what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 56 RSS Feed

Files Date: 2023-11-22

Ubuntu Security Notice USN-6506-1
Posted Nov 22, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6506-1 - David Shoon discovered that the Apache HTTP Server mod_macro module incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Prof. Sven Dietrich, Isa Jafarov, Prof. Heejo Lee, and Choongin Lee discovered that the Apache HTTP Server incorrectly handled certain HTTP/2 connections. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. This issue only affected Ubuntu 23.04, and Ubuntu 23.10.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2023-31122, CVE-2023-43622, CVE-2023-45802
SHA-256 | 8a919d1a4d307c69872670d645ac6969f558a3c26282d75583807e9eb42825c5
Ubuntu Security Notice USN-6505-1
Posted Nov 22, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6505-1 - It was discovered that nghttp2 incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2023-44487
SHA-256 | 03d107d2cf8ab399de40a112a24a0819d324fa4dda506f874f6f670d8e52d1fc
Ubuntu Security Notice USN-6504-1
Posted Nov 22, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6504-1 - It was discovered that tracker-miners incorrectly handled sandboxing. If a second security issue was discovered in tracker-miners, an attacker could possibly use this issue in combination with it to escape the sandbox.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2023-5557
SHA-256 | 3b3d9faa327fabcfd7513e72be00f3390d2ce22460ac02fed2b03cf2e2ed14fd
Ubuntu Security Notice USN-6503-1
Posted Nov 22, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6503-1 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Bien Pham discovered that the netfiler subsystem in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-31085, CVE-2023-4244, CVE-2023-5090, CVE-2023-5345, CVE-2023-5633
SHA-256 | f49422348439f73d6b38b42749f79884cebe5eadebb4f303ea755ef60d55b31d
Ubuntu Security Notice USN-6502-1
Posted Nov 22, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6502-1 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.

tags | advisory, remote, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-25775, CVE-2023-31085, CVE-2023-45871, CVE-2023-5090, CVE-2023-5345
SHA-256 | 8b281c71f5499aa0d9babf8be280fa9bfb686118750a8a2f47909b213297ce1d
WordPress UserPro 5.1.x Password Reset / Authentication Bypass / Escalation
Posted Nov 22, 2023
Authored by Istvan Marton | Site wordfence.com

WordPress UserPro plugin versions 5.1.1 and below suffer from an insecure password reset mechanism, information disclosure, and authentication bypass vulnerabilities. Versions 5.1.4 and below suffer from privilege escalation and shortcode execution vulnerabilities.

tags | exploit, vulnerability, code execution, bypass, info disclosure
advisories | CVE-2023-2437, CVE-2023-2446, CVE-2023-2448, CVE-2023-2449, CVE-2023-6009
SHA-256 | bfb7306b803b1acac19078db2972f3aa4724b44e3c44892d41946574771b0eda
Ubuntu Security Notice USN-6501-1
Posted Nov 22, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6501-1 - It was discovered that RabbitMQ incorrectly handled certain HTTP requests. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, web, denial of service
systems | linux, ubuntu
advisories | CVE-2023-46118
SHA-256 | 2d3249c3745b8f65d72b1d274eb24d24152b2af6f363f93db9cc96d2f62e1dcb
Ubuntu Security Notice USN-6497-1
Posted Nov 22, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6497-1 - Maxim Levitsky discovered that the KVM nested virtualization implementation for AMD processors in the Linux kernel did not properly handle x2AVIC MSRs. An attacker in a guest VM could use this to cause a denial of service. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly handle queue initialization failures in certain situations, leading to a use-after-free vulnerability. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary, kernel, tcp
systems | linux, ubuntu
advisories | CVE-2023-5090, CVE-2023-5178, CVE-2023-5717
SHA-256 | 1cc01b285543877683c581f44bf9007094b8fb6f7d0a6dae46f3076858904e22
Ubuntu Security Notice USN-6496-1
Posted Nov 22, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6496-1 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.

tags | advisory, remote, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-25775, CVE-2023-31085, CVE-2023-45871
SHA-256 | fdc60d8e003a09f361ff5ac07a415ab8ebfa403348d5e5c0f06215ad1ca095ce
Ubuntu Security Notice USN-6495-1
Posted Nov 22, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6495-1 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Manfred Rudigier discovered that the Intel PCI-Express Gigabit Ethernet driver in the Linux kernel did not properly validate received frames that are larger than the set MTU size, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-31085, CVE-2023-45871
SHA-256 | 0038b4a53931aed559aad4f7b7dc878297fdaf2901ec90a9d676eb3e2302139e
Ubuntu Security Notice USN-6494-1
Posted Nov 22, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6494-1 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service or possibly expose sensitive information.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-31085, CVE-2023-39189, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-42754, CVE-2023-45862, CVE-2023-45871, CVE-2023-5717
SHA-256 | b8155c22b0aee7834c05ed29a1774d0847591054fd409c28e4a01741d747e025
Ubuntu Security Notice USN-6500-1
Posted Nov 22, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6500-1 - Joshua Rogers discovered that Squid incorrectly handled validating certain SSL certificates. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. Joshua Rogers discovered that Squid incorrectly handled the Gopher protocol. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Gopher support has been disabled in this update. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04.

