The javascript terminal emulator used by AWS CloudShell handles certain terminal escape codes incorrectly. This can lead to remote code execution if attacker controlled data is displayed in a CloudShell instance.
a07ebf4a753f14e46c966e23a4c3cf0bThe bd daemon, which runs as part of the F5 BIG-IP Application Security Manager (ASM), is vulnerable to a stack-based buffer overflow when processing overlong HTTP response headers in the is_hdr_criteria_matches function.
fb4bb5a73422ead38863ca80421b7215Big IP's Traffic Management Microkernels (TMM) URI normalization incorrectly handles invalid IPv6 hostnames allowing for information disclosure and an out-of-bounds write condition.
7bbc96ec1d50a3a238d0764ad16101eaPackage Control suffers from an arbitrary file write vulnerability.
fc1001c8bbe8a7cae533f770aa149604Node version 14.11.0 is vulnerable to a use-after-free bug in its TLS implementation.
605c74b7f6ed00900884dafc459cf57eusrsctp suffers from insecure HMAC generation that can lead to out-of-bounds access.
60dae1b024aad137dbbc2e032f8413acusrsctp suffers from a usrsctp pending_reply_queue out-of-bounds access vulnerability.
fbfd1f9af88626326bb98128c859b372Apache 2 suffers from an issue with concurrent pool usage in the http2 module.
8e2f6c32f5529339e29797af43253deeApache 2 suffers from a memory corruption vulnerability in the mod_http2 push diary implementation.
8368f936e5103096fbffcf0dc212a89eGithub Actions supports a feature called workflow commands that is susceptible to widespread code injection vulnerabilities.
ed0cc8399b9664318e4cac10f05729b5Kubernetes has multiple issues in aws-iam-authenticator where lax controls can lead to a lower security posture.
0efac33980805dcdab8d64773d7981d5HashiCorp Vault's GCP authentication method can be bypassed on gce type roles that do not specify bound_service_accounts. Vault does not enforce that the compute_engine data in a signed JWT token has any relationship to the service account that created the token. This makes it possible to impersonate arbitrary GCE instances, by creating a JWT token with a faked compute_engine struct, using an arbitrary attacker controlled service account.
7b83f776aff7e235a44aa2d4f4125bb8HashiCorp Vault's AWS IAM authentication method can be bypassed by sending a serialized request to the STS AssumeRoleWithWebIdentity method as part of the authentication flow. The request triggers a JSON encoded response from the STS server, which can contain a fully-attacker controlled fake GetCallerIdentityResponse as part of its body. As the Vault response parser ignores non-xml content before and after the malicious response, this can be used to spoof arbitrary AWS identities and roles.
c2e3c92a813a0ec7ee985df9b624b079Apache2 suffers from an incorrect handling of large requests issue in mod_proxy_uwsgi.
794813ee73c7fb742550accd8b61f2e2Insecure TLS session reuse can lead to a hostname verification bypass in Node.js.
9bde5356a44eb307d096d404cbcdc1d0The haproxy hpack implementation in hpack-tbl.c handles 0-length HTTP headers incorrectly. This can lead to a fully controlled relative out-of-bounds write when processing a malicious HTTP2 request (or response).
ec4200ed138e11159b83e1a1d18ff6d3A git clone action can leak cached / stored credentials for github.com to example.com due to insecure handling of newlines in the credential helper protocol.
c958ad3ac0a7a989d1f7f2c9f24fadb6KVM suffers from a use-after-free vulnerability after using the emulated VMX preemption timer.
a0d1f27f5e38bc4b60b7e3417a578978KVM suffers from an uninitialized memory leak vulnerability in kvm_inject_page_fault.
d143badc5670e32e28cf7e6fb40d4424This Metasploit module exploits a command injection vulnerability in Evince before version 3.24.1 when opening comic book `.cbt` files. Some file manager software, such as Nautilus and Atril, may allow automatic exploitation without user interaction due to thumbnailer preview functionality. Note that limited space is available for the payload.
518ed0c670d289725a426edf1b4243c3This is a small tutorial write up that provides a DynoRoot exploit proof of concept.
34564033c2577542c76d3de9c82d2615Xen suffers from an integer overflow vulnerability in xen-netback xenvif_set_hash_mapping.
056a37f9c265e3d9566b012c2ea95423When KVM (on Intel) virtualizes another hypervisor as L1 VM it does not verify that VMX instructions from the L1 VM (which trigger a VM exit and are emulated by L0 KVM) are coming from ring 0.
52237ddbf09d9e8e93706408732deecfThis Metasploit module exploits the DynoRoot vulnerability, a flaw in how the NetworkManager integration script included in the DHCP client in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier processes DHCP options. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.
5260d2ef5bb8f8bbc5edbc0ec7cb7c67EMC Replication Manager (RM) is affected by a remote code execution vulnerability that may be exploited by an attacker to compromise an affected system. A remote unauthenticated attacker may execute arbitrary commands on an RM Client, with high privileges, by starting a rogue RM Server that connects to the RM Client and executes the malicious script/payload that is placed in an SMB share, by the attacker, that is accessible to the RM Client. Affected include EMC Replication Manager versions prior to 5.5.3 on all supported OS, EMC Network Module for Microsoft version 3.x, and EMC Networker Module for Microsoft version 8.2.x.
4196d1c352856a42a93ca08de065887a
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed