exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2024-05-13

Debian Security Advisory 5688-1
Posted May 13, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5688-1 - It was discovered that missing input sanitising in the Atril document viewer could result in writing arbitrary files in the users home directory if a malformed epub document is opened.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2023-52076
SHA-256 | ce64dbc7042d36045420d8024d1749d0ba1c9d8b43b3a218aec4ed4925c70038
Debian Security Advisory 5687-1
Posted May 13, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5687-1 - A security issue was discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. Google is aware that an exploit for CVE-2024-4671 exists in the wild.

tags | advisory, denial of service, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2024-4671
SHA-256 | fefd1de1decbc1434a5c297ec454790b8b54743c888a645237a73641ccde75e5
Kemp LoadMaster Local sudo Privilege Escalation
Posted May 13, 2024
Authored by bwatters-r7, Dave Yesland | Site metasploit.com

This Metasploit module abuses a feature of the sudo command on Progress Kemp LoadMaster. Certain binary files are allowed to automatically elevate with the sudo command. This is based off of the file name. Some files have this permission are not write-protected from the default bal user. As such, if the file is overwritten with an arbitrary file, it will still auto-elevate. This module overwrites the /bin/loadkeys file with another executable.

tags | exploit, arbitrary
SHA-256 | 0ba86964552be2e15d8dfa5aee3dc906633226221f56038c5adfd5023d1cef02
Gentoo Linux Security Advisory 202405-33
Posted May 13, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202405-33 - Multiple vulnerabilities have been discovered in PoDoFo, the worst of which could lead to code execution. Versions greater than or equal to 0.10.1 are affected.

tags | advisory, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2023-31566, CVE-2023-31567
SHA-256 | 0f079a3a9ed1b14c17eed0010b2a3a9dab852edc5acc1505fb4bbe146a15d7c1
Gentoo Linux Security Advisory 202405-32
Posted May 13, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202405-32 - Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. Versions greater than or equal to 115.10.0 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2024-1546, CVE-2024-1547, CVE-2024-1548, CVE-2024-1549, CVE-2024-1550, CVE-2024-1551, CVE-2024-1552, CVE-2024-1553, CVE-2024-1936, CVE-2024-2609, CVE-2024-3302, CVE-2024-3854, CVE-2024-3857, CVE-2024-3859
SHA-256 | 3283b7e266237a6df6b8dc58a8f3b51eb90071121c21462cfd91730f52a3efb9
Gentoo Linux Security Advisory 202405-31
Posted May 13, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202405-31 - A vulnerability has been discovered in Kubelet, which can lead to privilege escalation. Versions greater than or equal to 1.28.5 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2023-5528
SHA-256 | cb7809ea80edc32b1ba6a8545c37a92c5980f394bbdd184747356f927ef58e32
Ubuntu Security Notice USN-6771-1
Posted May 13, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6771-1 - It was discovered that SQL parse incorrectly handled certain nested lists. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2024-4340
SHA-256 | d4667d289a8e91d1ce3a98ab4961c911970232c5d3603980b0eb0eb6e4153694
Panel.SmokeLoader MVID-2024-0682 Cross Site Request Forgery / Cross Site Scripting
Posted May 13, 2024
Authored by malvuln | Site malvuln.com

Panel.SmokeLoader malware suffers from cross site request forgery, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | ef278eac34255b166212b8c3d391b9134c5e614f5beadcfc77d5664154f0a7de
Panel.SmokeLoader MVID-2024-0681 Cross Site Scripting
Posted May 13, 2024
Authored by malvuln | Site malvuln.com

Panel.SmokeLoader malware suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | bcc5e47df8b2d6bd47ac6d8b30cb4be97dade1f97e3d46af383c50831ef76904
Esteghlal F.C. Cross Site Scripting
Posted May 13, 2024
Authored by E1.Coders

Esteghlal F.C.'s site suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 27a3e849215cdeb3acce420536732c6bb9d4b0fd92ff4c0bea2720714ce42ece
Red Hat Security Advisory 2024-2822-03
Posted May 13, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-2822-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-25111
SHA-256 | 5b1278591beedae5fcae4e4762e94641b13117bc5eda0f8c60a271d4a510d203
Red Hat Security Advisory 2024-2821-03
Posted May 13, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-2821-03 - An update for bind and dhcp is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-4408
SHA-256 | 4f8df9f8e47e09d47ac5674f3aa068dfee1a6f8902e6fd33cfbc244643a3e3be
Red Hat Security Advisory 2024-2820-03
Posted May 13, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-2820-03 - An update for varnish is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-30156
SHA-256 | 7c390b54da0eca65e2b0663efdcf83e2ef3a714b13ba783f9605f2507f6564b5
Red Hat Security Advisory 2024-2817-03
Posted May 13, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-2817-03 - An update is now available for Red Hat OpenShift GitOps v1.10.5 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-29180
SHA-256 | 5fce456a49aae23326971a5dc5d1b6f6787c2fbe0337f175c0e28b439bce0a90
Red Hat Security Advisory 2024-2816-03
Posted May 13, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-2816-03 - An update is now available for Red Hat OpenShift GitOps v1.12.2 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-29180
SHA-256 | 2fa82a942dce95cbb513c3cf36904fe9b5c32c8666f3c99124b2530f409d5f89
Red Hat Security Advisory 2024-2815-03
Posted May 13, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-2815-03 - An update is now available for Red Hat OpenShift GitOps v1.11.4 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-29180
SHA-256 | e257c2473fdc2c975650cc94f9b18c0bcf3f118ddcb9feb68d8d3ffb3342ec84
Arm Mali 5th Gen Dangling ATE
Posted May 13, 2024
Authored by Jann Horn, Google Security Research

In mmu_insert_pages_no_flush(), when a HUGE_HEAD page is mapped to a 2M aligned GPU address, this is done by creating an Address Translation Entry (ATE) at MIDGARD_MMU_LEVEL(2) (in other words, an ATE covering 2M of memory is created). This is wrong because it assumes that at least 2M of memory should be mapped. mmu_insert_pages_no_flush() can be called in cases where less than that should be mapped, for example when creating a short alias of a big native allocation. Later, when kbase_mmu_teardown_pgd_pages() tries to tear down this region, it will detect that unmapping a subsection of a 2M ATE is not possible and write a log message complaining about this, but then proceed as if everything was fine while leaving the ATE intact. This means the higher-level code will proceed to free the referenced physical memory while the ATE still points to it.

tags | exploit
advisories | CVE-2024-0671
SHA-256 | 02b7002e9ef87f42111b8b994ec26a71eab28f5f71c23d3899c25a6cc7a85c92
Page 1 of 1
Back1Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close