what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

Files Date: 2022-05-26

Ubuntu Security Notice USN-5402-2
Posted May 26, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5402-2 - USN-5402-1 fixed several vulnerabilities in OpenSSL. This update provides the corresponding update for Ubuntu 16.04 ESM. Elison Niven discovered that OpenSSL incorrectly handled the c_rehash script. A local attacker could possibly use this issue to execute arbitrary commands when c_rehash is run. Aliaksei Levin discovered that OpenSSL incorrectly handled resources when decoding certificates and keys. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, leading to a denial of service. This issue only affected Ubuntu 22.04 LTS.

tags | advisory, remote, denial of service, arbitrary, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-1292, CVE-2022-1473
SHA-256 | 38897d1c35ed3fd17bf48d11add588afe226f3e13ae49956791b9fd6a4337cd4
Ubuntu Security Notice USN-5447-1
Posted May 26, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5447-1 - It was discovered that logrotate incorrectly handled the state file. A local attacker could possibly use this issue to keep a lock on the state file and cause logrotate to stop working, leading to a denial of service.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2022-1348
SHA-256 | c8fa0bf04cc683831e5b871b990f973f32f66e7c6c7f8c7dfdad1c29f02b9ed1
Red Hat Security Advisory 2022-2272-01
Posted May 26, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-2272-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.41.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2022-1271, CVE-2022-1677, CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, CVE-2022-21496
SHA-256 | 84ca00dbb31ccb4ee7b3bbb601de474d49f9a2f8fa6bb9ae09965d08d9fadfc6
Tigase XMPP Server Stanza Smuggling
Posted May 26, 2022
Authored by Ivan Fratric, Google Security Research

Tigase XMPP server suffers from a security vulnerability due to not escaping double quote character when serializing parsed XML. This can be used to smuggle (or, if you prefer, inject) an arbitrary attacker-controlled stanza in the XMPP server's output stream. A malicious client can abuse this vulnerability to send arbitrary XMPP stanzas to another client (including the control stanzas that are only meant to be sent by the server).

tags | exploit, arbitrary
SHA-256 | 80c339179764f04e39876070e482957638cbcf822ccdb04b5cc72ea035585e1e
ChromeOS usbguard Bypass
Posted May 26, 2022
Authored by Jann Horn, Google Security Research

ChromeOS uses usbguard when the screen is locked but appears to suffer from bypass issues.

tags | exploit
SHA-256 | 686e2d50596cc3cee3dd66e0fc5f2a715094be5a79c099a547c49d3457af1129
Exploiting Persistent XSS And Unsanitized Injection Vectors For Layer 2 Bypass And COOLHANDLUKE Protocol Creation
Posted May 26, 2022
Authored by Ken Pyle | Site cybir.com

This whitepaper demonstrates leveraging cross site scripting and polyglot exploitation in an exploit called COOLHANDLUKE to violate network segmentation / layer 2 VLAN policies while routing and sending a file between isolated, air gapped networks without a router. This issue affects HPE Procurve, Aruba Networks, Cisco, Dell, and Netgear products.

tags | paper, protocol, xss
systems | cisco
SHA-256 | 1ec58f30e8a0a21c51d095c930eb3fc00827e2d07118a62f2dd3d6f7154a73ce
Exploiting Persistent XSS And Unsanitized Injection Vectors For DIRECTIVEFOUR Protocol Creation / IP Router-Less Tunneling
Posted May 26, 2022
Authored by Ken Pyle | Site cybir.com

In this whitepaper, the author demonstrates abusing persistent cross site scripting and polyglot payloads can allow for robust protocol creation similar to COOLHANDLUKE and allows an attacker to exfiltrate, encapsulate, and tunnel their malicious traffic between IPv4 and IPv6 networks without a router. The author calls the technique and protocol "DIRECTIVEFOUR". This issue affects Cisco SMB and Sx Series switches.

tags | paper, protocol, xss
SHA-256 | 4b5d4d8cfa4b802b87cad15d22893764dd635937e23e58bc76e7fa4673c00370
Ubuntu Security Notice USN-5446-1
Posted May 26, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5446-1 - Max Justicz discovered that dpkg incorrectly handled unpacking certain source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2022-1664
SHA-256 | 8ba864d61f0193bbfb97226d88f416c5673aba3d68a202bdfbf7fac70e91909c
Red Hat Security Advisory 2022-2268-01
Posted May 26, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-2268-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.51.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2022-1271, CVE-2022-1677
SHA-256 | 3b79aaab5ac43018a945a949d075f948a88528a199ffc70eccebc9b5e71865a6
qdPM 9.1 Remote Code Execution
Posted May 26, 2022
Authored by Rishal Dwivedi, Leon Trappett, RedHatAugust

qdPM version 9.1 authenticated remote code execution exploit that leverages a path traversal.

tags | exploit, remote, code execution
advisories | CVE-2020-7246
SHA-256 | 3232c57ac453b2620e024f66156e77f94a31f69956a38912a194df206d7de228
Ubuntu Security Notice USN-5445-1
Posted May 26, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5445-1 - Ace Olszowka discovered that Subversion incorrectly handled certain svnserve requests. A remote attacker could possibly use this issue to cause svnserver to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. Tomas Bortoli discovered that Subversion incorrectly handled certain svnserve requests. A remote attacker could possibly use this issue to cause svnserver to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2018-11782, CVE-2019-0203, CVE-2020-17525
SHA-256 | c99bfd8642d47931efcc9e47a22f2772a79bf4aba985bd65311c0c0f49f18485
Red Hat Security Advisory 2022-4745-01
Posted May 26, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4745-01 - Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2022-23959
SHA-256 | 58d597f2565832d15f200862f2ebb948370ce75a2926c0ef8097adb341296358
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close