what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Recent Files

Files RSS Feed
Red Hat Security Advisory 2023-5096-01
Posted Sep 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5096-01 - Logging Subsystem 5.5.16 - Red Hat OpenShift security update. Red Hat Product Security has rated this update as having a security impact of Moderate.

tags | advisory
systems | linux, redhat
Ubuntu Security Notice USN-6389-1
Posted Sep 20, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6389-1 - It was discovered that Indent incorrectly handled parsing certain source files. If a user or automated system were tricked into processing a specially crafted source file, a remote attacker could use this issue to cause Indent to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
Red Hat Security Advisory 2023-5310-01
Posted Sep 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5310-01 - A security update for Camel Extensions for Quarkus 2.13.3 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
Ubuntu Security Notice USN-6386-1
Posted Sep 20, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6386-1 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
Ubuntu Security Notice USN-6387-1
Posted Sep 20, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6387-1 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
Ubuntu Security Notice USN-6388-1
Posted Sep 20, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6388-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Yang Lan discovered that the GFS2 file system implementation in the Linux kernel could attempt to dereference a null pointer in some situations. An attacker could use this to construct a malicious GFS2 image that, when mounted and operated on, could cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
Ubuntu Security Notice USN-6385-1
Posted Sep 20, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6385-1 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, x86, kernel, local
systems | linux, ubuntu
Ubuntu Security Notice USN-6384-1
Posted Sep 20, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6384-1 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. Lonial Con discovered that the netfilter subsystem in the Linux kernel contained a memory leak when handling certain element flush operations. A local attacker could use this to expose sensitive information.

tags | advisory, kernel, local, memory leak
systems | linux, ubuntu
Ubuntu Security Notice USN-6382-1
Posted Sep 20, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6382-1 - It was discovered that Memcached incorrectly handled certain multi-packet uploads in UDP. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service, udp
systems | linux, ubuntu
Red Hat Security Advisory 2023-5233-01
Posted Sep 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5233-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.4 images.

tags | advisory
systems | linux, redhat
Red Hat Security Advisory 2023-5239-01
Posted Sep 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5239-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include buffer overflow, code execution, and denial of service vulnerabilities.

tags | advisory, denial of service, overflow, kernel, vulnerability, code execution
systems | linux, redhat
Red Hat Security Advisory 2023-5235-01
Posted Sep 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5235-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

tags | advisory, kernel
systems | linux, redhat
Red Hat Security Advisory 2023-5264-01
Posted Sep 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5264-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include buffer overflow, code execution, and denial of service vulnerabilities.

tags | advisory, denial of service, overflow, kernel, vulnerability, code execution
systems | linux, redhat
Red Hat Security Advisory 2023-5238-01
Posted Sep 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5238-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.

tags | advisory, kernel
systems | linux, redhat
Red Hat Security Advisory 2023-5252-01
Posted Sep 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5252-01 - The dmidecode packages provide utilities for extracting Intel 64 and Intel Itanium hardware information from the system BIOS or Extensible Firmware Interface, depending on the SMBIOS/DMI standard. This information typically includes system manufacturer, model name, serial number, BIOS version, and asset tag, as well as other details, depending on the manufacturer.

tags | advisory
systems | linux, redhat
Lamano CMS 2.0 Cross Site Request Forgery
Posted Sep 20, 2023
Authored by indoushka

Lamano CMS version 2.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
Red Hat Security Advisory 2023-5259-01
Posted Sep 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5259-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Issues addressed include a null pointer vulnerability.

tags | advisory
systems | linux, redhat
Red Hat Security Advisory 2023-5244-01
Posted Sep 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5244-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include information leakage, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
Red Hat Security Advisory 2023-5236-01
Posted Sep 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5236-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a buffer overflow vulnerability.

tags | advisory, web, overflow
systems | linux, redhat
Ubuntu Security Notice USN-6383-1
Posted Sep 20, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6383-1 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that the ARM64 KVM implementation in the Linux kernel did not properly restrict hypervisor memory access. An attacker in a guest VM could use this to execute arbitrary code in the host OS.

tags | advisory, arbitrary, kernel, local
systems | linux, ubuntu
Red Hat Security Advisory 2023-5249-01
Posted Sep 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5249-01 - The ncurses library routines are a terminal-independent method of updating character screens with reasonable optimization. The ncurses packages contain support utilities including a terminfo compiler tic, a decompiler infocmp, clear, tput, tset, and a termcap conversion tool captoinfo.

