what you don't know can hurt you
Showing 1 - 17 of 17 RSS Feed

Files Date: 2022-01-24

Lynis Auditing Tool 3.0.7
Posted Jan 24, 2022
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Added OS detection for RHEL 6 and Funtoo Linux and added service manager openrc. Added alias for MariaDB. Added Trend Micro malware agent. Allowed unknown number of spaces in modprobe blacklists. Support added for newer Ubuntu versions. Support added for Garuda Linux and arch-audit. Several improvements for busybox shell. Russian translation of Lynis extended. Various other updates.
tags | tool, scanner
systems | unix
MD5 | 7a8780d062e643b7e42902d594d7ae06
UniFi Network Application Unauthenticated Log4Shell Remote Code Execution
Posted Jan 24, 2022
Authored by Spencer McIntyre, RageLtMan, Nicholas Anastasi | Site metasploit.com

The Ubiquiti UniFi Network Application versions 5.13.29 through 6.5.53 are affected by the Log4Shell vulnerability whereby a JNDI string can be sent to the server via the remember field of a POST request to the /api/login endpoint that will cause the server to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the server application. This Metasploit module will start an LDAP server that the target will need to connect to.

tags | exploit, java
advisories | CVE-2021-44228
MD5 | 64bcafaf188c9e4293e9ddab30c1387e
Logwatch 7.6
Posted Jan 24, 2022
Site sourceforge.net

Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.

Changes: Fixed bugs.
tags | tool, intrusion detection
systems | unix
MD5 | 815bf1ef835e9ac29c29cfe4deda56c2
Botan C++ Crypto Algorithms Library 2.19.1
Posted Jan 24, 2022
Site botan.randombit.net

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.

Changes: Fixed a compilation problem affecting macOS XCode. Fixed a build problem preventing amalgamation builds in 2.19.0.
tags | library
MD5 | 30a71dd700d69561483fb1599a13ea3b
XNU Kernel mach_msg Use-After-Free
Posted Jan 24, 2022
Authored by Google Security Research, ianbeer

The XNU kernel suffers from a use-after-free vulnerability in mach_msg.

tags | exploit, kernel
advisories | CVE-2021-30949
MD5 | eb1b8067af59bf13ac79b38151184bb3
CVE-2021-44228 Log4Shell Overview
Posted Jan 24, 2022
Authored by Pankaj Jorwal, Neeraj Jayant, Shaifali Yadav

Whitepaper that gives exploitation and overview details on the Log4j vulnerability as noted in CVE-2021-44228.

tags | paper
advisories | CVE-2021-44228
MD5 | d7bf2d7c8ec7165469d4c726036ddc4f
Ubuntu Security Notice USN-5243-2
Posted Jan 24, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5243-2 - USN-5243-1 fixed a vulnerability in aide. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. David Bouman discovered that AIDE incorrectly handled base64 operations. A local attacker could use this issue to cause AIDE to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2021-45417
MD5 | 6575860d3eea4bd9a6f3f9f321aa9551
Red Hat Security Advisory 2022-0204-04
Posted Jan 24, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0204-04 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include deserialization and integer overflow vulnerabilities.

tags | advisory, java, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-21248, CVE-2022-21277, CVE-2022-21282, CVE-2022-21283, CVE-2022-21291, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296, CVE-2022-21299, CVE-2022-21305, CVE-2022-21340, CVE-2022-21341, CVE-2022-21360, CVE-2022-21365, CVE-2022-21366
MD5 | 29636d3dcb750647ac8e53db393f8ad7
Red Hat Security Advisory 2022-0232-02
Posted Jan 24, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0232-02 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a heap overflow vulnerability.

tags | advisory, overflow, kernel
systems | linux, redhat
advisories | CVE-2021-4155, CVE-2022-0185
MD5 | a5f4b709e59a2ebbdcdefd726310b3ac
Red Hat Security Advisory 2022-0211-04
Posted Jan 24, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0211-04 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include deserialization and integer overflow vulnerabilities.

