#linux

An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.

An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal.

Ubuntu Security Notice 6454-1 - Kyle Zeng discovered that the netfilter subsystem in the Linux kernel contained a race condition in IP set operations in certain situations. A local attacker could use this to cause a denial of service. Alex Birnberg discovered that the netfilter subsystem in the Linux kernel did not properly validate register length, leading to an out-of-bounds write vulnerability. A local attacker could possibly use this to cause a denial of service.

Ubuntu Security Notice 6446-3 - Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. Bien Pham discovered that the netfiler subsystem in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service or possibly execute arbitrary code.

Gentoo Linux Security Advisory 202310-16 - A vulnerability has been discovered in unifi where bundled log4j can facilitate a remote code execution Versions greater than or equal to 6.5.55 are affected.

Gentoo Linux Security Advisory 202310-15 - A vulnerability has been discovered in usbview where certain users can trigger a privilege escalation. Versions greater than or equal to 2.2 are affected.

Gentoo Linux Security Advisory 202310-14 - A vulnerability has been discovered in libinput where an attacker may run malicious code by exploiting a format string vulnerability. Versions greater than or equal to 1.20.1 are affected.

Debian Linux Security Advisory 5535-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, clickjacking, spoofing or information leaks.

Debian Linux Security Advisory 5534-1 - Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server, which may result in privilege escalation if the X server is running privileged.

The prolific threat actor known as Scattered Spider has been observed impersonating newly hired employees in targeted firms as a ploy to blend into normal on-hire processes and takeover accounts and breach organizations across the world. Microsoft, which disclosed the activities of the financially motivated hacking crew, described the adversary as "one of the most dangerous financial criminal