#vulnerability

Gentoo Linux Security Advisory 202407-9 - A vulnerability has been discovered in OpenSSH, which can lead to remote code execution with root privileges. Versions greater than or equal to 9.7_p1-r6 are affected.

WordPress FooGallery plugin version 2.4.16 suffers from a persistent cross site scripting vulnerability.

WordPress Gallery version 2.3.6 suffers from a persistent cross site scripting vulnerability.

Ubuntu Security Notice 6851-2 - USN-6851-1 fixed vulnerabilities in Netplan. The update lead to the discovery of a regression in netplan which caused systemctl enable to fail on systems without dbus. This update fixes the problem.

Ubuntu Security Notice 6844-2 - USN-6844-1 fixed vulnerabilities in the CUPS package. The update lead to the discovery of a regression in CUPS with regards to how the cupsd daemon handles Listen configuration directive. This update fixes the problem. Rory McNamara discovered that when starting the cupsd server with a Listen configuration item, the cupsd process fails to validate if bind call passed. An attacker could possibly trick cupsd to perform an arbitrary chmod of the provided argument, providing world-writable access to the target.

Red Hat Security Advisory 2024-4212-03 - An update for golang is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-4211-03 - An update for kernel is now available for Red Hat Enterprise Linux 8. Issues addressed include double free, memory leak, null pointer, spoofing, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-4210-03 - An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.9 for RHEL 8. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-4209-03 - An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.2 for RHEL 8. Issues addressed include a denial of service vulnerability.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 3.1 ATTENTION: Exploitable via adjacent network Vendor: Johnson Controls, Inc. Equipment: Kantech KT1, KT2, KT400 Door Controllers Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain access to sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products by Kantech, a subsidiary of Johnson Controls, are affected: Kantech KT1 Door Controller Rev01: Versions 2.09.01 and prior Kantech KT2 Door Controller Rev01: Versions 2.09.01 and prior Kantech KT400 Door Controller Rev01: Versions 3.01.16 and prior 3.2 Vulnerability Overview 3.2.1 EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200 Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the controller will no...