USN-6673-1 provided a security update for python-cryptography.
This update provides the corresponding update for Ubuntu 16.04 LTS.
Original advisory details:
Hubert Kario discovered that python-cryptography incorrectly handled
errors returned by the OpenSSL API when processing incorrect padding in
RSA PKCS#1 v1.5. A remote attacker could possibly use this issue to expose
confidential or sensitive information. (CVE-2023-50782)
Roku users are revolting after their TVs are bricked by the company, we learn how to make money through conspiracy videos on TikTok, and just how much is your car snooping on your driving?
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Dave Bittner from “The Cyberwire” podcast.
Two vulnerabilities were discovered in Open vSwitch, a software-based
Ethernet virtual switch, which could result in a bypass of OpenFlow
rules or denial of service.
xen-4.18.0-7.fc40
x86: Register File Data Sampling [XSA-452, CVE-2023-28746]
GhostRace: Speculative Race Conditions [XSA-453, CVE-2024-2193]
x86: shadow stack vs exceptions from emulation stubs – [XSA-451,
CVE-2023-46841] (#2266326)
USN-6587-1 fixed several vulnerabilities in X.Org. This update provides
the corresponding update for Ubuntu 14.04 LTS.
Original advisory details:
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
memory when processing the RRChangeOutputProperty and
RRChangeProviderProperty APIs. An attacker could possibly use this issue to
cause the X Server to crash, or obtain sensitive information.
(CVE-2023-6478)
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An
attacker could possibly use this issue to cause the X Server to crash,
obtain sensitive information, or execute arbitrary code. (CVE-2023-6816)
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
reattaching to a different master device. An attacker could use this issue
to cause the X Server to crash, leading to a denial of service, or possibly
execute arbitrary code. (CVE-2024-0229)
Olivier Fourdan and Donn Seeley discovered that the X.Org X Server
incorrectly labeled GLX PBuffers when used with SELinux. An attacker could
use this issue to cause the X Server to crash, leading to a denial of
service. (CVE-2024-0408)
Olivier Fourdan discovered that the X.Org X Server incorrectly handled
the curser code when used with SELinux. An attacker could use this issue to
cause the X Server to crash, leading to a denial of service.
(CVE-2024-0409)
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
memory when processing the XISendDeviceHierarchyEvent API. An attacker
could possibly use this issue to cause the X Server to crash, or execute
arbitrary code. (CVE-2024-21885)
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
devices being disabled. An attacker could possibly use this issue to cause
the X Server to crash, or execute arbitrary code. (CVE-2024-21886)
Posted by j0ck1ng@tempr.email on Mar 13
#!/usr/bin/env python3# Exploit Title: MetaFox Remote Shell Upload# Google Dork: “Social network for niche
communities”# Exploit Author: The Joker# Vendor Homepage: https://www.phpfox.com# Version: <= 5.1.8import jsonimport
requestsimport sysif len(sys.argv) != 4: sys.exit(“Usage: %s ” % sys.argv[0])
requests.packages.urllib3.disable_warnings()endpoint = sys.argv[1] + “/api/v1/user/login”response =…
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Mar 13
SEC Consult Vulnerability Lab Security Advisory < 20240307-0 >
=======================================================================
title: Local Privilege Escalation via writable files
product: Checkmk Agent
vulnerable version: 2.0.0, 2.1.0, 2.2.0
fixed version: 2.1.0p40, 2.2.0p23, 2.3.0b1, 2.4.0b1
CVE number: CVE-2024-0670
impact: high
homepage: https://checkmk.com…
Posted by Marco Ivaldi on Mar 13
Hi,
Please find attached a security advisory that describes multiple
vulnerabilities we discovered in RT-Thread RTOS.
* Title: Multiple vulnerabilities in RT-Thread RTOS
* OS: RT-Thread <= 5.0.2
* Author: Marco Ivaldi <marco.ivaldi () hnsecurity it>
* Date: 2024-03-05
* CVE IDs and advisory URLs:
* CVE-2024-24334 – https://github.com/RT-Thread/rt-thread/issues/8282
* CVE-2024-24335 -…
Posted by Apple Product Security via Fulldisclosure on Mar 13
APPLE-SA-03-12-2024-1 GarageBand 10.4.11
GarageBand 10.4.11 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214090.
Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
GarageBand
Available for: macOS Ventura and macOS Sonoma
Impact: Processing a maliciously crafted file may lead to…
Posted by Apple Product Security via Fulldisclosure on Mar 13
APPLE-SA-03-07-2024-7 visionOS 1.1
visionOS 1.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214087.
Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
Accessibility
Available for: Apple Vision Pro
Impact: An app may be able to spoof system notifications and UI
Description: This…
