Packet Storm

Debian Linux Security Advisory 5386-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Linux Security Advisory 5385-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or spoofing.

The Microsoft Windows Kernel has insufficient validation of new registry key names in transacted NtRenameKey.

The Microsoft Windows Kernel suffers from multiple issues in the prepare/commit phase of a transactional registry key rename.

Sielco PolyEco Digital FM Transmitter version 2.0.6 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks to gain full control of the system.

Ubuntu Security Notice 6013-1 - Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service or inject forged data. Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information.

Sielco PolyEco Digital FM Transmitter version 2.0.6 suffers from a cookie brute forcing vulnerability that can allow for session hijacking.

Red Hat Security Advisory 2023-1656-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.56.

Sielco PolyEco Digital FM Transmitter version 2.0.6 suffers from authentication bypass, account takeover / lockout, and privilege escalation vulnerabilities that can be triggered by directly calling the user object and modifying the password of the two constants user/role (user/admin). This can be exploited by an unauthenticated adversary by issuing a single POST request to the vulnerable endpoint and gain unauthorized access to the affected device with administrative privileges.

Ubuntu Security Notice 6011-1 - It was discovered that Json-smart incorrectly handled memory when processing input containing unclosed quotes. A remote attacker could possibly use this issue to cause applications using Json-smart to crash, leading to a denial of service. It was discovered that Json-smart incorrectly handled memory when processing input containing unclosed brackets. A remote attacker could possibly use this issue to cause applications using Json-smart to crash, leading to a denial of service.