An authenticated command injection vulnerability exists in MyPRO versions 8.28.0 and below from mySCADA. The vulnerability can be exploited by a remote attacker to inject arbitrary operating system commands which will get executed in the context of NT AUTHORITY\SYSTEM.
6bdea3ad1391073febd62f0e884fbd6fc6fea49ac4cfd406e9d4238facc1c2edUbuntu Security Notice 6926-1 - 黄思聪 discovered that the NFC Controller Interface implementation in the Linux kernel did not properly handle certain memory allocation failure conditions, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service.
5946767f63c59a1b35d467132768a7ffe22b7db995b64fbe9e4a10be86c172d9Ubuntu Security Notice 6925-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
fe1fba60e33b29ebcc0c686a7d7dd8e22db410b67deed3ea344841f408dec4d0Blog Site version 1.0 suffers from a remote SQL injection vulnerability.
1782b046991f3607dfff6d31c96b4101dee037b31b0a50fae28cfec7b81e11d6Debian Linux Security Advisory 5734-2 - The security update announced as DSA 5734-1 caused a regression on configurations using the Samba DLZ module. Updated packages are now available to correct this issue.
db85a04ceff1e9fa79d7b6291241e7bbb6413f70cdd9cbd1fe8fbaac121ca01eQuickJob version 6.1 suffers from an ignored default credential vulnerability.
e6896d4cea9d5e1f38adf67e9cf29b00d07caf0ece1ebc4e316d431f13e72ecaPrison Management System version version 1.0 suffers from an ignored default credential vulnerability.
81a9d01f3c8c94bb0000f4403731ff41830ed447ed13fdad39cbe7cc67884842Ubuntu Security Notice 6924-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
fe53846e8c2cef290fe6f0e94666b098b0705e2d7d948fed1bfc7f874370ec5fUbuntu Security Notice 6921-1 - Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
f21012d26bb2d7955b293ca300cc71afa2c6c54d91aeb2e68d7f99a4c54f7d37Ubuntu Security Notice 6923-1 - Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
f1478e6fbfb5ae574e77c100a2ce319395b280eba6b7976833ad785e429368d6Telegram for Android suffers from a use-after-free vulnerability in Connection::onReceivedData.
b50977499b859adec9bc55d49621466231a4ab00aa44223747f9839cecd9995ePowerVR has an issue where wrapping addition in _DevmemXReservationPageAddress() causes an MMU operation at the wrong address.
8cf4775aa2d6620274690594068ebd5446a26435ff99535d37ef3d64af38db87PowerVR has integer overflows in DevmemXIntMapPages() and DevmemXIntUnmapPages(), exploitable as dangling GPU page table entries.
607faad30ec56959223ff39f5065ae4bc346c6c969c93404b728ab4ed243fc1aPowerVR PMR allows physical memory to be freed before GPU TLB invalidation.
48938b3e44dc2ae24749118301fe7c8b943bd6b5bb5f57034378aa0f41845d6fUbuntu Security Notice 6922-1 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Chenyuan Yang discovered that the Unsorted Block Images flash device volume management subsystem did not properly validate logical eraseblock sizes in certain situations. An attacker could possibly use this to cause a denial of service.
d8199e3a6b66aed553595f80a8e85c290a603353bb2760a7684a887ba27e7328Ubuntu Security Notice 6920-1 - It was discovered that EDK II was not properly performing bounds checks in Tianocompress, which could lead to a buffer overflow. An authenticated user could use this issue to potentially escalate their privileges via local access. It was discovered that EDK II had an insufficient memory write check in the SMM service, which could lead to a page fault occurring. An authenticated user could use this issue to potentially escalate their privileges, disclose information and/or create a denial of service via local access.
b0c58ba1819156bcb07af298c55e7923ac32736a17201de136f2c76adc18526eUbuntu Security Notice 6916-1 - It was discovered that Lua did not properly generate code when "_ENV" is constant. An attacker could possibly use this issue to cause a denial of service or execute arbitrary unstrusted lua code. It was discovered that Lua did not properly handle C stack overflows during error handling. An attacker could possibly use this issue to cause a denial of service.
8dc2309f1f3abdff4ffe7a3ffa5c9734cee36847320ff747f561fae81cabb4adPharmacy Management System version 1.0 suffers from an ignored default credential vulnerability.
59f44c9b7f06be4efb67d80c7c07d536ce29ef1457664c97c77dea0949148078Online Payment Hub System version 1.0 suffers from an ignored default credential vulnerability.
30a6b1cbf6e4c838b1c70e5f65c51d228a564e5d1e6f1bc286e2c364b4ee5cdaUbuntu Security Notice 6918-1 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
947dc6ce3cec3cdfef479e2eb5fb7d19c77151dd763924f5af72f2e51a47fe3bUbuntu Security Notice 6919-1 - Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.
fa62a455fd5fec5f2b84e0a201be2706aede67f259d7f0118ea8b7534bc3d5acUbuntu Security Notice 6917-1 - Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service.
251746e4365add72c09071f34c8d71ce2bf736d76955b282b86efbf8b71bd9f6Innue Business Live Chat version 2.5 suffers from an ignored default credential vulnerability.
69cf2bb9bb7d7ff376d99fe228145e43a3757fab2416d6aff6f75b372ddf2d3aRed Hat Security Advisory 2024-4902-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include double free and null pointer vulnerabilities.
794b6b25a9bd88032a7517feef2d5094739be4addb8f6e1430313c7c6f00b446Red Hat Security Advisory 2024-4896-03 - An update for python3.11 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a traversal vulnerability.
460b7453d0b911b2859c2415fee168effe4fd6ccb286a5956ec85070f4b769fc
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed