what you don't know can hurt you
Showing 1 - 25 of 339 RSS Feed

Files Date: 2022-04-01 to 2022-04-30

TOR Virtual Network Tunneling Tool 0.4.7.7
Posted Apr 29, 2022
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.

Changes: This is the first stable version of the 0.4.7.x series. This series includes several major bugfixes from previous series and one massive new feature: congestion control.
tags | tool, remote, local, peer2peer
systems | unix
SHA-256 | 3e131158b52b9435d7e43d1c47ef288b96d005342cc44b8c950bb403851a5b44
Red Hat Security Advisory 2022-1645-01
Posted Apr 29, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1645-01 - Twisted is a networking engine written in Python, supporting numerous protocols. It contains a web server, numerous chat clients, chat servers, mail servers and more. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, web, protocol, python
systems | linux, redhat
advisories | CVE-2022-24801
SHA-256 | 18a104826aa895a03c52b3bcd258ce538f2ba0cb7eb0dbcd17064e049546f4ce
Red Hat Security Advisory 2022-1644-01
Posted Apr 29, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1644-01 - XML-RPC is a remote procedure call protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML. Issues addressed include a code execution vulnerability.

tags | advisory, remote, web, code execution, protocol
systems | linux, redhat
advisories | CVE-2022-25235
SHA-256 | 6411512a574d6fff515bffc7e82e7304682cd0252c57acb85779335db74418bb
Red Hat Security Advisory 2022-1492-01
Posted Apr 29, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1492-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for Windows serves as a replacement for the Red Hat build of OpenJDK 8 and includes security and bug fixes, and enhancements.

tags | advisory, java
systems | linux, redhat, windows
advisories | CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, CVE-2022-21496
SHA-256 | 176b22ef2e4a7464f94cfcc6a473c1ff8f66a4898a1c34dd2a6e7686e46e1201
Red Hat Security Advisory 2022-1643-01
Posted Apr 29, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1643-01 - XML-RPC is a remote procedure call protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML. Issues addressed include a code execution vulnerability.

tags | advisory, remote, web, code execution, protocol
systems | linux, redhat
advisories | CVE-2022-25235
SHA-256 | f8d15676020a9ab3d565cd4406a7e5da73416bf14c9546ee5307f620eab24745
Red Hat Security Advisory 2022-1436-01
Posted Apr 29, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1436-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21449, CVE-2022-21476, CVE-2022-21496
SHA-256 | 3986d0719fae03fa5e12b7c9a78343c416ad00d7ab7087afe97da082bb00891c
Red Hat Security Advisory 2022-1437-01
Posted Apr 29, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1437-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21449, CVE-2022-21476, CVE-2022-21496
SHA-256 | a37d6ee2d94e6ffeb2dfaf615e8f70bf826b0aa11c5ee38db6c1df49a2675d2a
Red Hat Security Advisory 2022-1439-01
Posted Apr 29, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1439-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for Windows serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements.

tags | advisory, java
systems | linux, redhat, windows
advisories | CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, CVE-2022-21496
SHA-256 | 38a965fd734360eace55cf2867365beaa7bcab78d71852c360e571fecfe22e31
Red Hat Security Advisory 2022-1438-01
Posted Apr 29, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1438-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for portable Linux serves as a replacement for Red Hat build of OpenJDK 8 and includes security and bug fixes as well as enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, CVE-2022-21496
SHA-256 | 7ed6ff4be918dc939749458267e67ab1584a4600e50a9020f89afd0497cfc0da
Red Hat Security Advisory 2022-1435-01
Posted Apr 29, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1435-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, CVE-2022-21496
SHA-256 | 3ac438c6b696748f3015d5f6c27f95d5761501c00b4ed6d60fc0809930b94768
Ubuntu Security Notice USN-5398-1
Posted Apr 29, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5398-1 - It was discovered that SDL incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-33657
SHA-256 | 3571a05cc6fea4b3cdfbe433376a74587e5e82c23ce719228ddb6ebc5b1fc1f4
Ubuntu Security Notice USN-5397-1
Posted Apr 29, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5397-1 - Patrick Monnerat discovered that curl incorrectly handled certain OAUTH2. An attacker could possibly use this issue to access sensitive information. Harry Sintonen discovered that curl incorrectly handled certain requests. An attacker could possibly use this issue to expose sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2022-22576
SHA-256 | 53851df01d62721e9d564fbb5d3eb81f5d20ca59ef93990346f84c0d51c146a8
Ubuntu Security Notice USN-5396-1
Posted Apr 29, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5396-1 - It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-25059
SHA-256 | ba9f02a4fe127647dcb933eb9c41141be35bbc4887d09a553038bbefb8c515be
Ubuntu Security Notice USN-5395-1
Posted Apr 29, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5395-1 - It was discovered that networkd-dispatcher incorrectly handled internal scripts. A local attacker could possibly use this issue to cause a race condition, escalate privileges and execute arbitrary code.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2022-29799
SHA-256 | 65dadbe1b1bda50c817b1115dc9f8909ba4f026e9baebc60a86b39b24cc68b5f
Red Hat Security Advisory 2022-1642-01
Posted Apr 29, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1642-01 - The zlib packages provide a general-purpose lossless data compression library that is used by many different programs.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-25032
SHA-256 | af271ed60ca20c6132ed2d97a05597ae8b646552f6a973ccada5a2a04eb0d336
nullcon Goa 2022 Call For Papers
Posted Apr 28, 2022
Site nullcon.net

The Call For Papers for nullcon Goa 2022 is now open. Nullcon is an information security conference held in Goa, India. The focus of the conference is to showcase the next generation of offensive and defensive security technology. It will take place September 9th through the 10th, 2022. This conference was originally planned for March but was moved due to the pandemic.

tags | paper, conference
SHA-256 | 39c60f1efe6870f2afbfec3ec20a66a476febcd39809fcf597f4f887ff64ea08
Ubuntu Security Notice USN-5392-1
Posted Apr 28, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5392-1 - It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 20.04 LTS. It was discovered that Mutt incorrectly handled certain input. An attacker could possibly use this issue to cause a crash, or expose sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2021-32055, CVE-2022-1328
SHA-256 | 1ba4c79fde835ce103d1c0270c637879d9c0520b1e234e8654f3f73d155c0b2e
Ubuntu Security Notice USN-5394-1
Posted Apr 28, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5394-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2022-22624
SHA-256 | 4d28ba4ec65abbd647ce541d3f35e56b233b7e97e1369456b0e2db59766b5636
Ubuntu Security Notice USN-5371-2
Posted Apr 28, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5371-2 - USN-5371-1 fixed several vulnerabilities in nginx. This update provides the fix for CVE-2021-3618 for Ubuntu 22.04 LTS. It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.

tags | advisory, web, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-11724, CVE-2020-36309, CVE-2021-3618
SHA-256 | 0312d8395edc75623bc232eb22c356f06f0f1ab5ad2bd86ce88f5fc4a29fe7c0
Ubuntu Security Notice USN-5393-1
Posted Apr 28, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5393-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, conduct spoofing attacks, or execute arbitrary code. It was discovered that Thunderbird ignored OpenPGP revocation when importing a revoked key in some circumstances. An attacker could potentially exploit this by tricking the user into trusting the authenticity of a message or tricking them into use a revoked key to send an encrypted message.

tags | advisory, denial of service, arbitrary, spoof
systems | linux, ubuntu
advisories | CVE-2022-1097, CVE-2022-1196, CVE-2022-1197, CVE-2022-28281, CVE-2022-28282, CVE-2022-28286, CVE-2022-28289
SHA-256 | dfe0d7843af6c686d2aef7aa4091bcfac518f6bb06c09227a82b7e7c49217bbf
Home Clean Service System 1.0 SQL Injection
Posted Apr 28, 2022
Authored by nu11secur1ty

Home Clean Service System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 713a953a97cc2b254906ef14b96aecd818ac74f87d3c6e66fe86d43c4f287826
Redis Lua Sandbox Escape
Posted Apr 27, 2022
Authored by Reginaldo Silva, jbaines-r7 | Site metasploit.com

This Metasploit module exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The vulnerability was introduced by Debian and Ubuntu Redis packages that insufficiently sanitized the Lua environment. The maintainers failed to disable the package interface, allowing attackers to load arbitrary libraries. On a typical redis deployment (not docker), this module achieves execution as the redis user. Debian/Ubuntu packages run Redis using systemd with the "MemoryDenyWriteExecute" permission, which limits some of what an attacker can do. For example, staged meterpreter will fail when attempting to use mprotect. As such, stageless meterpreter is the preferred payload. Redis can be configured with authentication or not. This module will work with either configuration (provided you provide the correct authentication details). This vulnerability could theoretically be exploited across a few architectures: i386, arm, ppc, etc. However, the module only supports x86_64, which is likely to be the most popular version.

tags | exploit, arbitrary, ppc
systems | linux, debian, ubuntu
advisories | CVE-2022-0543
SHA-256 | 25990c6dc1f07a86ea2e834b9c66c011d9af3d483f0592ec3011de6f791bfa0a
Zepp 6.1.4-play User Account Enumeration
Posted Apr 27, 2022
Authored by Karima Hebbal | Site trovent.io

Zepp version 6.1.4-play suffers from a user account enumeration flaw in the password reset function.

tags | exploit
SHA-256 | dd2dc79c277146022bd841a6e3457f872018f219fbac2d90f8f9b9a7a5da6c35
Ubuntu Security Notice USN-5391-1
Posted Apr 27, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5391-1 - Nicolas Iooss discovered that libsepol incorrectly handled memory when handling policies. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that libsepol incorrectly handled memory when handling policies. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087
SHA-256 | 2b9f7839558bf9b6e3a4ce82cbaf448f90f226607ae4646b89d7394b329a6c7b
nfstream 6.5.1
Posted Apr 27, 2022
Authored by Zied Aouini | Site github.com

nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.

Changes: Fix for broken pypi Linux wheels.
tags | tool, python
systems | unix
SHA-256 | 11018a20c5c4a8ffe5475a7ea057d506b57d4c3b931d8a2018a96c1341de0d95
Page 1 of 14
Back12345Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close