Security Pop Quiz! q319.mp3

News

Packet Storm Security

Security Affairs Looking Glass Cyber
    securingtomorrow.mcafee.com
      Quick Heal Threat Post Naked Security ESET CIS Malware Patrol SecList MySonicWall

      Critical Infrastructure

      Case Studies

      Tools

      Exploits

      Last 20 Website Defacements - Zone-h

      Press Play to hear the answer!

      Advisories

      • Ubuntu Security Notice USN-5841-1 Fri, 03 Feb 2023 14:45:42 GMT
        Ubuntu Security Notice 5841-1 - It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue was only fixed in Ubuntu 14.04 ESM. It was discovered that LibTIFF was incorrectly accessing a data structure when processing data with the tiffcrop tool, which could lead to a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
      • WordPress Quick Restaurant 2.0.2 XSS / CSRF / IDOR / Missing Authorization Thu, 02 Feb 2023 16:31:08 GMT
        On January 16, 2023, the Wordfence Threat Intelligence team responsibly disclosed several vulnerabilities in Quick Restaurant Menu, a WordPress plugin that allows users to set up restaurant menus on their sites. This plugin is vulnerable to missing authorization, insecure direct object reference, cross site request forgery as well as cross site scripting in versions up to, and including, 2.0.2.
      • Ubuntu Security Notice USN-5840-1 Thu, 02 Feb 2023 16:23:00 GMT
        Ubuntu Security Notice 5840-1 - It was discovered that Long Range ZIP incorrectly handled pointers. If a user or an automated system were tricked into opening a certain specially crafted ZIP file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. It was discovered that Long Range ZIP incorrectly handled pointers. If a user or an automated system were tricked into opening a certain specially crafted ZIP file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
      • Ubuntu Security Notice USN-5839-2 Thu, 02 Feb 2023 16:22:18 GMT
        Ubuntu Security Notice 5839-2 - USN-5839-1 fixed a vulnerability in Apache. This update provides the corresponding update for Ubuntu 16.04 ESM. Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server mod_proxy module incorrectly truncated certain response headers. This may result in later headers not being interpreted by the client.
      • Debian Security Advisory 5338-1 Thu, 02 Feb 2023 16:22:02 GMT
        Debian Linux Security Advisory 5338-1 - Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien Rannou discovered that missing input sanitising in the handling of VMDK images in Cinder, the OpenStack block storage system, may result in information disclosure.
      • Debian Security Advisory 5337-1 Thu, 02 Feb 2023 16:21:47 GMT
        Debian Linux Security Advisory 5337-1 - Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien Rannou discovered that missing input sanitising in the handling of VMDK images in OpenStack Compute (codenamed Nova) may result in information disclosure.
      • Debian Security Advisory 5336-1 Thu, 02 Feb 2023 16:21:20 GMT
        Debian Linux Security Advisory 5336-1 - Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien Rannou discovered that missing input sanitizing in the handling of VMDK images in Glance, the OpenStack image registry and delivery service, may result in information disclosure.
      • Debian Security Advisory 5335-1 Thu, 02 Feb 2023 16:21:07 GMT
        Debian Linux Security Advisory 5335-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or spoofing.
      • Ubuntu Security Notice USN-5838-1 Wed, 01 Feb 2023 17:51:07 GMT
        Ubuntu Security Notice 5838-1 - It was discovered that AdvanceCOMP did not properly manage memory while performing read operations on MNG file. If a user were tricked into opening a specially crafted MNG file, a remote attacker could possibly use this issue to cause AdvanceCOMP to crash, resulting in a denial of service. It was discovered that AdvanceCOMP did not properly manage memory while performing read operations on ZIP file. If a user were tricked into opening a specially crafted ZIP file, a remote attacker could possibly use this issue to cause AdvanceCOMP to crash, resulting in a denial of service.
      • Ubuntu Security Notice USN-5837-2 Wed, 01 Feb 2023 17:50:56 GMT
        Ubuntu Security Notice 5837-2 - USN-5837-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 16.04 ESM. Nick Pope discovered that Django incorrectly handled certain Accept-Language headers. A remote attacker could possibly use this issue to cause Django to consume memory, leading to a denial of service.
      • Ubuntu Security Notice USN-5839-1 Wed, 01 Feb 2023 17:50:42 GMT
        Ubuntu Security Notice 5839-1 - It was discovered that the Apache HTTP Server mod_dav module incorrectly handled certain If: request headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. ZeddYu_Lu discovered that the Apache HTTP Server mod_proxy_ajp module incorrectly interpreted certain HTTP Requests. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.
