Ubuntu Security Notice 6757-2 - USN-6757-1 fixed vulnerabilities in PHP. Unfortunately these fixes were incomplete for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.10. This update fixes the problem. It was discovered that PHP incorrectly handled PHP_CLI_SERVER_WORKERS variable. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
9657a689d1e137641b5539b1d18e172041c6d3cba27fdc722c254145353f09b5
Ubuntu Security Notice 6762-1 - It was discovered that GNU C Library incorrectly handled netgroup requests. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU C Library might allow context-dependent attackers to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU C Library when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. This issue only affected Ubuntu 14.04 LTS.
d27b3448167b5f41fb5b2319186a2bc0ba48401c34db2d5404f8fbe2f1e1273a
SOPlanning version 1.52.00 suffers from a remote SQL injection vulnerability in projects.php.
e53b7e681658c99d38155029675c243627ca96d8d11916eba4a766fb4d6a4c69
SOPlanning version 1.52.00 suffers from a cross site request forgery vulnerability in xajax_server.php.
a3c73b7d4acc8e32c7247c327692a33f62025c56af9edaa24b5dfff34103fc5a
SOPlanning version 1.52.00 suffers from a cross site scripting vulnerability in groupe_save.php.
b3547a84c8cad40f1ad245d4773be05f04779afc966facea5aec1efac17e152d
Red Hat Security Advisory 2024-2679-03 - An update for libxml2 is now available for Red Hat Enterprise Linux 9. Issues addressed include a use-after-free vulnerability.
39a91dbaa294030bbe404245ccf923197adb369925824c8a8d080f427edd7c83
Red Hat Security Advisory 2024-2674-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
387a4de992d918b220a4f6ff305085446c7cfea776b68215b98fd2a049419d5a
Red Hat Security Advisory 2024-2071-03 - Red Hat OpenShift Container Platform release 4.15.11 is now available with updates to packages and images that fix several bugs and add enhancements.
964d565d8c5778bee68062c997d805f52a05706ac5e0f82c92ff6ad5905fb116
Red Hat Security Advisory 2024-2068-03 - Red Hat OpenShift Container Platform release 4.15.11 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.
71b5c8fde848288e0fe4749685a8526a45d9fec0dee13b6dc19ea863e590268a
Red Hat Security Advisory 2024-2054-03 - Red Hat OpenShift Container Platform release 4.14.23 is now available with updates to packages and images that fix several bugs and add enhancements.
885731c279c034233138d0157717dfc72dce63e515d854f40c1ff26a21746054
Red Hat Security Advisory 2024-2049-03 - Red Hat OpenShift Container Platform release 4.13.41 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.
e36bf4a41b44256e651722af16afe94a1920c4d839352ee1d6b3a9fb3c230865
Debian Linux Security Advisory 5676-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
c8a90b6292a6c4c3420fce49648c7bda2ab98985db0fced3a1043d2b9fa2b7c6
Ubuntu Security Notice 6747-2 - USN-6747-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service. Gary Kwong discovered that Firefox did not properly manage memory when running garbage collection during realm initialization. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory during JIT optimizations, leading to an out-of-bounds read vulnerability. An attacker could possibly use this issue to cause a denial of service or expose sensitive information. Nan Wang discovered that Firefox did not properly manage memory during WASM garbage collection. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. Various other issues were also addressed.
7c2c9d128db1252739be1d7a0b93beb403f7c031e510470fefa2f2f7a74db59d
htmlLawed versions 1.2.5 and below proof of concept remote command execution exploit.
f7c13b91b7562803551ff2c81af4d91f8007cf734173bc191c1002abafa0fa8f
Red Hat Security Advisory 2024-2651-03 - An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.
973632fb4064029537b1b304fc430a77ef240763c28c8135e263ded1f9abb3a5
Red Hat Security Advisory 2024-2645-03 - An update for podman is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
5b624408bbe646a1a11941932195d1ca4c0bec8298946108aaf85a425311ca13
This archive contains all of the 132 exploits added to Packet Storm in April, 2024.
1cc0043aef39f0e6a8dc458f9a6338f05cc6e2563d003810dff7bc61cb8fa7b7
Ubuntu Security Notice 6760-1 - George-Andrei Iosif and David Fernandez Gonzalez discovered that Gerbv did not properly initialize a data structure when parsing certain nested RS-274X format files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service.
17978e436015209b652836f16189a4839bd9524fb9c7fa08f62a850a68c2395b
Lonial Con discovered that the netfilter subsystem in the Linux kernel contained a memory leak when handling certain element flush operations. A local attacker could use this to expose sensitive information (kernel memory). Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel did not properly handle inactive elements in its PIPAPO data structure, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.
9e5eb976874c7a13fcf2a71119849f5abece485528a92084501d9c7e0d3b4529
There is yet another attack possible against Protected Media Path process beyond the one involving two global XOR keys. The new attack may also result in the extraction of a plaintext content key value.
624d62ae93c4eb9ee488a2e78ae15c8b8b941fc79346a6f1e3994060ab88fc9b
Online Tours and Travels Management System version 1.0 suffers from a remote SQL injection vulnerability.
60e4ec4738d6f6a64d63d565ba22b2f196e6175494953c8782b5d9edc6f07301
Red Hat Security Advisory 2024-2639-03 - The Migration Toolkit for Containers 1.7.15 is now available.
ed34d9644ec2e83ab816533bedba4ba49a737b46acbe9e9d8e0cb7afe744869e
Red Hat Security Advisory 2024-2633-03 - Updated container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog.
940b15c8044510a12254364dbe29e1824b3b6700a4dad408cf8450439935f416
Red Hat Security Advisory 2024-2631-03 - An update is now available for Red Hat Ceph Storage 6.1 in the Red Hat Ecosystem Catalog.
ef11441a494c5d52a040a51649fa9be626ab11ba5ed8d5d5e1d71bfbd6b4bd63
Red Hat Security Advisory 2024-2628-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
34a94982b76fcf3016ad9300e411ab551524f8a6c02eabf3f898b8ddead1ea42