what you don't know can hurt you
Showing 1 - 25 of 29 RSS Feed

Files Date: 2022-01-20

Red Hat Security Advisory 2022-0205-02
Posted Jan 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0205-02 - Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 8.2.3 replaces Data Grid 8.2.2 and includes bug fixes and enhancements. Issues addressed include code execution and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-44832, CVE-2021-45046, CVE-2021-45105
MD5 | 249310a3218eabb14ac8f96341cf02fb
OpenSCAP Libraries 1.3.6
Posted Jan 20, 2022
Site open-scap.org

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.

Changes: New features include the ability to select and exclude groups of rules on the command line, boot-time remediation service for systemd's Offline Update mode, memory limit control using OSCAP_PROBE_MEMORY_USAGE_RATIO environment variable, allowing disablement of SHA-1 and MD5, allowing providing pre-downloaded components, and introducing the OSBuild Blueprint fix type. About a dozen bug fixes were also applied.
tags | protocol, library
systems | unix
MD5 | 24d35d70c2a9dbf5f323d7f8ab822d72
Grandstream GXV3175 Unauthenticated Command Execution
Posted Jan 20, 2022
Authored by Brendan Coles, alhazred, Brendan Scarvell | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in Grandstream GXV3175 IP multimedia phones. The settimezone action does not validate input in the timezone parameter allowing injection of arbitrary commands. A buffer overflow in the phonecookie cookie parsing allows authentication to be bypassed by providing an alphanumeric cookie 93 characters in length. This module was tested successfully on Grandstream GXV3175v2 hardware revision V2.6A with firmware version 1.0.1.19.

tags | exploit, overflow, arbitrary
advisories | CVE-2019-10655
MD5 | d0714d342ba12f124e7b2588f1b2bde6
VMware vCenter Server Unauthenticated Log4Shell JNDI Injection Remote Code Execution
Posted Jan 20, 2022
Authored by Spencer McIntyre, RageLtMan, jbaines-r7, w3bd3vil | Site metasploit.com

VMware vCenter Server is affected by the Log4Shell vulnerability whereby a JNDI string can be sent to the server that will cause it to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the root user in the case of the Linux virtual appliance and SYSTEM on Windows. This Metasploit module will start an LDAP server that the target will need to connect to. This exploit uses the logon page vector.

tags | exploit, java, root
systems | linux, windows
advisories | CVE-2021-44228
MD5 | 32d2d28bcb4dba8e71d1328de3ecb778
GRAudit Grep Auditing Tool 3.3
Posted Jan 20, 2022
Authored by Wireghoul | Site justanotherhacker.com

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.

Changes: Fixed false positive rate in compressed js files. More secret rules. Restructured and updated classic asp rules. Updated fruit rules. Updated SQL, spsqli, ruby, android, java, and dotnet rules. Fixed greedyness in perl super global rules. Improved test case. Bug fixes for dotnet and sql rulesets. Added test case for bad quantifiers in rules. Changed test cases for consistency and portability. Rule set for auditing SCA exclusions. Updated ampscript rules. Added .github/ files for sponsorship/issues/pull requests.
tags | tool
systems | unix
MD5 | 659bcfdab993470cf5159ac02b3c2382
Botan C++ Crypto Algorithms Library 2.19.0
Posted Jan 20, 2022
Site botan.randombit.net

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.

Changes: Added a forward error correction code compatible with the zfec library. Improved Emscripten build. Made change to always use -L before build flags. Fixed compilation issue on earlier macOS versions. Added a GCC 4.8 CI target to prevent build regressions. Added support for Loongarch64. Added a check of the OSXSAVE flag before using AVX2 instructions.
tags | library
MD5 | e8eb598d834b6494ac238650dd27a8e4
AIDE 0.17.4
Posted Jan 20, 2022
Authored by Rami Lehti | Site aide.github.io

AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.

Changes: Fix to prealculate buffer size in base64 functions.
tags | tool, intrusion detection
systems | unix
advisories | CVE-2021-45417
MD5 | adac3bc719b923d49059edb992eb95c9
Kernel Live Patch Security Notice LSN-0084-1
Posted Jan 20, 2022
Authored by Benjamin M. Romer

William Liu and Jamie Hill-Daniel discovered that the file system context functionality in the Linux kernel contained an integer underflow vulnerability, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux
advisories | CVE-2022-0185
MD5 | c224d619a9fa948f9601161c030b8863
Red Hat Security Advisory 2022-0083-03
Posted Jan 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0083-03 - This release of Red Hat build of Eclipse Vert.x 4.1.8 GA includes security updates. For more information, see the release notes listed in the References section. Issues addressed include code execution and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-44832, CVE-2021-45046, CVE-2021-45105
MD5 | 8115225413fb52dab5125a938bf14b53
Red Hat Security Advisory 2022-0216-06
Posted Jan 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0216-06 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include code execution and denial of service vulnerabilities.

