Ubuntu Security Notice 6859-1 - It was discovered that OpenSSH incorrectly handled signal management. A remote attacker could use this issue to bypass authentication and remotely access systems without proper credentials.
bcfd1b7ff658bbf12659082b47acf8efddd6d98fb26b5263228f3aa943bdcaa6Debian Linux Security Advisory 5724-1 - The Qualys Threat Research Unit (TRU) discovered that OpenSSH, an implementation of the SSH protocol suite, is prone to a signal handler race condition. If a client does not authenticate within LoginGraceTime seconds (120 by default), then sshd's SIGALRM handler is called asynchronously and calls various functions that are not async-signal-safe. A remote unauthenticated attacker can take advantage of this flaw to execute arbitrary code with root privileges. This flaw affects sshd in its default configuration.
5e87f7e6953882200bcca86b932c1100ae34b3674c68208e709aa0522427b2f9Gentoo Linux Security Advisory 202407-8 - Multiple vulnerabilities have been discovered in GNU Emacs and Org Mode, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 26.3-r16:26 are affected.
21e015a898ac7f1d5a6eb054d0058e45054a588c3a6600d711b60ae099daae5aGentoo Linux Security Advisory 202407-7 - A vulnerability has been discovered in cpio, which can lead to arbitrary code execution. Versions greater than or equal to 2.13-r1 are affected.
e20c4abc5e7c436bdee6268fc5dfb6f62a3c64d05b62800a8a445c86432c78bcThis archive contains all of the 65 exploits added to Packet Storm in June, 2024.
6b8363c7550af80f944a838328e0d44ec8c298374dff3f3acb6c4e80bc9bbd1dQualys has discovered a a signal handler race condition vulnerability in OpenSSH's server, sshd. If a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously, but this signal handler calls various functions that are not async-signal-safe - for example, syslog(). This race condition affects sshd in its default configuration.
7826092019b763740fb3de1d429e43d078262e82a1ebe5f37c468e1d5ea080c4This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
dd8bd002a379b5d499dfb050dd1fa9af8029e80461f4bb6c523c49973f5a39f3Ubuntu Security Notice 6858-1 - It was discovered that eSpeak NG did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code.
b4e4adc488d96044e90d1118bf391482740248127a9712daf429decebd0051dfGentoo Linux Security Advisory 202407-6 - Multiple vulnerabilities have been discovered in cryptography, the worst of which could lead to a denial of service. Versions greater than or equal to 42.0.4 are affected.
f8620483b3b729d77ad368cacfffca0d4fba7017da142ea0d7b075a566f1f717Gentoo Linux Security Advisory 202407-5 - A vulnerability has been discovered in SSSD, which can lead to arbitrary code execution. Versions greater than or equal to 2.5.2-r1 are affected.
78863cd9f2256e75b7be1dbcffe0eba58f8403147ba315de156c3b25ec386cb6Simple Laboratory Management System version 1.0 suffers from a remote time-based SQL injection vulnerability.
a3e1c655f937eff9ebf2da2b353c83e263683a3967db2f21f5ca4143cdf81204Ubuntu Security Notice 6855-1 - Mansour Gashasbi discovered that libcdio incorrectly handled certain memory operations when parsing an ISO file, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.
00050c8509097ce19c76d6a92ba7dc869c0e9ef151f2531257842f3d54d03f9fGentoo Linux Security Advisory 202406-6 - Multiple vulnerabilities have been discovered in GStreamer and GStreamer Plugins, the worst of which could lead to code execution. Versions greater than or equal to 1.22.11-r1 are affected.
fec3a8343a74b9d1fe7699008262c7399508766a646b2c0ee811200f5afffa94Azon Dominator Affiliate Marketing Script suffers from a remote SQL injection vulnerability.
948d6760bf02f4b346c3cc86879bf4dbca5d1715bf86d80951f180deacf66adaGentoo Linux Security Advisory 202407-2 - A vulnerability has been discovered in SDL_ttf, which can lead to arbitrary memory writes. Versions greater than or equal to 2.20.0 are affected.
cf6c23c65466d430a6abe30ac22947508be6d87b0ad3ea87daef29078ade3161Gentoo Linux Security Advisory 202407-4 - A vulnerability has been discovered in Pixman, which can lead to a heap buffer overflow. Versions greater than or equal to 0.42.2 are affected.
4ec34af770f05436d1f7cdeeb63d88663079e0b8ce91cfef93e1dbb733faafeeGentoo Linux Security Advisory 202407-3 - A vulnerability has been discovered in Liferea, which can lead to remote code execution. Versions greater than or equal to 1.12.10 are affected.
0858d5d56d91223cf873493729d2d66ce9e88639f0d9056844858758a17a8500WordPress WPCode Lite plugin version 2.1.14 suffers from a persistent cross site scripting vulnerability.
b4e70253a2817fd4483b22bb7e7430df1dd18f70e23ee27d6af251aa47eb7036Xhibiter NFT Marketplace version 1.10.2 suffers from a remote SQL injection vulnerability.
8071d68714993661e6f4f9be97b52d4e71a2c9cc0cca03163d6917695cdef131Gentoo Linux Security Advisory 202407-1 - A vulnerability has been discovered in Zsh, which can lead to execution of arbitrary code. Versions greater than or equal to 5.8.1 are affected.
d9a62b3cc5db7a1108e06a03409a472b97c45033a06411edc97792289abd2ee9Customer Support System version 1.0 suffers from a persistent cross site scripting vulnerability. Original discovery of cross site scripting in this version is attributed to Ahmed Abba in November of 2020.
bd3b1262bfab66821d2e542deeae55703ce8c3dbcbfb3a2f3bb1adec4b3fdef0Red Hat Security Advisory 2024-4200-03 - An update for libreswan is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
441574bf319a252c29e21aef373f968ee6e07ca682f6013cac33a5c6ba866179Red Hat Security Advisory 2024-4197-03 - An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a HTTP response splitting vulnerability.
1a7359f59ccc6b45c34232a7bc3ee29df4ae36cde45b99d999c97ca7cfb70d75Red Hat Security Advisory 2024-4179-03 - An update for pki-core is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a bypass vulnerability.
68df5f13f9d757b6ac04834bba0477fac1fd0af6d2271ba5e0b7b182fecbc66eRed Hat Security Advisory 2024-3637-03 - Secondary Scheduler Operator for Red Hat OpenShift 1.3.0 for RHEL 9. Issues addressed include denial of service and memory exhaustion vulnerabilities.
0454ad660b602d86598c194b205ce6599bb51aa8c8c871058502305e6bcca078
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed