what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

CVE-2023-4004

Status Candidate

Overview

A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.

Related Files

Kernel Live Patch Security Notice LSN-0099-1
Posted Nov 29, 2023
Authored by Benjamin M. Romer

It was discovered that the Xen netback driver in the Linux kernel did not properly handle packets structured in certain ways. An attacker in a guest VM could possibly use this to cause a denial of service (host NIC availability). It was discovered that the virtual terminal driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). Various other issues were discovered and addressed.

tags | advisory, denial of service, kernel, local
systems | linux
advisories | CVE-2022-3643, CVE-2023-31436, CVE-2023-34319, CVE-2023-3567, CVE-2023-3609, CVE-2023-3776, CVE-2023-3777, CVE-2023-3995, CVE-2023-4004, CVE-2023-40283, CVE-2023-42752, CVE-2023-42753, CVE-2023-4622, CVE-2023-4623
SHA-256 | ee52836c711111ecd52b6c4162409caa5a393b4ec4571f1e5de8d4ace83228b9
Ubuntu Security Notice USN-6442-1
Posted Oct 20, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6442-1 - Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the netfilter subsystem in the Linux kernel did not properly handle PIPAPO element removal, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service or execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-34319, CVE-2023-4004, CVE-2023-42752, CVE-2023-42753, CVE-2023-42755, CVE-2023-42756, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921
SHA-256 | 624ca94c1f61f0b559f33ddb2227d18b1b0967ea91bffacbc1c10b4b19320a6d
Kernel Live Patch Security Notice LSN-0098-1
Posted Oct 11, 2023
Authored by Benjamin M. Romer

It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. It was discovered that the virtual terminal driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux
advisories | CVE-2023-21400, CVE-2023-3090, CVE-2023-3567, CVE-2023-3609, CVE-2023-3776, CVE-2023-3777, CVE-2023-3995, CVE-2023-4004, CVE-2023-40283, CVE-2023-4128
SHA-256 | cee33fcedd3c531f91ff1d0a8fe1060cf9d74dad35ef33c6828c5de7d753e527
Progress Software WS_FTP Unauthenticated Remote Code Execution
Posted Oct 4, 2023
Authored by sfewer-r7 | Site metasploit.com

This Metasploit module exploits an unsafe .NET deserialization vulnerability to achieve unauthenticated remote code execution against a vulnerable WS_FTP server running the Ad Hoc Transfer module. All versions of WS_FTP Server prior to 2020.0.4 (version 8.7.4) and 2022.0.2 (version 8.8.2) are vulnerable to this issue. The vulnerability was originally discovered by AssetNote.

