Packet Storm

Atos Unify OpenScape Session Border Controller, Atos Unify OpenScape Branch, and Atos Unify OpenScape BCF suffer from remote code execution and missing authentication vulnerabilities. Atos OpenScape SBC versions before 10 R3.3.0, Branch version 10 versions before R3.3.0, and BCF version 10 versions before 10 R10.10.0 are affected.

PTC - Codebeamer versions 22.10-SP7 and below, 22.04-SP5 and below, and 21.09-SP13 and below suffer from a cross site scripting vulnerability.

Gentoo Linux Security Advisory 202309-8 - A vulnerability has been discovered in Requests which could result in the disclosure of plaintext secrets. Versions greater than or equal to 2.31.0 are affected.

Red Hat Security Advisory 2023-5178-01 - BusyBox is a binary file that combines a large number of common system utilities into a single executable file. BusyBox provides replacements for most GNU file utilities, shell utilities, and other command-line tools. Issues addressed include a code execution vulnerability.

Debian Linux Security Advisory 5497-2 - A buffer overflow in parsing WebP images may result in the execution of arbitrary code.

Debian Linux Security Advisory 5498-1 - A buffer overflow in parsing WebP images may result in the execution of arbitrary code.

This Metasploit module exploits a buffer overflow condition in Ivanti Avalanche MDM versions prior to 6.4.1. An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in arbitrary code execution with the NT/AUTHORITY SYSTEM permissions. This vulnerability occurs during the processing of 3/5/8/100/101/102 item data types. The program tries to copy the item data using qmemcopy to a fixed size data buffer on stack. Upon successful exploitation the attacker gains full access to the target system. This vulnerability has been tested against Ivanti Avalanche MDM version 6.4.0.0 on Windows 10.

Gentoo Linux Security Advisory 202309-7 - Multiple vulnerabilities have been discovered in Binwalk, the worst of which could result in remote code execution. Versions greater than or equal to 2.3.4 are affected.

Razer Synapse versions before 3.8.0428.042117 (20230601) suffer from multiple vulnerabilities. Due to an unsafe installation path, improper privilege management, and a time-of-check time-of-use race condition, the associated system service "Razer Synapse Service" is vulnerable to DLL hijacking. As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows.

Gentoo Linux Security Advisory 202309-6 - Multiple vulnerabilities have been discovered in Samba, the worst of which could result in root remote code execution. Versions greater than or equal to 4.18.4 are affected.