USN-7001-1 fixed vulnerabilities in xmltol library. This update
provides the corresponding updates for Ubuntu 24.04 LTS.
Original advisory details:
Shang-Hung Wan discovered that Expat, contained within the xmltok library,
did not properly handle certain function calls when a negative input
length was provided. An attacker could use this issue to cause a denial of
service or possibly execute arbitrary code. (CVE-2024-45490)
Shang-Hung Wan discovered that Expat, contained within the xmltok library,
did not properly handle the potential for an integer overflow on 32-bit
platforms. An attacker could use this issue to cause a denial of service
or possibly execute arbitrary code. (CVE-2024-45491)
More Stories
USN-7023-1: Git vulnerabilities
Maxime Escourbiac and Yassine Bengana discovered that Git incorrectly handled some gettext machinery. An attacker could possibly use this issue...
Stored XSS in “Edit Profile” – htmlyv2.9.9
Posted by Andrey Stoykov on Sep 18 # Exploit Title: Stored XSS in "Edit Profile" - htmlyv2.9.9 # Date: 9/2024...
Stored XSS in “Menu Editor” – htmlyv2.9.9
Posted by Andrey Stoykov on Sep 18 # Exploit Title: Stored XSS in "Menu Editor" - htmlyv2.9.9 # Date: 9/2024...
Backdoor.Win32.BlackAngel.13 / Unauthenticated Remote Command Execution
Posted by malvuln on Sep 18 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/d1523df44da5fd40df92602b8ded59c8.txt Contact:...
Backdoor.Win32.CCInvader.10 / Authentication Bypass
Posted by malvuln on Sep 18 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/cb86af8daa35f6977c80814ec6e40d63.txt Contact:...
Backdoor.Win32.Delf.yj / Information Disclosure
Posted by malvuln on Sep 18 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/f991c25f1f601cc8d14dca4737415238.txt Contact:...