      • Ubuntu Security Notice USN-5837-1 Wed, 01 Feb 2023 17:50:13 GMT
        Ubuntu Security Notice 5837-1 - Nick Pope discovered that Django incorrectly handled certain Accept-Language headers. A remote attacker could possibly use this issue to cause Django to consume memory, leading to a denial of service.
      • Ubuntu Security Notice USN-4781-2 Wed, 01 Feb 2023 17:49:59 GMT
        Ubuntu Security Notice 4781-2 - USN-4781-1 fixed several vulnerabilities in Slurm. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that Slurm incorrectly handled certain messages between the daemon and the user. An attacker could possibly use this issue to assume control of an arbitrary file on the system. This issue only affected Ubuntu 16.04 ESM.
      • Ubuntu Security Notice USN-5836-1 Tue, 31 Jan 2023 17:26:57 GMT
        Ubuntu Security Notice 5836-1 - It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
      • Red Hat Security Advisory 2023-0553-01 Tue, 31 Jan 2023 17:26:38 GMT
        Red Hat Security Advisory 2023-0553-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution, cross site scripting, denial of service, deserialization, memory exhaustion, and server-side request forgery vulnerabilities.
      • Red Hat Security Advisory 2023-0552-01 Tue, 31 Jan 2023 17:21:40 GMT
        Red Hat Security Advisory 2023-0552-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution, cross site scripting, denial of service, deserialization, memory exhaustion, and server-side request forgery vulnerabilities.
      • Red Hat Security Advisory 2023-0554-01 Tue, 31 Jan 2023 17:19:24 GMT
        Red Hat Security Advisory 2023-0554-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution, cross site scripting, denial of service, deserialization, memory exhaustion, and server-side request forgery vulnerabilities.
      • Hikvision Remote Code Execution / XSS / SQL Injection Tue, 31 Jan 2023 17:17:22 GMT
        Some Hikvision Hybrid SAN products were vulnerable to multiple remote code execution (command injection) vulnerabilities, including reflected cross site scripting, Ruby code injection, classic and blind SQL injection resulting in remote code execution that allows an adversary to execute arbitrary operating system commands and more. However, an adversary must be on the same network to leverage this vulnerability to execute arbitrary commands.
      • Red Hat Security Advisory 2023-0556-01 Tue, 31 Jan 2023 17:16:43 GMT
        Red Hat Security Advisory 2023-0556-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution, cross site scripting, denial of service, deserialization, memory exhaustion, and server-side request forgery vulnerabilities.
      • Ubuntu Security Notice USN-5834-1 Tue, 31 Jan 2023 17:16:26 GMT
        Ubuntu Security Notice 5834-1 - It was discovered that the Apache HTTP Server mod_dav module did not properly handle specially crafted request headers. A remote attacker could possibly use this issue to cause the process to crash, leading to a denial of service. It was discovered that the Apache HTTP Server mod_proxy_ajp module did not properly handle certain invalid Transfer-Encoding headers. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.
      • Ubuntu Security Notice USN-5835-3 Tue, 31 Jan 2023 17:14:14 GMT
        Ubuntu Security Notice 5835-3 - Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that Nova incorrectly handled VMDK image processing. An authenticated attacker could possibly supply a specially crafted VMDK flat image and obtain arbitrary files from the server containing sensitive information.
      • Ubuntu Security Notice USN-5835-2 Tue, 31 Jan 2023 17:13:57 GMT
        Ubuntu Security Notice 5835-2 - Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that OpenStack Glance incorrectly handled VMDK image processing. An authenticated attacker could possibly supply a specially crafted VMDK flat image and obtain arbitrary files from the server containing sensitive information.
      • Ubuntu Security Notice USN-5835-1 Tue, 31 Jan 2023 17:13:42 GMT
        Ubuntu Security Notice 5835-1 - Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that Cinder incorrectly handled VMDK image processing. An authenticated attacker could possibly supply a specially crafted VMDK flat image and obtain arbitrary files from the server containing sensitive information.
      • Ubuntu Security Notice USN-5833-1 Tue, 31 Jan 2023 17:11:55 GMT
        Ubuntu Security Notice 5833-1 - Sebastian Chnelik discovered that python-future incorrectly handled certain HTTP header field. An attacker could possibly use this issue to cause a denial of service.
      • Red Hat Security Advisory 2023-0450-01 Tue, 31 Jan 2023 17:11:43 GMT
        Red Hat Security Advisory 2023-0450-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.