Security
Headlines
HeadlinesLatestCVEs

Tag

#ubuntu

phpFK 8.0 Cross Site Scripting

phpFK version 8.0 suffers from a cross site scripting vulnerability.

Packet Storm
#sql#xss#csrf#vulnerability#web#ios#mac#windows#apple#google#ubuntu#linux#debian#cisco#java#php#perl#auth#ruby#firefox
PyLoad 0.5.0 Remote Code Execution

PyLoad version 0.5.0 suffers from an unauthenticated remote code execution vulnerability.

CVE-2023-34868: Assertion 'context_p->token.type != LEXER_RIGHT_PAREN' failed at ./jerryscript/jerry-core/parser/js/js-parser-statm.c(parser_parse_for_statement_start) · Issue #5083 · jerryscript-project/jerryscript

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the parser_parse_for_statement_start at jerry-core/parser/js/js-parser-statm.c.

CVE-2023-34867: Assertion 'ECMA_PROPERTY_IS_PROPERTY_PAIR (prop_iter_p)' failed at ./jerryscript/jerry-core/ecma/base/ecma-property-hashmap.c(ecma_property_hashmap_create) · Issue #5084 · jerryscript-project/jerryscr

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_property_hashmap_create at jerry-core/ecma/base/ecma-property-hashmap.c.

CVE-2023-34824: Heap-buffer-overflow found in fdkaac · Issue #55 · nu774/fdkaac

fdkaac before 1.0.5 was discovered to contain a heap buffer overflow in caf_info function in caf_reader.c.

Microsoft Releases Updates to Patch Critical Flaws in Windows and Other Software

Microsoft has rolled out fixes for its Windows operating system and other software components to remediate major security shortcomings as part of Patch Tuesday updates for June 2023. Of the 73 flaws, six are rated Critical, 63 are rated Important, two are rated Moderated, and one is rated Low in severity. This also includes three issues the tech giant addressed in its Chromium-based Edge browser

Ubuntu Security Notice USN-6161-1

Ubuntu Security Notice 6161-1 - It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges. Kevin Jones discovered that .NET did not properly handle the AIA fetching process for X.509 client certificates. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6160-1

Ubuntu Security Notice 6160-1 - It was discovered that GNU binutils incorrectly performed bounds checking operations when parsing stabs debugging information. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-6159-1

Ubuntu Security Notice 6159-1 - It was discovered that Tornado incorrectly handled certain redirect. An remote attacker could possibly use this issue to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.