tags | exploit, remote, code execution
advisories | CVE-2023-40044
SHA-256 | 67c3ec27f34dd597203794dd63375f1b12dc8aadd9a36aed8d054aa388c58b83
Red Hat Security Advisory 2023-5244-01
Posted Sep 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5244-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include information leakage, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2023-2002, CVE-2023-20593, CVE-2023-3090, CVE-2023-3390, CVE-2023-35001, CVE-2023-35788, CVE-2023-3776, CVE-2023-4004
SHA-256 | 2d37542ffeef6aa7c393c541f56dba5c05c37d66228b869b552effea838c1489
Red Hat Security Advisory 2023-5255-01
Posted Sep 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5255-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine- tuning for systems with extremely high determinism requirements. Issues addressed include information leakage, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2023-2002, CVE-2023-20593, CVE-2023-3090, CVE-2023-3390, CVE-2023-35001, CVE-2023-35788, CVE-2023-3776, CVE-2023-4004
SHA-256 | 258b79c6d38731112095e3861aa827e7da64cfdb743f048033bd446d901f450c
Red Hat Security Advisory 2023-5221-01
Posted Sep 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5221-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include out of bounds write and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2023-3090, CVE-2023-3390, CVE-2023-35001, CVE-2023-35788, CVE-2023-3776, CVE-2023-4004
SHA-256 | 90b863a69ef3aaeeadf4c84256e8105c90c054203054b9c02dcef9c670542b6c
Red Hat Security Advisory 2023-5069-01
Posted Sep 12, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5069-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass, information leakage, and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2023-1637, CVE-2023-20593, CVE-2023-21102, CVE-2023-31248, CVE-2023-3390, CVE-2023-35001, CVE-2023-3610, CVE-2023-3776, CVE-2023-4004, CVE-2023-4147
SHA-256 | d1d2671f8a3af58445d1e0aa04838bed4cb8aa8eca76d4c0771529fae16ba345
Red Hat Security Advisory 2023-5091-01
Posted Sep 12, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5091-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include bypass, information leakage, and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2023-1637, CVE-2023-20593, CVE-2023-21102, CVE-2023-31248, CVE-2023-3390, CVE-2023-35001, CVE-2023-3610, CVE-2023-3776, CVE-2023-4004, CVE-2023-4147
SHA-256 | 692e3399682d917e015031b7ecbf9074ae894e373dd78e0e924c5ef7cd103383
Red Hat Security Advisory 2023-5093-01
Posted Sep 12, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5093-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2023-31248, CVE-2023-3390, CVE-2023-35001, CVE-2023-3610, CVE-2023-3776, CVE-2023-4004, CVE-2023-4147
SHA-256 | d823b3d002e6c5a51689e4caf4dc36b044651db9819d7381ddde6dfeea7a833e
Debian Security Advisory 5492-1
Posted Sep 11, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5492-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2023-1206, CVE-2023-1989, CVE-2023-20588, CVE-2023-2430, CVE-2023-2898, CVE-2023-34319, CVE-2023-3611, CVE-2023-3772, CVE-2023-3773, CVE-2023-3776, CVE-2023-3777, CVE-2023-3863, CVE-2023-4004, CVE-2023-4015
SHA-256 | 60277f2faef1ae1013aaa8886111d7c6bc6dc369ef63d5538109f991fe7534ea
Ubuntu Security Notice USN-6348-1
Posted Sep 6, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6348-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2022-40982, CVE-2023-20593, CVE-2023-21400, CVE-2023-3609, CVE-2023-3610, CVE-2023-3611, CVE-2023-3776, CVE-2023-3777, CVE-2023-3995, CVE-2023-4004, CVE-2023-4015
SHA-256 | 21bd7ad16821bcaedade2c6fb31460d77707aeb86f94702a8dbdf11003cb7e00
Red Hat Security Advisory 2023-4961-01
Posted Sep 5, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4961-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include out of bounds access, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2023-1829, CVE-2023-2002, CVE-2023-2124, CVE-2023-3090, CVE-2023-3390, CVE-2023-35001, CVE-2023-35788, CVE-2023-4004
SHA-256 | 6684389df31fc20aede82599f99fafc894611d2c55fac3be32a4e69245e35cdc
Red Hat Security Advisory 2023-4967-01
Posted Sep 5, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4967-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include out of bounds write and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2023-1829, CVE-2023-3090, CVE-2023-3390, CVE-2023-35001, CVE-2023-35788, CVE-2023-4004
SHA-256 | 5e22461312df0e509649b6a701ce80d7ddb1c340b7ff0348a3ad838f96cc31fa
Red Hat Security Advisory 2023-4962-01
Posted Sep 5, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4962-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2023-1829, CVE-2023-2002, CVE-2023-2124, CVE-2023-3090, CVE-2023-3390, CVE-2023-35001, CVE-2023-35788, CVE-2023-4004
SHA-256 | 53ab97930ec953dffbca45e4e056a2e6296372ccd616bd9dc629e8f5df8fa6e6
Ubuntu Security Notice USN-6330-1
Posted Sep 2, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6330-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2022-40982, CVE-2023-20593, CVE-2023-21400, CVE-2023-3609, CVE-2023-3610, CVE-2023-3611, CVE-2023-3776, CVE-2023-3777, CVE-2023-3995, CVE-2023-4004, CVE-2023-4015
SHA-256 | deecf2a1038859bc54e7bc4552ec064b918fba9c85121f69ac6b49fd50ccbe1a
Ubuntu Security Notice USN-6328-1
Posted Sep 2, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6328-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2022-40982, CVE-2023-20593, CVE-2023-3609, CVE-2023-3610, CVE-2023-3611, CVE-2023-3776, CVE-2023-3777, CVE-2023-3995, CVE-2023-4004, CVE-2023-4015
SHA-256 | c4feb5d7fc10a439682355b4dd5a2b38977e66c51fb19680ebef69b62ce10d71
Ubuntu Security Notice USN-6325-1
Posted Aug 31, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6325-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2022-40982, CVE-2023-20593, CVE-2023-21400, CVE-2023-3609, CVE-2023-3610, CVE-2023-3611, CVE-2023-3776, CVE-2023-3777, CVE-2023-3995, CVE-2023-4004, CVE-2023-4015
SHA-256 | 1743858f505c25ed449fa21a975dfb6ace00d74d103e7f67dbdfab548290c4f7
Ubuntu Security Notice USN-6321-1
Posted Aug 31, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6321-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2022-40982, CVE-2023-20593, CVE-2023-3609, CVE-2023-3610, CVE-2023-3611, CVE-2023-3776, CVE-2023-3777, CVE-2023-3995, CVE-2023-4004, CVE-2023-4015
SHA-256 | 1d629b070b7634bff1f72ea8b938d3be648a4d6ec0907851c41c3d3277248fcf
Ubuntu Security Notice USN-6318-1
Posted Aug 30, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6318-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2022-40982, CVE-2023-20593, CVE-2023-3609, CVE-2023-3610, CVE-2023-3611, CVE-2023-3776, CVE-2023-3777, CVE-2023-3995, CVE-2023-4004, CVE-2023-4015
SHA-256 | 1b7bbe8779efdf714318dc0d4a82b27e5611d839a9924800d8d0dbcd7ea7ca73
Ubuntu Security Notice USN-6316-1
Posted Aug 30, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6316-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2022-40982, CVE-2023-20593, CVE-2023-3777, CVE-2023-3995, CVE-2023-4004, CVE-2023-4015
SHA-256 | c4c9a23e316d26047a6db3093dd14fc8354a59af890d65bbbcff901cc0546675
Ubuntu Security Notice USN-6315-1
Posted Aug 30, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6315-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2022-40982, CVE-2023-20593, CVE-2023-21400, CVE-2023-3609, CVE-2023-3610, CVE-2023-3611, CVE-2023-3776, CVE-2023-3777, CVE-2023-3995, CVE-2023-4004, CVE-2023-4015
SHA-256 | 873c4cefd57f45a1c8bc078ea3edde1dcdd2a6df91f90b68d4e4fd025a0371b4
Page 1 of 1
Back1Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close