This Metasploit module exploits the Git fetch command in the Gitea repository migration process to allow for remote command execution on the system. This vulnerability affect Gitea versions prior to 1.16.7.
dba6b158933e4ec6089f6364c6b953e84d8ade82305acdf446dc098ee940e1ddBotan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.
dae047f399c5a47f087db5d3d9d9e8f11ae4985d14c928d71da1aff801802d55Debian Linux Security Advisory 5283-1 - Several flaws were discovered in jackson-databind, a fast and powerful JSON library for Java.
3065027887bf5fa94d590057f95fc931a26aacb00941c3b82ff32ac74d124ef9Debian Linux Security Advisory 5279-2 - Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injection, create open redirects, bypass authorization access, or perform Cross-Site Request Forgery (CSRF) or Cross-Site Scripting (XSS) attacks. The wordpress package released in DSA-5279-1 had incorrect dependencies that could not be satisfied in Debian stable. This update corrects the problem.
389845c1cb18def69eba66246c35f85df9383c4619ea4cbb54983839e90b7fcbUbuntu Security Notice 5729-1 - It was discovered that a race condition existed in the instruction emulator of the Linux kernel on Arm 64-bit systems. A local attacker could use this to cause a denial of service. Hsin-Wei Hung discovered that the BPF subsystem in the Linux kernel contained an out-of-bounds read vulnerability in the x86 JIT compiler. A local attacker could possibly use this to cause a denial of service or expose sensitive information.
2ed9de86da2c1e7cc0b4f8970c86b427aa7bf63dcea72f209cebdcce6cd60b19Ubuntu Security Notice 5727-1 - It was discovered that a race condition existed in the instruction emulator of the Linux kernel on Arm 64-bit systems. A local attacker could use this to cause a denial of service. It was discovered that the KVM implementation in the Linux kernel did not properly handle virtual CPUs without APICs in certain situations. A local attacker could possibly use this to cause a denial of service.
c5aeb552da277840f0734207a89d8b35a628cfa276057d8cc68659f6540b4287Ubuntu Security Notice 5728-1 - Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the memory address space accounting implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
d0a1c25c6eb1d9a7ff69a8217addefb3508ac783bad0f3c1762570c079322a29Debian Linux Security Advisory 5282-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure, spoofing or bypass of the SameSite cookie policy.
91034eee5b8fb88c332be0918f4e842a60c55772e39e1a9a1d42dfd92d057459Red Hat Security Advisory 2022-7435-01 - An update is now available for Logging subsystem for Red Hat OpenShift 5.4. Issues addressed include a denial of service vulnerability.
520d007ced3b26af21d611f8692ea69ba171cc009a4ec3cfe8e04ac728449a31Red Hat Security Advisory 2022-8502-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.
a09ce5a2ec66eb964963b5ad5174d464e6f7ba66a1d30a99ea48599832f32351Red Hat Security Advisory 2022-8506-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include code execution, cross site scripting, denial of service, remote SQL injection, and traversal vulnerabilities.
2d5699b272bf62135c49021ecfc5e70e3ef3e624c94ce2a33e3c23d5cd96ba6d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed