what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2022-01-24

Lynis Auditing Tool 3.0.7
Posted Jan 24, 2022
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Added OS detection for RHEL 6 and Funtoo Linux and added service manager openrc. Added alias for MariaDB. Added Trend Micro malware agent. Allowed unknown number of spaces in modprobe blacklists. Support added for newer Ubuntu versions. Support added for Garuda Linux and arch-audit. Several improvements for busybox shell. Russian translation of Lynis extended. Various other updates.
tags | tool, scanner
systems | unix
SHA-256 | 52891674347a463ce0fbbf1225cdb61f83c5db412d1c101cb48aa5f88a29e77d
UniFi Network Application Unauthenticated Log4Shell Remote Code Execution
Posted Jan 24, 2022
Authored by Spencer McIntyre, RageLtMan, Nicholas Anastasi | Site metasploit.com

The Ubiquiti UniFi Network Application versions 5.13.29 through 6.5.53 are affected by the Log4Shell vulnerability whereby a JNDI string can be sent to the server via the remember field of a POST request to the /api/login endpoint that will cause the server to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the server application. This Metasploit module will start an LDAP server that the target will need to connect to.

tags | exploit, java
advisories | CVE-2021-44228
SHA-256 | 371aff703a1c6ed83abe19b12644a1663d1052646d88c385fcca8a64bc63db21
Logwatch 7.6
Posted Jan 24, 2022
Site sourceforge.net

Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.

Changes: Fixed bugs.
tags | tool, intrusion detection
systems | unix
SHA-256 | 689f3c68b99ef7af7d3c7007c3ff0a55d5674bdbf9c01f69a9f187726d6d4baf
Botan C++ Crypto Algorithms Library 2.19.1
Posted Jan 24, 2022
Site botan.randombit.net

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.

Changes: Fixed a compilation problem affecting macOS XCode. Fixed a build problem preventing amalgamation builds in 2.19.0.
tags | library
SHA-256 | e26e00cfefda64082afdd540d3c537924f645d6a674afed2cd171005deff5560
XNU Kernel mach_msg Use-After-Free
Posted Jan 24, 2022
Authored by Google Security Research, Ian Beer

The XNU kernel suffers from a use-after-free vulnerability in mach_msg.

tags | exploit, kernel
advisories | CVE-2021-30949
SHA-256 | 2f6301f083bee339053850c19d2a821eb5bf15e94079651382aba5531646e6f1
CVE-2021-44228 Log4Shell Overview
Posted Jan 24, 2022
Authored by Pankaj Jorwal, Neeraj Jayant, Shaifali Yadav

Whitepaper that gives exploitation and overview details on the Log4j vulnerability as noted in CVE-2021-44228.

tags | paper
advisories | CVE-2021-44228
SHA-256 | 1718bbf0d45e1ebf16dbdf6e329a8b2f32b620f142e69ae4db5a2403502ff6ac
Ubuntu Security Notice USN-5243-2
Posted Jan 24, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5243-2 - USN-5243-1 fixed a vulnerability in aide. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. David Bouman discovered that AIDE incorrectly handled base64 operations. A local attacker could use this issue to cause AIDE to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2021-45417
SHA-256 | 12b8a57423f596d419f639a96d32a12ebdfdfb7da1752d9b72a1df3a19b19a96
Red Hat Security Advisory 2022-0204-04
Posted Jan 24, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0204-04 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include deserialization and integer overflow vulnerabilities.

tags | advisory, java, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-21248, CVE-2022-21277, CVE-2022-21282, CVE-2022-21283, CVE-2022-21291, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296, CVE-2022-21299, CVE-2022-21305, CVE-2022-21340, CVE-2022-21341, CVE-2022-21360, CVE-2022-21365, CVE-2022-21366
SHA-256 | 6111b47584e079b991691672c83a9bb1ec283d806d9882e1a06c6f3bc72726b2
Red Hat Security Advisory 2022-0232-02
Posted Jan 24, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0232-02 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a heap overflow vulnerability.

tags | advisory, overflow, kernel
systems | linux, redhat
advisories | CVE-2021-4155, CVE-2022-0185
SHA-256 | 1021642cd93d107bd3c68e50bdb465f39863c1f58e9f9dd4d9463294024f05b0
Red Hat Security Advisory 2022-0211-04
Posted Jan 24, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0211-04 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include deserialization and integer overflow vulnerabilities.

tags | advisory, java, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-21248, CVE-2022-21277, CVE-2022-21282, CVE-2022-21283, CVE-2022-21291, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296, CVE-2022-21299, CVE-2022-21305, CVE-2022-21340, CVE-2022-21341, CVE-2022-21360, CVE-2022-21365, CVE-2022-21366
SHA-256 | 4ce14f3eb438b226de3c60089a87af6d69792d0aed8fa73d3694231e01d43b56
Red Hat Security Advisory 2022-0185-03
Posted Jan 24, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0185-03 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include deserialization and integer overflow vulnerabilities.

tags | advisory, java, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-21248, CVE-2022-21277, CVE-2022-21282, CVE-2022-21283, CVE-2022-21291, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296, CVE-2022-21299, CVE-2022-21305, CVE-2022-21340, CVE-2022-21341, CVE-2022-21360, CVE-2022-21365, CVE-2022-21366
SHA-256 | c65766993a3f6e45d1753c58150eb8ee04f8ced9690106f6de78b636d10b994f
Red Hat Security Advisory 2022-0233-02
Posted Jan 24, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0233-02 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include deserialization and integer overflow vulnerabilities.

tags | advisory, java, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-21248, CVE-2022-21277, CVE-2022-21282, CVE-2022-21283, CVE-2022-21291, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296, CVE-2022-21299, CVE-2022-21305, CVE-2022-21340, CVE-2022-21341, CVE-2022-21360, CVE-2022-21365, CVE-2022-21366
SHA-256 | ad227589de97531242ae10f793cacc7c47be2a842ec93d7f68c55efb0747b4fa
Red Hat Security Advisory 2022-0209-02
Posted Jan 24, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0209-02 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include deserialization and integer overflow vulnerabilities.

tags | advisory, java, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2022-21248, CVE-2022-21277, CVE-2022-21282, CVE-2022-21283, CVE-2022-21291, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296, CVE-2022-21299, CVE-2022-21305, CVE-2022-21340, CVE-2022-21341, CVE-2022-21360, CVE-2022-21365, CVE-2022-21366
SHA-256 | 0bc29c42f81a12c840cf1d83967196697ae8bddb306a1f61560184bf89d6c492
Red Hat Security Advisory 2022-0231-03
Posted Jan 24, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0231-03 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include heap overflow and privilege escalation vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2021-4154, CVE-2021-4155, CVE-2022-0185
SHA-256 | 57770ee1c33dbd8dba6dacf04547cf9e17773b3c538fd57af340bf40ac1aa736
Ubuntu Security Notice USN-5244-1
Posted Jan 24, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5244-1 - Daniel Onaca discovered that DBus contained a use-after-free vulnerability, caused by the incorrect handling of usernames sharing the same UID. An attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2020-35512
SHA-256 | eb658d0fae205e9fb1cf3b939c4f2178257b0554ee56bdb3534db4af424f8a00
Red Hat Security Advisory 2022-0230-03
Posted Jan 24, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0230-03 - OpenShift Logging Bug Fix Release. Issues addressed include code execution and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-27292, CVE-2021-44832
SHA-256 | 741b2c0ef0ede5f4a7576bac2fdb735f258391b34069033c7131ec21ab7a60a4
Ubuntu Security Notice USN-5248-1
Posted Jan 24, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5248-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, trick a user into accepting unwanted permissions, conduct header splitting attacks, conduct spoofing attacks, bypass security restrictions, confuse the user, or execute arbitrary code.

tags | advisory, denial of service, arbitrary, spoof
systems | linux, ubuntu
advisories | CVE-2021-29981, CVE-2021-29987, CVE-2021-29991, CVE-2021-38495, CVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38502, CVE-2021-38503, CVE-2021-38504, CVE-2021-38508, CVE-2021-38509, CVE-2021-4126, CVE-2021-43528, CVE-2021-43536, CVE-2021-43537, CVE-2021-43541, CVE-2021-43542, CVE-2021-43656, CVE-2021-44538, CVE-2022-22737, CVE-2022-22740, CVE-2022-22741, CVE-2022-22745, CVE-2022-22747
SHA-256 | ee94116ff4e4b3081cc98a796565452f32b9979d45115195dba7be2d4510ee9a
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close