Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6780-1

Ubuntu Security Notice 6780-1 - Guido Vranken discovered that idna did not properly manage certain inputs, which could lead to significant resource consumption. An attacker could possibly use this issue to cause a denial of service.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6781-1

Ubuntu Security Notice 6781-1 - Le Dinh Hai discovered that Spreadsheet::ParseExcel was passing unvalidated input from a file into a string-type "eval". An attacker could craft a malicious file to achieve arbitrary code execution.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6779-1

Ubuntu Security Notice 6779-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Jan-Ivar Bruaroey discovered that Firefox did not properly manage memory when audio input connected with multiple consumers. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2945-03

Red Hat Security Advisory 2024-2945-03 - Red Hat AMQ Broker 7.12.0 is now available from the Red Hat Customer Portal. Issues addressed include bypass, cross site scripting, denial of service, and deserialization vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2944-03

Red Hat Security Advisory 2024-2944-03 - This is the multiarch release of the AMQ Broker 7.12.0 aligned Operator and associated container images on Red Hat Enterprise Linux 8 for the OpenShift Container Platform. Issues addressed include denial of service and deserialization vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2941-03

Red Hat Security Advisory 2024-2941-03 - Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes changes, bug fixes, and updates to patch vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2938-03

Red Hat Security Advisory 2024-2938-03 - An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2937-03

Red Hat Security Advisory 2024-2937-03 - An update for nodejs is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2936-03

Red Hat Security Advisory 2024-2936-03 - An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2935-03

Red Hat Security Advisory 2024-2935-03 - An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a denial of service vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2892-03

Red Hat Security Advisory 2024-2892-03 - An update for go-toolset-1.19-golang is now available for Red Hat Developer Tools. Issues addressed include a denial of service vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2865-03

Red Hat Security Advisory 2024-2865-03 - Red Hat OpenShift Container Platform release 4.15.14 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.

Full Disclosure

asterisk release 20.8.1

Posted by Asterisk Development Team via Fulldisclosure on May 20

The Asterisk Development Team would like to announce security release
Asterisk 20.8.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/20.8.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 20.8.1

## Change Log for Release asterisk-20.8.1

### Links:

- [Full ChangeLog](...

Full Disclosure

asterisk release 21.3.1

Posted by Asterisk Development Team via Fulldisclosure on May 20

The Asterisk Development Team would like to announce security release
Asterisk 21.3.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/21.3.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 21.3.1

## Change Log for Release asterisk-21.3.1

### Links:

- [Full ChangeLog](...

Full Disclosure

asterisk release 18.23.1

Posted by Asterisk Development Team via Fulldisclosure on May 20

The Asterisk Development Team would like to announce security release
Asterisk 18.23.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/18.23.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

Repository: https://github.com/asterisk/asterisk
Tag: 18.23.1

## Change Log for Release asterisk-18.23.1

### Links:

- [Full ChangeLog](...

Full Disclosure

CVE-2024-34058: Nethserver 7 & 8 stored cross-site scripting (XSS) in WebTop package

Posted by Andrea Intilangelo on May 20

CVE-2024-34058: Nethserver 7 & 8 stored cross-site scripting (XSS) in WebTop package

Use CVE-2024-34058.

Additional info:

NethServer is an Open Source operating system for the Linux enthusiast, designed for small offices and medium
enterprises. From their website: "It's simple, secure and flexible" and "ready to deliver your messages, to protect
your network with the built-in firewall, share your files and much more,...

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6777-2

Ubuntu Security Notice 6777-2 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6766-3

Ubuntu Security Notice 6766-3 - It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service. Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2913-03

Red Hat Security Advisory 2024-2913-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 7. Issues addressed include bypass and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2912-03

Red Hat Security Advisory 2024-2912-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include bypass and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2911-03

Red Hat Security Advisory 2024-2911-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include bypass and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2910-03

Red Hat Security Advisory 2024-2910-03 - An update for nodejs is now available for Red Hat Enterprise Linux 9. Issues addressed include HTTP request smuggling, denial of service, and out of bounds read vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2907-03

Red Hat Security Advisory 2024-2907-03 - An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a denial of service vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2906-03

Red Hat Security Advisory 2024-2906-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include bypass and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2905-03

Red Hat Security Advisory 2024-2905-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include bypass and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2904-03

Red Hat Security Advisory 2024-2904-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include bypass and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2903-03

Red Hat Security Advisory 2024-2903-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include bypass and use-after-free vulnerabilities.

Exploit-DB Updates

[webapps] Rocket LMS 1.9 - Persistent Cross Site Scripting (XSS)

Rocket LMS 1.9 - Persistent Cross Site Scripting (XSS)

Exploit-DB Updates

[webapps] Wordpress Theme XStore 9.3.8 - SQLi

Wordpress Theme XStore 9.3.8 - SQLi

Exploit-DB Updates

[webapps] Apache OFBiz 18.12.12 - Directory Traversal

Apache OFBiz 18.12.12 - Directory Traversal

Exploit-DB Updates

[webapps] Backdrop CMS 1.27.1 - Remote Command Execution (RCE)

Backdrop CMS 1.27.1 - Remote Command Execution (RCE)

Exploit-DB Updates

[webapps] PopojiCMS 2.0.1 - Remote Command Execution (RCE)

PopojiCMS 2.0.1 - Remote Command Execution (RCE)

Exploit-DB Updates

[webapps] htmlLawed 1.2.5 - Remote Code Execution (RCE)

htmlLawed 1.2.5 - Remote Code Execution (RCE)

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6778-1

Ubuntu Security Notice 6778-1 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6777-1

Ubuntu Security Notice 6777-1 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6776-1

Ubuntu Security Notice 6776-1 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6775-1

Ubuntu Security Notice 6775-1 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6774-1

Ubuntu Security Notice 6774-1 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6773-1

Ubuntu Security Notice 6773-1 - It was discovered that .NET did not properly handle memory in it's Double Parse routine. An attacker could possibly use this issue to achieve remote code execution. It was discovered that .NET did not properly handle the usage of a shared resource. An attacker could possibly use this to cause a dead-lock condition, resulting in a denial of service.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2891-03

Red Hat Security Advisory 2024-2891-03 - An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2890-03

Red Hat Security Advisory 2024-2890-03 - An update for bind is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2889-03

Red Hat Security Advisory 2024-2889-03 - An update for gnutls is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include an information leakage vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2888-03

Red Hat Security Advisory 2024-2888-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9. Issues addressed include bypass and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2887-03

Red Hat Security Advisory 2024-2887-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include bypass and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2886-03

Red Hat Security Advisory 2024-2886-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include bypass and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2885-03

Red Hat Security Advisory 2024-2885-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include bypass and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2884-03

Red Hat Security Advisory 2024-2884-03 - An update for Firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include bypass and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2883-03

Red Hat Security Advisory 2024-2883-03 - An update for firefox is now available for Red Hat Enterprise Linux 9. Issues addressed include bypass and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2882-03

Red Hat Security Advisory 2024-2882-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include bypass and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2881-03

Red Hat Security Advisory 2024-2881-03 - An update for firefox is now available for Red Hat Enterprise Linux 7. Issues addressed include bypass and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2834-03

Red Hat Security Advisory 2024-2834-03 - An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Issues addressed include a server-side request forgery vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2784-03

Red Hat Security Advisory 2024-2784-03 - Red Hat OpenShift Container Platform release 4.12.57 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a code execution vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2782-03

Red Hat Security Advisory 2024-2782-03 - Red Hat OpenShift Container Platform release 4.12.57 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2781-03

Red Hat Security Advisory 2024-2781-03 - Red Hat OpenShift Container Platform release 4.12.57 is now available with updates to packages and images that fix several bugs.

Advisory Files ≈ Packet Storm

Debian Security Advisory 5692-1

Debian Linux Security Advisory 5692-1 - Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed.

Advisory Files ≈ Packet Storm

Debian Security Advisory 5691-1

Debian Linux Security Advisory 5691-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or clickjacking.

Advisory Files ≈ Packet Storm

Debian Security Advisory 5689-1

Debian Linux Security Advisory 5689-1 - A security issue was discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. Google is aware that an exploit for CVE-2024-4761 exists in the wild.

Advisory Files ≈ Packet Storm

Debian Security Advisory 5690-1

Debian Linux Security Advisory 5690-1 - Amel Bouziane-Leblond discovered that LibreOffice's support for binding scripts to click events on graphics could result in unchecked script execution.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6766-2

Ubuntu Security Notice 6766-2 - It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service. Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2852-03

Red Hat Security Advisory 2024-2852-03 - An update for Red Hat Build of Apache Camel 4.0 for Quarkus 3.2 update is now available. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Issues addressed include a server-side request forgery vulnerability.