tags | advisory
systems | linux, redhat
Red Hat Security Advisory 2023-5245-01
Posted Sep 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5245-01 - The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
WordPress Theme My Login 2FA Brute Force
Posted Sep 20, 2023
Authored by Joost Grunwald | Site iecetee.com

WordPress Theme My Login 2FA plugin versions prior to 1.2 suffer from a brute forcing vulnerability.

tags | exploit, cracker
Apache Airflow 1.10.10 Remote Code Execution
Posted Sep 19, 2023
Authored by Pepe Berba, Ismail E. Dawoodjee, xuxiang | Site metasploit.com

This Metasploit module exploits an unauthenticated command injection vulnerability by combining two critical vulnerabilities in Apache Airflow version 1.10.10. The first, CVE-2020-11978, is an authenticated command injection vulnerability found in one of Airflow's example DAGs, "example_trigger_target_dag", which allows any authenticated user to run arbitrary OS commands as the user running Airflow Worker/Scheduler. The second, CVE-2020-13927, is a default setting of Airflow 1.10.10 that allows unauthenticated access to Airflow's Experimental REST API to perform malicious actions such as creating the vulnerable DAG above. The two CVEs taken together allow vulnerable DAG creation and command injection, leading to unauthenticated remote code execution.

tags | exploit, remote, arbitrary, vulnerability, code execution
Lexmark Device Embedded Web Server Remote Code Execution
Posted Sep 19, 2023
Authored by jheysel-r7, James Horseman, Zach Hanley | Site metasploit.com

An unauthenticated remote code execution vulnerability exists in the embedded webserver in certain Lexmark devices through 2023-02-19. The vulnerability is only exposed if, when setting up the printer or device, the user selects "Set up Later" when asked if they would like to add an Admin user. If no Admin user is created, the endpoint /cgi-bin/fax_change_faxtrace_settings is accessible without authentication. The endpoint allows the user to configure a number of different fax settings. A number of the configurable parameters on the page fail to be sanitized properly before being used in a bash eval statement, allowing for an unauthenticated user to run arbitrary commands.

tags | exploit, remote, arbitrary, cgi, code execution, bash
View Older Files →

Recent News

News RSS Feed
Vast Majority Of Bot Attacks Emanate From China And Russia
Posted Sep 20, 2023

tags | headline, hacker, government, russia, china, botnet, cyberwar, military
Robocall Scammers Sentenced In US After Netting $1.2 Million
Posted Sep 20, 2023

tags | headline, government, usa, phone, india, cybercrime, fraud
DHS Publishes New Recommendations On Cyber Incident Reporting
Posted Sep 20, 2023

tags | headline, hacker, government, privacy, usa, data loss
The Clorox Company Admits Cyberattack Causing Disruption
Posted Sep 19, 2023

tags | headline, hacker, data loss
Chinese Hackers Use Never Before Seen Linux Backdoor
Posted Sep 19, 2023

tags | headline, hacker, malware, linux, china, backdoor
Hacker Conversations: Casey Ellis From Bugcrowd
Posted Sep 19, 2023

tags | headline, hacker
Misconfigured SAS Token By Microsoft's AI Team Exposes 38TB Of GitHub Data
Posted Sep 19, 2023

tags | headline, microsoft, data loss, flaw, password
Multiple Crypto Raids Net Lazarus Group $290m In 15 Weeks
Posted Sep 18, 2023

tags | headline, hacker, government, cybercrime, data loss, fraud, cyberwar, cryptography, north korea
Fortinet Patches High Severity Vulnerabilities In Multiple Products
Posted Sep 18, 2023

tags | headline, flaw, patch
BlackCat/ALPHV Reportedly Encrypted More Than 100 MGM ESXi Hypervisors
Posted Sep 18, 2023

tags | headline, hacker, privacy, malware, cybercrime, data loss, fraud, cryptography
View More News →

File Archive:

September 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    2 Files
  • 2
    Sep 2nd
    21 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    17 Files
  • 5
    Sep 5th
    34 Files
  • 6
    Sep 6th
    29 Files
  • 7
    Sep 7th
    11 Files
  • 8
    Sep 8th
    25 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    26 Files
  • 12
    Sep 12th
    23 Files
  • 13
    Sep 13th
    17 Files
  • 14
    Sep 14th
    22 Files
  • 15
    Sep 15th
    16 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    19 Files
  • 19
    Sep 19th
    60 Files
  • 20
    Sep 20th
    23 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

News Tags

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close