what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 28 RSS Feed

Files Date: 2022-06-03

NVIDIA Data Center GPU Manager Remote Memory Corruption
Posted Jun 3, 2022
Authored by Jeremy Brown

NVIDIA DCGM runs on machines with NVIDIA GPUs to gather telemetry and GPU health data. nv-hostengine is a daemon that by default listens on the loopback interface, but can also listen on the network for requests coming in on port 5555 (remote mgmt). A native client named DCGMI allows users to make requests to the daemon to support a variety of functions. Malformed packets can cause the daemon (running as root or user account) to crash or potentially result in code execution. Versions less than 2.3.5 are affected.

tags | exploit, remote, root, code execution
advisories | CVE-2022-21820
SHA-256 | 2b77e249b980c3871a0f2ac4cb6decec29e1672c0858391ed0910b4b6867f9f3
Red Hat Security Advisory 2022-1166-01
Posted Jun 3, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1166-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.47.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-0567
SHA-256 | 4781d3645cbc8e39080e6ba70a5d46eed3154b00cf45a72aa851d87243f58b8d
Ubuntu Security Notice USN-5459-1
Posted Jun 3, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5459-1 - Aurélien Aptel discovered that cifs-utils invoked a shell when requesting a password. In certain environments, a local attacker could possibly use this issue to escalate privileges. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that cifs-utils incorrectly used host credentials when mounting a krb5 CIFS file system from within a container. An attacker inside a container could possibly use this issue to obtain access to sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.

tags | advisory, shell, local
systems | linux, ubuntu
advisories | CVE-2020-14342, CVE-2021-20208, CVE-2022-27239, CVE-2022-29869
SHA-256 | 2742ad8c53c8d4078d2663f3a6a291fda0c5b7a8aaddb41246e402f6bb7d11f1
Real Player 20.1.0.312 / 20.0.3.317 DLL Hijacking
Posted Jun 3, 2022
Authored by Eduardo Braun Prado | Site github.com

The Player application and the Recording Manager of Real Player versions 20.1.0.312 and 20.0.3.317 are prone to a remote DLL hijack (binary planting) issue because of an unsafe search for non-existent DLLs. To exploit the issue attackers would have to convince the target to open a media file from a WebDAV or SMB share. Update - It has been noted that as of April 17, 2023, version 22.0.2.306 is also affected by this issue.

tags | exploit, remote
systems | windows
SHA-256 | cdec3264c1dfb6072227ec32f752253561a495967fe39b8f043c7c2b09f4d8af
Red Hat Security Advisory 2022-4582-01
Posted Jun 3, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4582-01 - The gzip packages contain the gzip data compression utility. gzip is used to compress regular files. It replaces them with files containing the .gz extension, while retaining ownership modes, access, and modification times.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-1271
SHA-256 | 84877d2a5f679446f55a9c0af90d0f47f7abb9166f85ecf7068eae932494ffd2
Red Hat Security Advisory 2022-4592-01
Posted Jun 3, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4592-01 - The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-25032
SHA-256 | 1a8fda914f1ba8c637e0e1175acbbe46320983900a93001339e61a2015842d84
IIPImage Remote Memory Corruption
Posted Jun 3, 2022
Authored by Jeremy Brown

IIPImage is distributed with a server that enables advanced, high-performance image manipulation for web-based streaming and viewing of high resolution images. The server component called iipsrv.fcgi processes requests from users and passes them to command handlers. Several crashes including an integer overflow were discovered by sending malformed requests to the server, allowing remote users without authentication to perform denial-of-service attacks or potentially crafted for remote code execution as the server's running user. Versions at least up to 1.1 may be affected.

tags | exploit, remote, web, overflow, code execution
SHA-256 | 469b8801bf0145e552808075cd1f841e7ae3b8e88fcdd656bd6e310c9da61211
Red Hat Security Advisory 2022-4584-01
Posted Jun 3, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4584-01 - The zlib packages provide a general-purpose lossless data compression library that is used by many different programs.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-25032
SHA-256 | 0ca7be63bc7dfee1664e95728016a8948a6e0cd28f7eb3aec4c0ebc12f0fe6de
Red Hat Security Advisory 2022-1728-01
Posted Jun 3, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1728-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, CVE-2022-21496
SHA-256 | 4d1ce9aa3a05fe4a0664fabdd0bca0f6688ee5555af36cc04157b2e0a15a6923
Telesquare SDT-CW3B1 1.1.0 Command Injection
Posted Jun 3, 2022
Authored by Bryan Leong

Telesquare SDT-CW3B1 version 1.1.0 suffers from a command injection vulnerability.

tags | exploit
advisories | CVE-2021-46422
SHA-256 | a7a13abc7ddc96458bd5e13bac1569c00b2cd6494d8505f0f1a842bbdc267f3d
Kernel Live Patch Security Notice LSN-0086-1
Posted Jun 3, 2022
Authored by Benjamin M. Romer

It was discovered that a race condition existed in the network scheduling subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux
advisories | CVE-2021-39713, CVE-2022-0492, CVE-2022-1055, CVE-2022-1116, CVE-2022-21499, CVE-2022-29581, CVE-2022-30594
SHA-256 | d764344ffd074691e5125e0c7ecb9972329d587b004cdad9acfe1fafabfb0253
Red Hat Security Advisory 2022-1729-01
Posted Jun 3, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1729-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21449, CVE-2022-21476, CVE-2022-21496
SHA-256 | 193acfb8fd4a848662512e967b82bcb4369a13a63c6386e7f82b7dc4abadb38d
Red Hat Security Advisory 2022-4590-1
Posted Jun 3, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4590-1 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.9.0 ESR. Issues addressed include a bypass vulnerability.

tags | advisory, web, bypass
systems | linux, redhat
advisories | CVE-2022-29909, CVE-2022-29911, CVE-2022-29912, CVE-2022-29914, CVE-2022-29916, CVE-2022-29917
SHA-256 | 7d03737a1820f3fda0e1f92f7f1e70ecd0071e3480d13eadc0e84ce0193c21d3
SolarView Compact 6.00 Directory Traversal
Posted Jun 3, 2022
Authored by Ahmed Alroky

SolarView Compact version 6.00 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2022-29298
SHA-256 | 76fa7594e9d56713a54e10432aeac724bc02a1a6c903e3b19cb19936c489db0c
Red Hat Security Advisory 2022-4588-01
Posted Jun 3, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4588-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 6.0.105 and .NET Core Runtime 6.0.5. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2022-23267, CVE-2022-29117, CVE-2022-29145
SHA-256 | e1971d19e1665c5518102e6ba41c086c25ba5a18576970a4ff15806c40e1cdef
Red Hat Security Advisory 2022-4671-01
Posted Jun 3, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4671-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a spoofing vulnerability.

tags | advisory, spoof
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2021-3634, CVE-2021-3737, CVE-2021-41617, CVE-2021-4189, CVE-2022-24904, CVE-2022-24905, CVE-2022-29165
SHA-256 | 1a7182c8803733e24a2f52a38dc6173bf272d5ad45772e1226fe7c4a018efefe
Contao 4.13.2 Cross Site Scripting
Posted Jun 3, 2022
Authored by Chetanya Sharma

Contao version 4.13.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2022-1588
SHA-256 | cbeb52749747855a33060c38e2a10c586234817500d89d2df6b71170e15b85db
Red Hat Security Advisory 2022-1357-01
Posted Jun 3, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1357-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.10.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-0778, CVE-2022-24769
SHA-256 | 4e4d7ceb3b56ff0b8fc58649892f8952cbdc01cec56f79428da5f4f3ed1d5329
Red Hat Security Advisory 2022-2137-01
Posted Jun 3, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-2137-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, CVE-2022-21496
SHA-256 | 6e12e9b954be71803de8280fc582e6801e9f95bd2e766aa4364eaa868190f341
Red Hat Security Advisory 2022-4589-01
Posted Jun 3, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4589-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.9.0. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2022-1520, CVE-2022-29909, CVE-2022-29911, CVE-2022-29912, CVE-2022-29913, CVE-2022-29914, CVE-2022-29916, CVE-2022-29917
SHA-256 | f7449c533eb9b6f9a1d5c7aa7709c8c394e15845f28460d977ac0fc4e6946567
Microweber CMS 1.2.15 Account Takeover
Posted Jun 3, 2022
Authored by Manojkumar J

Microweber CMS versions 1.2.15 and below suffer from an account takeover vulnerability.

tags | exploit
advisories | CVE-2022-1631
SHA-256 | da340f0ec0c7e46dc45436e251b5043c011efd12d2267699a2481f566153855e
Red Hat Security Advisory 2022-0737-01
Posted Jun 3, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0737-01 - This release of Red Hat build of Eclipse Vert.x 4.2.5 GA includes security updates. For more information, see the release notes listed in the References section.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-38153
SHA-256 | 0cca4ab2a246aa9e78ce1fd5ccbf4a51719e1522a959ac6707c944e5814984d8
Red Hat Security Advisory 2022-4591-01
Posted Jun 3, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4591-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-24070
SHA-256 | 9443b15903cc760b9ad6b48ab093e178cca1f32c647cb545848b0223c0e8f7da
Red Hat Security Advisory 2022-4587-01
Posted Jun 3, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4587-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a traversal vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-29970
SHA-256 | 81eaaacbd7c62647d2d67700ebf8ae77158590eb7124e0b2709c13bba28eaadb
Zyxel USG FLEX 5.21 Command Injection
Posted Jun 3, 2022
Authored by Valentin Lobstein

Zyxel USG FLEX version 5.21 suffers from a command injection vulnerability.

tags | exploit
advisories | CVE-2022-30525
SHA-256 | d241a3c90061a120559caf280f0fe2fd049d9b836481bf51a1841e3861dfdf0a
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close