#linux

ABUS Security Camera version TVIP 20000-21150 suffers from local file inclusion, hardcoded credential, and command injection vulnerabilities. When coupled together, they can be leveraged to achieve remote access as root via ssh.

Debian Linux Security Advisory 5364-1 - Ronald Crane discovered that missing input saniting in the apr_base64 functions of apr-util, the Apache Portable Runtime utility library, may result in denial of service or potentially the execution of arbitrary code.

Debian Linux Security Advisory 5363-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in denial of service or incorrect validation of BCrypt hashes.

By Waqas Rupert Murdoch's News Corp revealed a data breach in 2022, but it turns out that hackers had been in the media giant's network two years prior. This is a post from HackRead.com Read the original post: News Corp: Hackers sat undetected on its network for 2 years

ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field.

An update for service-binding-operator-bundle-container and service-binding-operator-container is now available for OpenShift Developer Tools and Services for OCP 4.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. W...

In the Linux kernel 6.0.8, there is a use-after-free in ntfs_trim_fs in fs/ntfs3/bitmap.c.

In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer.

In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c.

In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid.