quiz App v1.0 - 'card' SQL Injection

Exploit-DB Updates

[remote] Wyrestorm Apollo VX20 < 1.3.58 - Account Enumeration

Wyrestorm Apollo VX20

Exploit-DB Updates

[webapps] taskhub 2.8.7 - SQL Injection

taskhub 2.8.7 - SQL Injection