Source
Packet Storm
Chat Bot version 1.0 suffers from a remote SQL injection vulnerability.
CHAOS version 5.0.8 is a free and open-source Remote Administration Tool that allows generated binaries to control remote operating systems. The web application contains a remote command execution vulnerability which can be triggered by an authenticated user when generating a new executable. The web application also contains a cross site scripting vulnerability within the view of a returned command being executed on an agent.
Ubuntu Security Notice 6780-1 - Guido Vranken discovered that idna did not properly manage certain inputs, which could lead to significant resource consumption. An attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6781-1 - Le Dinh Hai discovered that Spreadsheet::ParseExcel was passing unvalidated input from a file into a string-type "eval". An attacker could craft a malicious file to achieve arbitrary code execution.
Joomla versions 4.2.8 and below remote unauthenticated information disclosure exploit.
Ubuntu Security Notice 6779-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Jan-Ivar Bruaroey discovered that Firefox did not properly manage memory when audio input connected with multiple consumers. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code.
The NethServer module installed as WebTop, produced by Sonicle, is affected by a stored cross site scripting vulnerability due to insufficient input sanitization and output escaping which allows an attacker to store a malicious payload as to execute arbitrary web scripts or HTML. Versions 7 and 8 are affected.
PowerVR suffers from a wrong order of operations in DevmemIntChangeSparse2() that leads to a temporarily dangling page table entry.
PowerVR suffers from a use-after-free vulnerability in _UnrefAndMaybeDestroy().
Red Hat Security Advisory 2024-2945-03 - Red Hat AMQ Broker 7.12.0 is now available from the Red Hat Customer Portal. Issues addressed include bypass, cross site scripting, denial of service, and deserialization vulnerabilities.