exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 33 RSS Feed

Files Date: 2023-10-17

Debian Security Advisory 5522-3
Posted Oct 17, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5522-3 - A regression was discovered in the Http2UpgradeHandler class of Tomcat 9 introduced by the patch to fix CVE-2023-44487 (Rapid Reset Attack). A wrong value for the overheadcount variable forced HTTP2 connections to close early.

tags | advisory
systems | linux, debian
advisories | CVE-2023-44487
SHA-256 | 24e294103b57531588198722a8954c8fef2961b6fe2c3e09f03d5ab90505e314
Debian Security Advisory 5528-1
Posted Oct 17, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5528-1 - William Khem-Marquez discovered that using malicious plugins for the the Babel JavaScript compiler could result in arbitrary code execution during compilation.

tags | advisory, arbitrary, javascript, code execution
systems | linux, debian
advisories | CVE-2023-45133
SHA-256 | 8e9e8528781517c283dd31746e17304f3aa59d28da1d214c1d5ecffd747062ff
XNSoft Nconvert 7.136 Buffer Overflow / Denial Of Service
Posted Oct 17, 2023
Authored by Michele Toccagni | Site toccagni.info

XNSoft Nconvert version 7.136 is vulnerable to buffer overflow and denial of service conditions. Proof of concepts included.

tags | exploit, denial of service, overflow, proof of concept
advisories | CVE-2023-43250, CVE-2023-43251, CVE-2023-43252
SHA-256 | 638390b25c13e2dfa7b3f373e58cc3d277307ff7a2ae09d48cf4a2266af3831a
Squid Caching Proxy 55 Vulnerabilities
Posted Oct 17, 2023
Authored by Joshua Rogers | Site megamansec.github.io

Two and a half years ago an independent audit was performed on the Squid Caching Proxy, which ultimately resulted in 55 vulnerabilities being discovered in the project's C++ source code. Although some of the issues have been fixed, the majority (35) remain valid. The majority have not been assigned CVEs, and no patches or workarounds are available. Some of the listed issues concern more than one bug, which is why 45 issues are listed, despite there being 55 vulnerabilities in total (10 extra of the result of similar, but different pathways to reproduce a vulnerability). After two and a half years of waiting, the researcher has decided to release the issues publicly.

tags | advisory, vulnerability
SHA-256 | 77ed12c6bd03c55cd63ef810517ab92f57f6a589120686609e66c3eec1485f06
Apple Security Advisory 10-10-2023-1
Posted Oct 17, 2023
Authored by Apple | Site apple.com

Apple Security Advisory 10-10-2023-1 - iOS 16.7.1 and iPadOS 16.7.1 addresses buffer overflow and code execution vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | apple, ios
advisories | CVE-2023-42824, CVE-2023-5217
SHA-256 | be667eaa57ffd89fffea82b376e2b645bb12c3cc11f98e4e4a604a9d1468d665
Ubuntu Security Notice USN-6396-3
Posted Oct 17, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6396-3 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information.

tags | advisory, x86, local
systems | linux, ubuntu
advisories | CVE-2022-27672, CVE-2022-40982, CVE-2023-3212, CVE-2023-3863, CVE-2023-40283, CVE-2023-4128
SHA-256 | 8232218ebf9db1d697b359db5fb1b03f5377448ae5c7c7556b00fe639696885f
Ubuntu Security Notice USN-6433-1
Posted Oct 17, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6433-1 - It was discovered that Ghostscript incorrectly handled certain PDF documents. If a user or automated system were tricked into opening a specially crafted PDF file, a remote attacker could use this issue to execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-43115
SHA-256 | 1fac12dac6d1f50f13dc0c32b1c7829da12e86a146b2694b90438d93a30a5bd5
Ubuntu Security Notice USN-6425-3
Posted Oct 17, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6425-3 - USN-6425-1 fixed vulnerabilities in Samba. This update provides the corresponding updates for Ubuntu 23.10. Sri Nagasubramanian discovered that the Samba acl_xattr VFS module incorrectly handled read-only files. When Samba is configured to ignore system ACLs, a remote attacker could possibly use this issue to truncate read-only files. Andrew Bartlett discovered that Samba incorrectly handled the DirSync control. A remote attacker with an RODC DC account could possibly use this issue to obtain all domain secrets. Andrew Bartlett discovered that Samba incorrectly handled the rpcecho development server. A remote attacker could possibly use this issue to cause Samba to stop responding, resulting in a denial of service. Kirin van der Veer discovered that Samba incorrectly handled certain RPC service listeners. A remote attacker could possibly use this issue to cause Samba to start multiple incompatible RPC listeners, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04.

tags | advisory, remote, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-4091, CVE-2023-4154, CVE-2023-42669, CVE-2023-42670
SHA-256 | d00ddbbac04e9ca28e5197158c09754621e8065ad1f124d00bbd8edabbef4103
Ubuntu Security Notice USN-6423-2
Posted Oct 17, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6423-2 - USN-6423-1 fixed a vulnerability in CUE. This update provides the corresponding updates for Ubuntu 23.10. It was discovered that CUE incorrectly handled certain files. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-43641
SHA-256 | 130c551ce6526e3867b7494370a3b9fccc7948230c17bfdbafce668f2d4e02a0
Ubuntu Security Notice USN-6429-3
Posted Oct 17, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6429-3 - USN-6429-1 fixed vulnerabilities in curl. This update provides the corresponding updates for Ubuntu 23.10. Jay Satiro discovered that curl incorrectly handled hostnames when using a SOCKS5 proxy. In environments where curl is configured to use a SOCKS5 proxy, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04. It was discovered that curl incorrectly handled cookies when an application duplicated certain handles. A local attacker could possibly create a cookie file and inject arbitrary cookies into subsequent connections.

tags | advisory, remote, arbitrary, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-38545, CVE-2023-38546
SHA-256 | d1725e2867219ce04c36896ee359cb48113c317935ea121e2af01b7b802e2783
Ubuntu Security Notice USN-6394-2
Posted Oct 17, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6394-2 - USN-6394-1 fixed a vulnerability in Python. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Python incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code or cause a crash.

tags | advisory, arbitrary, python
systems | linux, ubuntu
advisories | CVE-2022-48560
SHA-256 | d38a75206389008d3e1ad14a50564e60d915ccb7b901100a133baef1458072fe
Ubuntu Security Notice USN-6432-1
Posted Oct 17, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6432-1 - It was discovered that the Quagga BGP daemon did not properly check the attribute length in NRLI. A remote attacker could possibly use this issue to cause a denial of service. It was discovered that the Quagga BGP daemon did not properly manage memory when reading initial bytes of ORF header. A remote attacker could possibly use this issue to cause a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2023-41358, CVE-2023-41360
SHA-256 | 83ab0aa9332b74bfb15adf2f2e832ac211abc89c5493ef410be7aed9a5efe908
Ubuntu Security Notice USN-6431-3
Posted Oct 17, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6431-3 - USN-6431-1 fixed a vulnerability in iperf3. This update provides the corresponding update for Ubuntu 22.04 LTS. Jorge Sancho Larraz discovered that iperf3 did not properly manage certain inputs, which could cause the server process to stop responding, waiting for input on the control connection. A remote attacker could possibly use this issue to cause a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
SHA-256 | 74da1658299fe94be4fc2dcf67a2a38a512b50b8c3be53ba7225d4b79c4cafa8
Ubuntu Security Notice USN-6431-2
Posted Oct 17, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6431-2 - USN-6431-1 fixed a vulnerability in iperf3. This update provides the corresponding update for Ubuntu 22.04 LTS and Ubuntu 23.04. It was discovered that iperf3 did not properly manage certain inputs, which could lead to a crash. A remote attacker could possibly use this issue to cause a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2023-38403
SHA-256 | 5dbdbf5f36a60de7a69c9dd0e63e2fdf0f2c8598e786ae36cc41d796dbb11502
Red Hat Security Advisory 2023-5780-01
Posted Oct 17, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5780-01 - A security update for Camel Extensions for Quarkus 2.13.3 is now available. The purpose of this text-only erratum is to inform you about the security issues fixed. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-40167
SHA-256 | d414b4c1e411b4f999ba8dbc221a28022817114418081ebbc6fc2851ca490b9d
Red Hat Security Advisory 2023-5775-01
Posted Oct 17, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5775-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2023-3609
SHA-256 | 102897021ac9e30459a12093e059f0cc9cd65e55acc7e756c15e779e883fb857
Red Hat Security Advisory 2023-5771-01
Posted Oct 17, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5771-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, protocol
systems | linux, redhat
advisories | CVE-2023-3341
SHA-256 | af194c6df8cfaa1ab3dbeb343af35d63f04ba586031d82f0f4a5fc2d225b5647
Red Hat Security Advisory 2023-5770-01
Posted Oct 17, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5770-01 - nghttp2 contains the Hypertext Transfer Protocol version 2 client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C. Issues addressed include a denial of service vulnerability.

