Read Time:8 Second
FEDORA-2024-3cf9eb64ba
Packages in this update:
amavis-2.13.1-1.fc39
Update description:
Update to version 2.13.1
Fix CVE-2024-28054
Category Archives: Advisories
amavis-2.13.1-1.fc40
Read Time:8 Second
FEDORA-2024-8bbcae6af2
Packages in this update:
amavis-2.13.1-1.fc40
Update description:
Update to version 2.13.1
Fix CVE-2024-28054
USN-6695-1: TeX Live vulnerabilities
Read Time:48 Second
It was discovered that TeX Live incorrectly handled certain memory
operations in the embedded axodraw2 tool. An attacker could possibly use
this issue to cause TeX Live to crash, resulting in a denial of service.
This issue only affected Ubuntu 20.04 LTS. (CVE-2019-18604)
It was discovered that TeX Live allowed documents to make arbitrary
network requests. If a user or automated system were tricked into opening a
specially crafted document, a remote attacker could possibly use this issue
to exfiltrate sensitive information, or perform other network-related
attacks. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
(CVE-2023-32668)
It was discovered that TeX Live incorrectly handled certain TrueType fonts.
If a user or automated system were tricked into opening a specially crafted
TrueType font, a remote attacker could use this issue to cause TeX Live to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2024-25262)
USN-6694-1: Expat vulnerabilities
Read Time:14 Second
It was discovered that Expat could be made to consume large amounts of
resources. If a user or automated system were tricked into processing
specially crafted input, an attacker could possibly use this issue to cause
a denial of service. (CVE-2023-52425, CVE-2024-28757)
USN-6673-2: python-cryptography vulnerability
Read Time:20 Second
USN-6673-1 provided a security update for python-cryptography.
This update provides the corresponding update for Ubuntu 16.04 LTS.
Original advisory details:
Hubert Kario discovered that python-cryptography incorrectly handled
errors returned by the OpenSSL API when processing incorrect padding in
RSA PKCS#1 v1.5. A remote attacker could possibly use this issue to expose
confidential or sensitive information. (CVE-2023-50782)
DSA-5640-1 openvswitch – security update
Read Time:11 Second
Two vulnerabilities were discovered in Open vSwitch, a software-based
Ethernet virtual switch, which could result in a bypass of OpenFlow
rules or denial of service.
xen-4.18.0-7.fc40
Read Time:15 Second
FEDORA-2024-876e653a1c
Packages in this update:
xen-4.18.0-7.fc40
Update description:
x86: Register File Data Sampling [XSA-452, CVE-2023-28746]
GhostRace: Speculative Race Conditions [XSA-453, CVE-2024-2193]
x86: shadow stack vs exceptions from emulation stubs – [XSA-451,
CVE-2023-46841] (#2266326)
USN-6587-5: X.Org X Server vulnerabilities
Read Time:1 Minute, 33 Second
USN-6587-1 fixed several vulnerabilities in X.Org. This update provides
the corresponding update for Ubuntu 14.04 LTS.
Original advisory details:
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
memory when processing the RRChangeOutputProperty and
RRChangeProviderProperty APIs. An attacker could possibly use this issue to
cause the X Server to crash, or obtain sensitive information.
(CVE-2023-6478)
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An
attacker could possibly use this issue to cause the X Server to crash,
obtain sensitive information, or execute arbitrary code. (CVE-2023-6816)
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
reattaching to a different master device. An attacker could use this issue
to cause the X Server to crash, leading to a denial of service, or possibly
execute arbitrary code. (CVE-2024-0229)
Olivier Fourdan and Donn Seeley discovered that the X.Org X Server
incorrectly labeled GLX PBuffers when used with SELinux. An attacker could
use this issue to cause the X Server to crash, leading to a denial of
service. (CVE-2024-0408)
Olivier Fourdan discovered that the X.Org X Server incorrectly handled
the curser code when used with SELinux. An attacker could use this issue to
cause the X Server to crash, leading to a denial of service.
(CVE-2024-0409)
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
memory when processing the XISendDeviceHierarchyEvent API. An attacker
could possibly use this issue to cause the X Server to crash, or execute
arbitrary code. (CVE-2024-21885)
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
devices being disabled. An attacker could possibly use this issue to cause
the X Server to crash, or execute arbitrary code. (CVE-2024-21886)
MetaFox Remote Shell Upload Exploit
Read Time:21 Second
Posted by j0ck1ng@tempr.email on Mar 13
#!/usr/bin/env python3# Exploit Title: MetaFox Remote Shell Upload# Google Dork: “Social network for niche
communities”# Exploit Author: The Joker# Vendor Homepage: https://www.phpfox.com# Version: <= 5.1.8import jsonimport
requestsimport sysif len(sys.argv) != 4: sys.exit(“Usage: %s ” % sys.argv[0])
requests.packages.urllib3.disable_warnings()endpoint = sys.argv[1] + “/api/v1/user/login”response =…
SEC Consult SA-20240307-0 :: Local Privilege Escalation via writable files in Checkmk Agent (CVE-2024-0670)
Read Time:21 Second
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Mar 13
SEC Consult Vulnerability Lab Security Advisory < 20240307-0 >
=======================================================================
title: Local Privilege Escalation via writable files
product: Checkmk Agent
vulnerable version: 2.0.0, 2.1.0, 2.2.0
fixed version: 2.1.0p40, 2.2.0p23, 2.3.0b1, 2.4.0b1
CVE number: CVE-2024-0670
impact: high
homepage: https://checkmk.com…