tags | advisory, java, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-44832, CVE-2021-45046, CVE-2021-45105
MD5 | 4dfd66103fcec17ec4133287d128702e
Ubuntu Security Notice USN-5243-1
Posted Jan 20, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5243-1 - David Bouman discovered that AIDE incorrectly handled base64 operations. A local attacker could use this issue to cause AIDE to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2021-45417
MD5 | 117feff16eb2b51d386d616ea166234d
Ubuntu Security Notice USN-5242-1
Posted Jan 20, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5242-1 - It was discovered that Open vSwitch incorrectly handled certain fragmented packets. A remote attacker could possibly use this issue to cause Open vSwitch to consume resources, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2021-3905
MD5 | 0e7c9660da726d2a887ee1c3b4bc8737
Ubuntu Security Notice USN-5021-2
Posted Jan 20, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5021-2 - USN-5021-1 fixed vulnerabilities in curl. This update provides the corresponding updates for Ubuntu 16.04 ESM. Harry Sintonen and Tomas Hoger discovered that curl incorrectly handled TELNET connections when the -t option was used on the command line. Uninitialized data possibly containing sensitive information could be sent to the remote server, contrary to expectations.

tags | advisory, remote, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-22898, CVE-2021-22925
MD5 | a7ae191b99d25c327ddbb608d3fc2059
Red Hat Security Advisory 2022-0203-03
Posted Jan 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0203-03 - The releases of Red Hat Fuse 7.8.2, 7.9.1 and 7.10.1 serve as a patch to Red Hat Fuse on Karaf and Red Hat Fuse on Spring Boot and includes security fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-44228, CVE-2021-44832, CVE-2021-45046, CVE-2021-45105
MD5 | f8cf326403466dc2f8a13e4486c28735
Red Hat Security Advisory 2022-0202-04
Posted Jan 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0202-04 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2016-4658, CVE-2018-20845, CVE-2018-20847, CVE-2018-25009, CVE-2018-25010, CVE-2018-25012, CVE-2018-25013, CVE-2018-25014, CVE-2018-5727, CVE-2018-5785, CVE-2019-12973, CVE-2019-13750, CVE-2019-13751, CVE-2019-17594, CVE-2019-17595, CVE-2019-18218, CVE-2019-19603, CVE-2019-20838, CVE-2019-5827, CVE-2020-10001, CVE-2020-12762, CVE-2020-13435, CVE-2020-13558, CVE-2020-14145, CVE-2020-14155, CVE-2020-15389, CVE-2020-16135
MD5 | a2c6170ec7ef0ffe6acbcce9e0c81942
Red Hat Security Advisory 2022-0191-03
Posted Jan 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0191-03 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.9.2 images.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-31525, CVE-2021-33195, CVE-2021-33197, CVE-2021-33198, CVE-2021-34558, CVE-2021-42574, CVE-2021-43527
MD5 | 47ce79c4c131f6c66d702d494119aef6
Red Hat Security Advisory 2022-0199-02
Posted Jan 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0199-02 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2022-23094
MD5 | 5ca07c32aff4c74e5d27d892ba305e0c
Ubuntu Security Notice USN-5241-1
Posted Jan 20, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5241-1 - It was discovered that QtSvg incorrectly handled certain malformed SVG images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause QtSvg to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-19869
MD5 | 43b058a26738d3b6497e455c57a0de19
Ubuntu Security Notice USN-5240-1
Posted Jan 20, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5240-1 - William Liu and Jamie Hill-Daniel discovered that the file system context functionality in the Linux kernel contained an integer underflow vulnerability, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-0185
MD5 | 6091dd663f500cf9a14590659a45e997
Red Hat Security Advisory 2022-0190-04
Posted Jan 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0190-04 - Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-21290
MD5 | 30d3e8f093e17aa77b19f0c703d1b8a7
Red Hat Security Advisory 2022-0188-07
Posted Jan 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0188-07 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a heap overflow vulnerability.

tags | advisory, overflow, kernel
systems | linux, redhat
advisories | CVE-2021-4155, CVE-2022-0185
MD5 | 9f91363df89636f977d7ec9755368e02
Red Hat Security Advisory 2022-0114-04
Posted Jan 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0114-04 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.41.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-39241, CVE-2021-40346
MD5 | 275a1cc6067f3e727a0e7c035868d73c
Red Hat Security Advisory 2022-0186-07
Posted Jan 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0186-07 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include heap overflow and privilege escalation vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2021-4154, CVE-2021-4155, CVE-2022-0185
MD5 | e0eb112a753d6ef3f22146b159fde383
Red Hat Security Advisory 2022-0187-04
Posted Jan 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0187-04 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include heap overflow and privilege escalation vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2021-4154, CVE-2021-4155, CVE-2022-0185
MD5 | 015043f6fb8121a618a17b8b0ec788a3
Ransomware Builder Babuk Insecure Permissions
Posted Jan 20, 2022
Authored by malvuln | Site malvuln.com

Ransomware Builder Babuk malware suffers from an insecure permissions vulnerability.

tags | exploit
MD5 | a0cd8289685e1605dfafad9ad4ee310e
Page 1 of 2
Back12Next

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    29 Files
  • 21
    Jan 21st
    12 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    17 Files
  • 25
    Jan 25th
    34 Files
  • 26
    Jan 26th
    23 Files
  • 27
    Jan 27th
    24 Files
  • 28
    Jan 28th
    14 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close