Ubuntu Security Notice 4984-1 - Jan Beulich discovered that the Xen netback backend in the Linux kernel did not properly handle certain error conditions under paravirtualization. An attacker in a guest VM could possibly use this to cause a denial of service. It was discovered that the Realtek RTL8188EU Wireless device driver in the Linux kernel did not properly validate ssid lengths in some situations. An attacker could use this to cause a denial of service. Various other issues were also addressed.
47d0f4a3952d8cf4b938ec83f7efd85bdb8431f9f1a68e359b4de49fcf50d2edHealthForYou version 1.11.1 and HealthCoach version 2.9.2 have a vulnerability that allows for account takeover with only prior knowledge of the user's email address needed.
108eb293e5b0d2d18abfd3b3ef0cfabcfe3878c71ef3e5fb6ce42e26588c10f0HealthForYou version 1.11.1 and HealthCoach version 2.9.2 suffer from a user enumeration vulnerability.
42f3483603f56524c0a83a32c43ca70dcb2416daaa8123abc8aa7afb35f560feFileCOPA FTP Server version 1.01 denial of service exploit.
3e3501825544ec466af787f47d308b94d885b2236a3ce6311f2ed3df37eac109Whitepaper called Windows Win32k Elevation of Privilege Vulnerability. It details exploitation and an overview of CVE-2021-1732.
a9380503b2a681de62499f1daeafb145966439dc2c08d757cb57d440409aaee2Ubuntu Security Notice 4983-1 - Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly enforce limits for pointer operations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Piotr Krysiuk and Benedict Schlueter discovered that the eBPF implementation in the Linux kernel performed out of bounds speculation on pointer arithmetic. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
c8d6a4d1ac66d32b7a2f8aec8f4be767802cb76e03860da72e2558c5974f173aThis Metasploit module exploits an unauthenticated command injection in Cisco HyperFlex HX Data Platform's /storfs-asup endpoint to execute shell commands as the Tomcat user.
0a1aa0b824e15e84195c2385f8bf0e7dc95224435e2865997906be79faf81ba6This Metasploit module exploits an input validation error on the log file extension parameter. It does not properly validate upper/lower case characters. Once this occurs, the application log file will be treated as a php file. The log file can then be populated with php code by changing the username of a valid user, as this info is logged. The php code in the file can then be executed by sending an HTTP request to the log file. A similar issue was reported by the same researcher where a blank file extension could be supplied and the extension could be provided in the file name. This exploit will work on those versions as well, and those references are included.
ec5ef5c3f76e27557be6a802468fa8e1b2e50b2a6a2993479fd1a906363a8c90Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.
c28c1fff7657131c8f016c3309d0caeb58d367d61a5c4b56a26ac8314772d407Looking at the Mojo implementation of Chrome's legacy IPC, the legacy ipc::Message type is transferred inside a BigBuffer.
f543ac8b2cefa9c2b0092803dc79ebe3d0ccba182ed6661ceb724163521a8580There is a heap corruption bug that can occur when QT processes a malformed TIFF image. It happens because the size of the QImageData backing the image is calculated is calculated using the format of the image, meanwhile TIFFReadScanline calculates the length to be read based on TIFFScanlineSize, which determines the size base on three tags in the TIFF file, width, samples per pixel and bits per sample.
765990ea3bd9f2c14232bcfa3535efba165c1990d1e7949df33a649783e33d0bBackdoor.Win32.Androm.df malware suffers from a code execution vulnerability.
7dc3c092b4a7f3eb0886fa0f0702d6b97a6d87b30956986330eb5906d3ab95f7Gitlab version 13.10.2 authenticated remote code execution exploit.
fdd3bf5424a5516bb5299cd43e4d54baa10324040cc743962df9d063321ddcabUbuntu Security Notice 4982-1 - Kiyin discovered that the NFC LLCP protocol implementation in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service. Kiyin discovered that the NFC LLCP protocol implementation in the Linux kernel did not properly deallocate memory in certain error situations. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
30a5afa51a330465bbea0807650492fe79f27388cc8ee9ac30d0e02a89f6de63Monstra CMS version 3.0.4 authenticated remote code execution exploit.
a449bcb9e802e6538fd98131e3ca47d842f8cffabafa13b97c65cc397d12c250Ubuntu Security Notice 4981-1 - Joshua Rogers discovered that Squid incorrectly handled requests with the urn: scheme. A remote attacker could possibly use this issue to cause Squid to consume resources, leading to a denial of service. Joshua Rogers discovered that Squid incorrectly handled requests to the Cache Manager API. A remote attacker with access privileges could possibly use this issue to cause Squid to consume resources, leading to a denial of service. This issue was only addressed in Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. Various other issues were also addressed.
5f73be4fd8bb6e49cdf2fb128fc4a0c34429d328f98775c05ee84b4c5044d2b9Inkpad Notepad and To Do List version 4.3.61 suffers from a denial of service vulnerability.
5b3b0aa84bc77cbfacf517ac6e92e295787ed507cef6a0de79ab3b18878dfddfMy Notes Safe version 5.3 suffers from a denial of service vulnerability.
4ec508800f9451d8b48faa427a3e6ea5bfe34c3b15536914486c655939a17b1cMacaron Notes Great Notebook version 5.5 suffers from a denial of service vulnerability.
31ccde6221360dbafc15dda8126d446f89e959a6e39be1cc7b545e20b88e775fColor Notes version 1.4 suffers from a denial of service vulnerability.
6c187927e73273cfa63bedef34adaca786cfd86afaaa86c9627987f9456d0d9bWhitepaper giving an overview of a remote code execution vulnerability that exists in CMS Made Simple version 2.2.13.
e8e543b0e7f3d1f441248d328301c18373431ac24f8ad36bc50bc9bebcac44d8Whitepaper giving an overview of a heap-based buffer overflow in sudo.
a3e0235d128111d0eec7f203028bcf0e94013d131d5f35034ead6f7a4c3fc3ec
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed