Security
Headlines
HeadlinesLatestCVEs

Tag

#oracle

Ubuntu Security Notice USN-7073-1

Ubuntu Security Notice 7073-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Packet Storm
Open in Source
#vulnerability#web#google#amazon#ubuntu#linux#oracle#aws#ibm
Ubuntu Security Notice USN-7072-1

Ubuntu Security Notice 7072-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Ubuntu Security Notice USN-7071-1

Ubuntu Security Notice 7071-1 - A security issue was discovered in the Linux kernel. An attacker could possibly use this to compromise the system.

Ubuntu Security Notice USN-7069-1

Ubuntu Security Notice 7069-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Ubuntu Security Notice USN-7020-4

Ubuntu Security Notice 7020-4 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Supra Redefines the Layer-2 Debate with “Supra Containers” – Is This the End of L2s?

Zug, Switzerland, October 8, 2024 // Supra, the 500k TPS Layer-1 blockchain with MultiVM compatibility for MoveVM and…

Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild

Microsoft has released security updates to fix a total of 118 vulnerabilities across its software portfolio, two of which have come under active exploitation in the wild. Of the 118 flaws, three are rated Critical, 113 are rated Important, and two are rated Moderate in severity. The Patch Tuesday update doesn't include the 25 additional flaws that the tech giant addressed in its Chromium-based

GHSA-5gpr-w2p5-6m37: PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery when opening XLSX file

### Summary It's possible for an attacker to construct an XLSX file which links media from external URLs. When opening the XLSX file, PhpSpreadsheet retrieves the image size and type by reading the file contents, if the provided path is a URL. By using specially crafted `php://filter` URLs an attacker can leak the contents of any file or URL. Note that this vulnerability is different from [GHSA-w9xv-qf98-ccq4](https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-w9xv-qf98-ccq4), and resides in a different component. ### Details When an XLSX file is opened, the XLSX reader calls `setPath()` with the path provided in the `xl/drawings/_rels/drawing1.xml.rels` file in the XLSX archive: ```php if (isset($images[$embedImageKey])) { // ...omit irrelevant code... } else { $linkImageKey = (string) self::getArrayItem( $blip->attributes('http://schemas.openxmlformats.org/officeDocument/2006/relationships'), 'link' ); if (isset($images[$linkImag...

Unix Printing Vulnerabilities Enable Easy DDoS Attacks

All an attacker needs to exploit flaws in the Common Unix Printing System is a few seconds and less than 1 cent in computing costs.