Security
Headlines
HeadlinesLatestCVEs

Tag

#debian

Debian Security Advisory 5410-1

Debian Linux Security Advisory 5410-1 - Multiple security issues were discovered in Sofia-SIP, a SIP User-Agent library, which could result in denial of service.

Packet Storm
#linux#debian#dos#js
thrsrossi Millhouse-Project 1.414 Shell Upload

thrsrossi Millhouse-Project version 1.414 suffers from a remote shell upload vulnerability.

Sudoedit Extra Arguments Privilege Escalation

This exploit takes advantage of a vulnerability in sudoedit, part of the sudo package. The sudoedit (aka sudo -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. by appending extra entries on /etc/sudoers allowing for execution of an arbitrary payload with root privileges. Affected versions are 1.8.0 through 1.9.12.p1. However, this module only works against Ubuntu 22.04 and 22.10. This module was tested against sudo 1.9.9-1ubuntu2 on Ubuntu 22.04 and 1.9.11p3-1ubuntu1 on Ubuntu 22.10.

Debian Security Advisory 5409-1

Debian Linux Security Advisory 5409-1 - Two security issues have been discovered in libssh, a tiny C SSH library.

CVE-2023-31584: GitHub - cu/silicon: Silicon Notes, a web-based personal knowledge base with few frills

GitHub repository cu/silicon commit a9ef36 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the User Input field.

Debian Security Advisory 5408-1

Debian Linux Security Advisory 5408-1 - Irvan Kurniawan discovered a double free in the libwebp image compression library which may result in denial of service.

Debian Security Advisory 5407-1

Debian Linux Security Advisory 5407-1 - It was discovered that missing input sanitising in cups-filters, when using the Backend Error Handler (beh) backend to create an accessible network printer, may result in the execution of arbitrary commands.

Debian Security Advisory 5406-1

Debian Linux Security Advisory 5406-1 - Max Chernoff discovered that improperly secured shell-escape in LuaTeX may result in arbitrary shell command execution, even with shell escape disabled, if specially crafted tex files are processed.