tags | advisory, java, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-21248, CVE-2022-21277, CVE-2022-21282, CVE-2022-21283, CVE-2022-21291, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296, CVE-2022-21299, CVE-2022-21305, CVE-2022-21340, CVE-2022-21341, CVE-2022-21360, CVE-2022-21365, CVE-2022-21366
MD5 | 75bc5ea06b43bb1e9ec29e26d885bf63
Red Hat Security Advisory 2022-0185-03
Posted Jan 24, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0185-03 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include deserialization and integer overflow vulnerabilities.

tags | advisory, java, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-21248, CVE-2022-21277, CVE-2022-21282, CVE-2022-21283, CVE-2022-21291, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296, CVE-2022-21299, CVE-2022-21305, CVE-2022-21340, CVE-2022-21341, CVE-2022-21360, CVE-2022-21365, CVE-2022-21366
MD5 | f5d68ecfa454812dd96220544ed3595e
Red Hat Security Advisory 2022-0233-02
Posted Jan 24, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0233-02 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include deserialization and integer overflow vulnerabilities.

tags | advisory, java, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-21248, CVE-2022-21277, CVE-2022-21282, CVE-2022-21283, CVE-2022-21291, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296, CVE-2022-21299, CVE-2022-21305, CVE-2022-21340, CVE-2022-21341, CVE-2022-21360, CVE-2022-21365, CVE-2022-21366
MD5 | 0b8ae3cfa0028b7ab942aec5e40c3b89
Red Hat Security Advisory 2022-0209-02
Posted Jan 24, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0209-02 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include deserialization and integer overflow vulnerabilities.

tags | advisory, java, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-21248, CVE-2022-21277, CVE-2022-21282, CVE-2022-21283, CVE-2022-21291, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296, CVE-2022-21299, CVE-2022-21305, CVE-2022-21340, CVE-2022-21341, CVE-2022-21360, CVE-2022-21365, CVE-2022-21366
MD5 | 40b0ec8233059e0ce5a0128dc8c37456
Red Hat Security Advisory 2022-0231-03
Posted Jan 24, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0231-03 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include heap overflow and privilege escalation vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2021-4154, CVE-2021-4155, CVE-2022-0185
MD5 | 7a516513ee7e28d8dcae074f65af40c9
Ubuntu Security Notice USN-5244-1
Posted Jan 24, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5244-1 - Daniel Onaca discovered that DBus contained a use-after-free vulnerability, caused by the incorrect handling of usernames sharing the same UID. An attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2020-35512
MD5 | 1e4cadffb5e13b7024c0063417db6f68
Red Hat Security Advisory 2022-0230-03
Posted Jan 24, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0230-03 - OpenShift Logging Bug Fix Release. Issues addressed include code execution and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-27292, CVE-2021-44832
MD5 | 084de22d14f5a65e1c9d63020c592e36
Ubuntu Security Notice USN-5248-1
Posted Jan 24, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5248-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, trick a user into accepting unwanted permissions, conduct header splitting attacks, conduct spoofing attacks, bypass security restrictions, confuse the user, or execute arbitrary code.

tags | advisory, denial of service, arbitrary, spoof
systems | linux, ubuntu
advisories | CVE-2021-29981, CVE-2021-29987, CVE-2021-29991, CVE-2021-38495, CVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38502, CVE-2021-38503, CVE-2021-38504, CVE-2021-38508, CVE-2021-38509, CVE-2021-4126, CVE-2021-43528, CVE-2021-43536, CVE-2021-43537, CVE-2021-43541, CVE-2021-43542, CVE-2021-43656, CVE-2021-44538, CVE-2022-22737, CVE-2022-22740, CVE-2022-22741, CVE-2022-22745, CVE-2022-22747
MD5 | 641674d1be412cfdbe6cab06bb9fd660
Page 1 of 1
Back1Next

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    29 Files
  • 21
    Jan 21st
    12 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    17 Files
  • 25
    Jan 25th
    34 Files
  • 26
    Jan 26th
    23 Files
  • 27
    Jan 27th
    24 Files
  • 28
    Jan 28th
    14 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close