what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files Date: 2022-05-24

Red Hat Security Advisory 2022-4721-01
Posted May 24, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4721-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a privilege escalation vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2022-0492
SHA-256 | f9883ad9e6150312c7d527e96bb91bb7ce44824d08863a8198dceed0db83ab06
Ubuntu Security Notice USN-5439-1
Posted May 24, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5439-1 - Gunnar Hjalmarsson discovered that AccountsService incorrectly dropped privileges. A local user could possibly use this issue to cause AccountsService to crash or stop responding, resulting in a denial of service.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2022-1804
SHA-256 | 1ba0fe6423f2322fb60ea715427b119088fa6ff3ecaa64132a2f82d29d96f2c1
Ubuntu Security Notice USN-5440-1
Posted May 24, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5440-1 - Alexander Lakhin discovered that PostgreSQL incorrectly handled the security restricted operation sandbox when a privileged user is maintaining another user's objects. An attacker having permission to create non-temp objects can use this issue to execute arbitrary commands as the superuser.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-1552
SHA-256 | afb7ac8dfa18021533dd1fe40974a4cd36cb7516b0d83f7e79b332743aa4ed7d
Ubuntu Security Notice USN-5438-1
Posted May 24, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5438-1 - It was discovered that HTMLDOC did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted HTML file, a remote attacker could possibly use this issue to cause HTMLDOC to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-23165
SHA-256 | 542453ced915ebb7602fcd08f1d0bbe3e3d2bc6543e84431afac96174abfa1a1
Ubuntu Security Notice USN-5437-1
Posted May 24, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5437-1 - Tobias Stoeckmann discovered that libXfixes incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-7944
SHA-256 | 28b2613b268b5b81a61688ca5923bfc41d7ddbec6de35cfcc7df9010f9b66488
I2P 1.8.0
Posted May 24, 2022
Authored by welterde | Site i2p2.de

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

Changes: Various updates.
tags | tool
systems | unix
SHA-256 | 525f2ad3267f130b81296b3dd24102fdcf2adf098d54272da4e1be4abd87df04
Ubuntu Security Notice USN-5436-1
Posted May 24, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5436-1 - Tobias Stoeckmann discovered that libXrender incorrectly handled certain responses. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-7949
SHA-256 | a68c328472176a9f2ce8d1148dfe8b7097f7b70356d0bf7472a3922ab24f6102
Online Fire Reporting System 1.0 SQL Injection
Posted May 24, 2022
Authored by nu11secur1ty

Online Fire Reporting System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | b1c3fcc5f6290ffd9b90335d1c772770c479498cbb069b16a94b8cc5ac381565
Red Hat Security Advisory 2022-4717-01
Posted May 24, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4717-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a privilege escalation vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2022-0492
SHA-256 | 2702dee3e48d7005b19141b7d3fdd594630111f42423104e4165fc167a60f8c0
Ubuntu Security Notice USN-5434-1
Posted May 24, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5434-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass permission prompts, obtain sensitive information, bypass security restrictions, cause user confusion, or execute arbitrary code. It was discovered that Thunderbird would show the wrong security status after viewing an attached message that is signed or encrypted. An attacker could potentially exploit this by tricking the user into trusting the authenticity of a message.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-1520, CVE-2022-29909, CVE-2022-29914, CVE-2022-29916
SHA-256 | 237c5eb4eb47add7437e7b310f6d5827e420d60072cbc15d8576433f3ae3affe
Ubuntu Security Notice USN-5435-1
Posted May 24, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5435-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass permission prompts, obtain sensitive information, bypass security restrictions, cause user confusion, or execute arbitrary code. It was discovered that Thunderbird would show the wrong security status after viewing an attached message that is signed or encrypted. An attacker could potentially exploit this by tricking the user into trusting the authenticity of a message.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-1520, CVE-2022-29909, CVE-2022-29914, CVE-2022-29916
SHA-256 | 237c5eb4eb47add7437e7b310f6d5827e420d60072cbc15d8576433f3ae3affe
Deliverance 0.018-daf9452 File Descriptor Fuzzer
Posted May 24, 2022
Authored by Marshall Whittaker | Site github.com

Deliverance is a file descriptor fuzzer written in bash. It injects random data into file descriptors of pids associated with a process until the program crashes, then outputs the results of what caused the crash. It leaves behind files that were used as input for the last 2 minutes before the fault, useful for reproduction.

tags | tool, bash, fuzzer
SHA-256 | b2d5c61d25c3596775232700731b3c52f39be5ff2131841bfe8f930ed516e6e3
Red Hat Security Advisory 2022-4722-01
Posted May 24, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4722-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-24070
SHA-256 | 6b4f58a2af0980c8b72c69fb6b72f48a811e77f61b19f7175bd3f6c8cac99b00
Ubuntu Security Notice USN-5434-1
Posted May 24, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5434-1 - It was discovered that the methods of an Array object could be corrupted as a result of prototype pollution by sending a message to the parent process. If a user were tricked into opening a specially crafted website, an attacker could exploit this to execute JavaScript in a privileged context.

tags | advisory, javascript
systems | linux, ubuntu
advisories | CVE-2022-1529
SHA-256 | 5c1a6337e78a42d03169f0ba88e8c5ab3edef10a831fc2af55998839be62848f
Ubuntu Security Notice USN-5433-1
Posted May 24, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5433-1 - It was discovered that Vim incorrectly handled parsing of filenames in its search functionality. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service. It was discovered that Vim incorrectly handled memory when opening and searching the contents of certain files. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges.

tags | advisory, denial of service, code execution
systems | linux, ubuntu
advisories | CVE-2021-3973, CVE-2021-3974, CVE-2021-4019, CVE-2021-4069, CVE-2021-4192, CVE-2022-1154
SHA-256 | 8b8300d57f240b901a3f654950e0c539f204e144869f668c8135608a5cde9f4f
Red Hat Security Advisory 2022-4699-01
Posted May 24, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4699-01 - The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2022-29599
SHA-256 | 3398978f8c32415ee9443ab2197b63a37808ca5ed5f997fae73573d5b75dff6d
CLink Office 2.0 SQL Injection
Posted May 24, 2022
Authored by Stephen Tsoi, Erwin Chan

CLink Office version 2.0 anti-spam management console suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 9676058a709b31daa10982fa1a10ec1523f7cda27a0244b0cd46de826a9d9647
TP-Link Backup Decryption Utility
Posted May 24, 2022
Authored by ret5et | Site github.com

This is a small tool written to help decrypt encrypted TP-Link backups.

tags | tool
systems | unix
SHA-256 | 6dfd1b159b4562812a1078e17fd4ac9732d0d63aa702172f555e54c1cfb902a8
Zoom XMPP Stanza Smuggling Remote Code Execution
Posted May 24, 2022
Authored by Ivan Fratric, Google Security Research

This report describes a vulnerability chain that enables a malicious user to compromise another user over Zoom chat. User interaction is not required for a successful attack. The only ability an attacker needs is to be able to send messages to the victim over Zoom chat over XMPP protocol. Initial vulnerability (labeled XMPP Stanza Smuggling) abuses parsing inconsistencies between XML parsers on Zoom's client and server in order to be able to "smuggle" arbitrary XMPP stanzas to the victim client. From there, by sending a specially crafted control stanza, the attacker can force the victim client to connect to a malicious server, thus turning this primitive into a man-in-the-middle attack. Finally, by intercepting/modifying client update requests/responses, the victim client downloads and executes a malicious update, resulting in arbitrary code execution. A client downgrade attack is utilized to bypass signature check on the update installer. This attack has been demonstrated against the latest (5.9.3) client running on Windows 64-bit, however some or all parts of the chain are likely applicable to other platforms.

tags | exploit, arbitrary, code execution, protocol
systems | windows
advisories | CVE-2022-22787, CVE-2022-25236
SHA-256 | c5835f3651ef4f351fdd27038787c6bd633712398f3562132cf3224e2a0a5e16
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close