tags | advisory, web, denial of service, protocol
systems | linux, redhat
advisories | CVE-2023-44487
SHA-256 | e238cc36d09269ca4b5139b9de071c83fddb9c788bd67536b39781e141297847
Red Hat Security Advisory 2023-5769-01
Posted Oct 17, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5769-01 - nghttp2 contains the Hypertext Transfer Protocol version 2 client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C. Issues addressed include a denial of service vulnerability.

tags | advisory, web, denial of service, protocol
systems | linux, redhat
advisories | CVE-2023-44487
SHA-256 | 7cbefc8e4028ece01017318ee2c6828ba7abe47ed0937477140142efd1f56a06
Red Hat Security Advisory 2023-5768-01
Posted Oct 17, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5768-01 - nghttp2 contains the Hypertext Transfer Protocol version 2 client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C. Issues addressed include a denial of service vulnerability.

tags | advisory, web, denial of service, protocol
systems | linux, redhat
advisories | CVE-2023-44487
SHA-256 | 0d85cd26379ad3cc0ef4486eaf98abf09d84069f7d8cf1f9f276dc9fa28c5d4c
Red Hat Security Advisory 2023-5767-01
Posted Oct 17, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5767-01 - nghttp2 contains the Hypertext Transfer Protocol version 2 client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C. Issues addressed include a denial of service vulnerability.

tags | advisory, web, denial of service, protocol
systems | linux, redhat
advisories | CVE-2023-44487
SHA-256 | a3df9223e0ce271f60e7dbb42c178a6ba04b57fe5239c9d1b6d911a6c9846fc2
Red Hat Security Advisory 2023-5766-01
Posted Oct 17, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5766-01 - nghttp2 contains the Hypertext Transfer Protocol version 2 client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C. Issues addressed include a denial of service vulnerability.

tags | advisory, web, denial of service, protocol
systems | linux, redhat
advisories | CVE-2023-44487
SHA-256 | 82a4740fbe239e3a078172d2cfec64659b2caa388387d8382d9bc439d9f8685c
Red Hat Security Advisory 2023-5765-01
Posted Oct 17, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5765-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, javascript
systems | linux, redhat
advisories | CVE-2023-44487
SHA-256 | 6b13b57b801319ae2d26fa965809d3592ac24a8e12394e5471f7261831a205a7
Red Hat Security Advisory 2023-5764-01
Posted Oct 17, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5764-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, javascript
systems | linux, redhat
advisories | CVE-2023-44487
SHA-256 | 022e1f4af9e816dca761f97f9f1ac70762f736c2c5bfbf981d1192f85fdb880b
Red Hat Security Advisory 2023-5763-01
Posted Oct 17, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5763-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a buffer overflow vulnerability.

tags | advisory, web, overflow, protocol
systems | linux, redhat
advisories | CVE-2023-38545
SHA-256 | 510c6724745c0651fdfcdb28c913292f03ad32f78e765fb9849dd2ced54a1233
Page 1 of 2
Back12Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close