This Metasploit module escapes from a privileged Docker container and obtains root on the host machine by abusing the Linux cgroup notification on release feature. This exploit should work against any container started with the following flags: --cap-add=SYS_ADMIN, --privileged.
96e3dd9d2191efa268a444e84e7547c50e9a4480e50aec7c0ffb4d80ebaaaf32Ubuntu Security Notice 4451-2 - USN-4451-1 fixed a vulnerability in ppp. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Thomas Chauchefoin discovered that ppp incorrectly handled module loading. A local attacker could use this issue to load arbitrary kernel modules and possibly execute arbitrary code. Various other issues were also addressed.
c68ad231253f0d6c22503e9592ba3197a3976dd3f7f4c996e8cfd1b3669e37e1Red Hat Security Advisory 2020-3358-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include bypass, code execution, and cross site scripting vulnerabilities.
a138441bfdebc4ca9e9ff48d83058e48eaa636fac11e78743531b2cd4814d228Red Hat Security Advisory 2020-3345-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.11.0. Issues addressed include a use-after-free vulnerability.
81193d17955367f8adc55c9e4a5330e7aacbcfe024ed79330a458d165e75e5d3Red Hat Security Advisory 2020-3344-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.11.0. Issues addressed include a use-after-free vulnerability.
fbced59d2f9e50a187ea2fea05f12398c3f936c15e0db2fc68d6f0d3f7f283d8Red Hat Security Advisory 2020-3341-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.11.0. Issues addressed include a use-after-free vulnerability.
fe1e49003f2f42fbf27b61e1703e459cdfbd024352a1b5dccdcc5e0e9f10e4e6Red Hat Security Advisory 2020-3342-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.11.0. Issues addressed include a use-after-free vulnerability.
e251492539cf309bf34a80476f7a9cfa04a8950e1412ce990ded842b70af1ee1Red Hat Security Advisory 2020-3343-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.11.0. Issues addressed include a use-after-free vulnerability.
642cd8a07b7b8576ba0df54a6ce07b8576d90d87bbf8122b5b9b0f10b5c25a14Ubuntu Security Notice 4453-1 - Johannes Kuhn discovered that OpenJDK 8 incorrectly handled access control contexts. An attacker could possibly use this issue to execute arbitrary code. Philippe Arteau discovered that OpenJDK 8 incorrectly verified names in TLS server's X.509 certificates. An attacker could possibly use this issue to obtain sensitive information. It was discovered that OpenJDK 8 incorrectly handled exceptions in DerInputStream class and in the DerValue.equals method. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.
ec93115e6269588e2af11c449ad74eaae8e44ffea226a1cbea8c285a75e6ed9bVictor CMS version 1.0 suffers from a search remote SQL injection vulnerability. Original discovery of SQL injection in this version is attributed to BKpatron.
bad3758ecc0d87876838d3196bf4d8b6a336133490c00facac4125704570d9feOnline Shopping Alphaware version 1.0 suffers from an unauthorized administrative functionality access vulnerability.
af86f3f2c3fc65a797a7322c542028b83b7c440ae34c67c40b6fb9d42a4d9386Online Shopping Alphaware version 1.0 suffers from an arbitrary file upload vulnerability.
1c73f02370cfc464f48e9e0329d3295cf79cee55b8d21245f13bb4fa92008374Online Shopping Alphaware version 1.0 suffers from a cross site request forgery vulnerability.
10eaf91c2386843e5718ae708a9128ff7150df99808d437a21dbbd1290208453Daily Expenses Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to Daniel Ortiz.
57f241880941f9858b0121795dde9cd336d5411327d71648cab34454c4d2acb2Daily Expenses Management System version 1.0 suffers from a cross site request forgery vulnerability.
859ad6f8002c2e443b458c79c1ead85e85f81ee2ee685da7d4307bcaeed0a865Daily Expenses Management System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
d12f856358ece8af5af610c09d4fcccb1a90301f90a9ff55a63f3ad25f12e611Curfew e-Pass Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to gh1mau.
02ec0bb1649cf997b05a017aed698bf8edd9fdefbef3abbf9e50334a94facc84QlikView version 12.50.20000.0 denial of service proof of concept exploit.
a3edf93aa60b6c2ce473219431da1889d9f1184493ec40266be41e2f59e5ccb4ACTi NVR3 Standard or Professional Server version 3.0.12.42 denial of service proof of concept exploit.
6a57437ddc52274c73f9a7b375791a9ad27fea5817745334f53c8d0c73a32876Debian Linux Security Advisory 4742-1 - Tim Starling discovered two vulnerabilities in firejail, a sandbox program to restrict the running environment of untrusted applications.
6a4df3c7ad1367dcd699c32aacb749682658d724271d0b74dde2c46776b6fd35
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed