This archive contains all of the 170 exploits added to Packet Storm in March, 2022.
6bfa5ea340ba93d1eab5494d494509bb601607d56b218558b80524425948251e
Apple Security Advisory 2022-03-31-1 - iOS 15.4.1 and iPadOS 15.4.1 addresses code execution and out of bounds write vulnerabilities.
9ae2b5da95ff8d6c0595615ff2b6d1a454d32e644c97de390b1ff0e6119d7c85
Apple Security Advisory 2022-03-31-2 - macOS Monterey 12.3.1 addresses code execution, out of bounds read, and out of bounds write vulnerabilities.
b9a80f2423ee047562e675855fb77e8e541ddbeb9be931ee062b9739269afae4
Ubuntu Security Notice 5362-1 - Nick Gregory discovered that the Linux kernel incorrectly handled network offload functionality. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida discovered that hardware mitigations added by ARM to their processors to address Spectre-BTI were insufficient. A local attacker could potentially use this to expose sensitive information.
15aee9355fdfa4005c244c11432f609c7d439bd4c9e2bb1fc22da50bd8c0cbbd
Ubuntu Security Notice 5361-1 - It was discovered that the VFIO PCI driver in the Linux kernel did not properly handle attempts to access disabled memory spaces. A local attacker could use this to cause a denial of service. Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did not properly verify certain fragmented frames. A physically proximate attacker could possibly use this issue to inject or decrypt packets.
c315b3f99c654dc04603839d125f1fe9f0159f30ff823c00d323d0852627c9cf
Ubuntu Security Notice 5358-2 - It was discovered that the network traffic control implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the IPsec implementation in the Linux kernel did not properly allocate enough memory when performing ESP transformations, leading to a heap-based buffer overflow. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
deb96a91064bc099ffeb478760619b25afdd94938095305f77e0c05f82dce7cd
Ubuntu Security Notice 5357-2 - It was discovered that the IPsec implementation in the Linux kernel did not properly allocate enough memory when performing ESP transformations, leading to a heap-based buffer overflow. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
0aabbd9946e659cf2c4321c896bba914c6207878dafb832b3409067c2847771f
Ubuntu Security Notice 5360-1 - It was discovered that Tomcat incorrectly performed input verification. A remote attacker could possibly use this issue to intercept sensitive information. It was discovered that Tomcat did not properly deserialize untrusted data. An attacker could possibly use this issue to execute arbitrary code. It was discovered that Tomcat did not properly validate the input length. An attacker could possibly use this to trigger an infinite loop, resulting in a denial of service.
3436d55d788ad60834f3280cd7d2491a02f126d834178f1f7bb6700121442cf9
WordPress Uleak Security Dashboard plugin version 1.2.3 suffers from a cross site scripting vulnerability.
0fdb6aa94c702076155898419bd6a1e2a1ac21094f5bba9733abc38551a56754