Packet Storm

Ubuntu Security Notice 6766-3 - It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service. Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information.

Tenant Limited version 1.0 suffers from a remote SQL injection vulnerability.

WordPress XStore theme version 9.3.8 suffers from a remote SQL injection vulnerability.

Apache OFBiz versions 18.12.12 and below suffer from a directory traversal vulnerability.

Backdrop CMS version 1.27.1 suffers from a remote command execution vulnerability.

PopojiCMS version 2.0.1 remote command execution exploit that requires an administrative login. This vulnerability was originally reported by tmrswrr in November of 2023.

Rocket LMS version 1.9 suffers from a persistent cross site scripting vulnerability.

Red Hat Security Advisory 2024-2913-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 7. Issues addressed include bypass and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-2912-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include bypass and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-2911-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include bypass and use-after-free vulnerabilities.