tags | advisory, remote, denial of service, protocol
systems | linux, ubuntu
advisories | CVE-2023-46724, CVE-2023-46728, CVE-2023-46846, CVE-2023-46847, CVE-2023-46848
SHA-256 | 89e080ec0dca666e58acac5a17ad942076e2d2723e487a8ff043ca16623f5d78
Ubuntu Security Notice USN-6499-1
Posted Nov 22, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6499-1 - It was discovered that GnuTLS had a timing side-channel when handling certain RSA-PSK key exchanges. A remote attacker could possibly use this issue to recover sensitive information.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2023-5981
SHA-256 | c4318ffc70d40344c6cc24f5df5b0bd189dedc07477a6bdf29ded4cc378b8f3b
Ubuntu Security Notice USN-6498-1
Posted Nov 22, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6498-1 - It was discovered that FRR incorrectly handled certain BGP messages. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2023-38406
SHA-256 | 8ffb58b4fdeecb594ce52be5a964442b10c2448f7272166e562fe6adb101bd85
Red Hat Security Advisory 2023-7438-01
Posted Nov 22, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7438-01 - An update for python-gevent is now available for Red Hat OpenStack Platform 17.1.1. Issues addressed include a privilege escalation vulnerability.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2023-41419
SHA-256 | 7ebe1c475d5ccc7d07e64c9ca0f0bce420cd72bd757e8c878fd7af74d19eb8a2
Red Hat Security Advisory 2023-7436-01
Posted Nov 22, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7436-01 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include an out of bounds write vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-5367
SHA-256 | 4627ce7f95ad3d19e6dfee6f3c3b90ba7dc75c3c1fde62f8448cddd9d59b3130
Red Hat Security Advisory 2023-7435-01
Posted Nov 22, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7435-01 - An update for fence-agents is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-37920
SHA-256 | 7f9bc46d37a2ac495edf8707f0e857b1be49c57ba74edecf3fd9ca26aeeffe44
Red Hat Security Advisory 2023-7434-01
Posted Nov 22, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7434-01 - An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2023-1829
SHA-256 | e0fba6a08cab6238d94cd0a025c00582aadfb8a859979b55fd86c7e9368c8806
Red Hat Security Advisory 2023-7431-01
Posted Nov 22, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7431-01 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Issues addressed include a use-after-free vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2023-1829
SHA-256 | 5254d2f7a68346117fbef2d12d056430d6df8d2b748916611ccfa85c6128aca8
Red Hat Security Advisory 2023-7428-01
Posted Nov 22, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7428-01 - An update for tigervnc is now available for Red Hat Enterprise Linux 7. Issues addressed include out of bounds write and use-after-free vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2023-5367
SHA-256 | e1777058ed5bdd6393bb17d224962e7cd066901f0e5c3b9bd7c95653bc25c4d6
Red Hat Security Advisory 2023-7424-01
Posted Nov 22, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7424-01 - An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Issues addressed include a use-after-free vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2022-40982
SHA-256 | d5760bd84b7ee41a667637ddd0ff52382b41fed50c66b7b650fa41d3c651cf47
Red Hat Security Advisory 2023-7423-01
Posted Nov 22, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7423-01 - An update for kernel is now available for Red Hat Enterprise Linux 7. Issues addressed include a use-after-free vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2022-40982
SHA-256 | 8b144e8a2724365279a823f10c2e4b42859380077eb33857cc9ed90fa1c8e747
Red Hat Security Advisory 2023-7419-01
Posted Nov 22, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7419-01 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-3611
SHA-256 | 936fdf648883fbd8ebdc63aa8a8c2b8a636850d88046a3db4ad2063a7fadd385
Red Hat Security Advisory 2023-7418-01
Posted Nov 22, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7418-01 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-3609
SHA-256 | c2dc4159acf31b034b7ecd43a6adfc922a8e39d37b80c340d0836fcd2213c967
Red Hat Security Advisory 2023-7417-01
Posted Nov 22, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7417-01 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-1829
SHA-256 | b79e2f3138343f171cb37f04e56e61c94acb5fe89091bbd35686421d2cb63901
Page 1 of 3
Back123Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close