exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 334 RSS Feed

Files Date: 2022-08-01 to 2022-08-31

Ubuntu Security Notice USN-5588-1
Posted Aug 30, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5588-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-2588
SHA-256 | c8138f69a8c06e65b975af0240dae6a5cb69db9fbed200da3133b6094fe228f2
Ubuntu Security Notice USN-5572-2
Posted Aug 30, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5572-2 - Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information. Roger Pau Monné discovered that the Xen paravirtualization frontend in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-26365, CVE-2022-33740, CVE-2022-33741
SHA-256 | 819d4e70c8a85bb39a298c0e1b33e7cb57b7b32f8fc42a08ecacc83c7413ff95
Zeek 5.0.1
Posted Aug 30, 2022
Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: Fixed potential overflow in modbus analyzer's bytestring_to_coils. Reset packet cap_len before returning from IP::AnalyzePacket. Swap DNS EDNS field order to match script-land type. Added some sanity checking to BadARPEvent method. Checks for valid ip_hdr length before trying to make a Val out of it. Updated broker submodule to 2.3.2 release tag. Various additional updates since the last release.
tags | tool, intrusion detection
systems | unix
SHA-256 | 3cd43ae446200e7e59a89a9bf8190d964f3198e517f5d4be9cc1daba67ba0b81
Ubuntu Security Notice USN-5585-1
Posted Aug 30, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5585-1 - It was discovered that Jupyter Notebook incorrectly handled certain notebooks. An attacker could possibly use this issue of lack of Content Security Policy in Nbconvert to perform cross-site scripting attacks on the notebook server. This issue only affected Ubuntu 18.04 LTS. It was discovered that Jupyter Notebook incorrectly handled certain SVG documents. An attacker could possibly use this issue to perform cross-site scripting attacks. This issue only affected Ubuntu 18.04 LTS.

tags | advisory, xss
systems | linux, ubuntu
advisories | CVE-2018-19351, CVE-2018-21030, CVE-2019-10255
SHA-256 | 296f6e1f06cfb5264aea277d82f968896ead13963bf24d393b0bf2029eeac7cd
Red Hat Security Advisory 2022-6206-01
Posted Aug 30, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6206-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-2526
SHA-256 | 4477831c0a5ae6ceb89a728d88f7b92c5b239b30c993cc9ded0f6ee362b00bbb
Linux unmap_mapping_range() Race Condition
Posted Aug 30, 2022
Authored by Jann Horn, Google Security Research

For VM_PFNMAP VMAs, there is a race between unmap_mapping_range() and munmap() that can lead to a page being freed by a device driver while the page still has stale TLB entries.

tags | advisory
SHA-256 | 0c343119926cb622181935b2b8688c9dde2b0e898e81a4a44edd9820611241df
Ubuntu Security Notice USN-5583-1
Posted Aug 30, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5583-1 - It was discovered that systemd incorrectly handled certain DNS requests, which leads to user-after-free vulnerability. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-2526
SHA-256 | 293792542a9b77636a5533629b2bce3011b7a3fccbac1bc971f18f82dcd3eefa
Ubuntu Security Notice USN-5586-1
Posted Aug 30, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5586-1 - It was discovered that SDL incorrectly handled memory. An attacker could potentially use this issue to cause a denial of service or other unexpected behavior.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2022-34568
SHA-256 | 74d7023abf8fd55dd30fdf1a48cdb649dc88bf002dadfe6cae4452932a1a2fb2
Linux KVM Instruction Emulation Issue
Posted Aug 30, 2022
Authored by Jann Horn, Google Security Research

KVM instruction emulation can run while KVM_VCPU_PREEMPTED is set, which can lead other vcpus to skip sending TLB flush IPIs. As a consequence, KVM instruction emulation can access memory through stale translations when the guest kernel thinks it has flushed all cached translations. This could potentially be used by unprivileged userspace inside a guest to compromise the guest kernel.

tags | exploit, kernel
SHA-256 | 16fd49b64aee26c8f9a9ad6cb4265e74537f37bede65109a50798f82ac77833b
Kernel Live Patch Security Notice LSN-0089-1
Posted Aug 30, 2022
Authored by Benjamin M. Romer

Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. Ziming Zhang discovered that the netfilter subsystem in the Linux kernel did not properly validate sets with multiple ranged fields. It was discovered that the implementation of POSIX timers in the Linux kernel did not properly clean up timers in some situations. Various other vulnerabilities were also discovered.

tags | advisory, kernel, vulnerability
systems | linux, osx
advisories | CVE-2022-1966, CVE-2022-1972, CVE-2022-21499, CVE-2022-2585, CVE-2022-2586, CVE-2022-2588, CVE-2022-29581, CVE-2022-34918
SHA-256 | 05867268c3cb4a38f1e83386efef57668577cf6a6daf5f223e85f17b2010f8e2
Ubuntu Security Notice USN-5584-1
Posted Aug 29, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5584-1 - It was discovered that Schroot incorrectly handled certain Schroot names. An attacker could possibly use this issue to break schroot's internal state causing a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2022-2787
SHA-256 | a085a291d3bdbe1fdf919c2645df24cbb46222f28afb0ee7cb2d21a03cd241dd
AeroCMS 0.0.1 SQL Injection
Posted Aug 29, 2022
Authored by nu11secur1ty

AeroCMS version 0.0.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 6ad6e0c3d5d0d42b2784f9f7f7a8d4b0d53123b46c7de609a3173db9ed01f80a
Debian Security Advisory 5197-1
Posted Aug 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5197-1 - Multiple security vulnerabilities have been discovered in cURL, an URL transfer library. These flaws may allow remote attackers to obtain sensitive information, leak authentication or cookie header data or facilitate a denial of service attack.

tags | advisory, remote, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2021-22898, CVE-2021-22924, CVE-2021-22945, CVE-2021-22946, CVE-2021-22947, CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27781, CVE-2022-27782, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207
SHA-256 | 77ef9f5619851e18009af5092abdfe753f0a668e45b9771f079b64a5b7aa8eca
Debian Security Advisory 5198-1
Posted Aug 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5198-1 - Two security vulnerabilities were discovered in Jetty, a Java servlet engine and webserver.

tags | advisory, java, vulnerability
systems | linux, debian
advisories | CVE-2022-2047, CVE-2022-2048
SHA-256 | 695ca96adf954f70e5f429b0b2053ea842089a7370f0f1ebf74fc33cb60a823f
Debian Security Advisory 5199-1
Posted Aug 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5199-1 - Jan-Niklas Sohn discovered that multiple input validation failures in the Xkb extension of the X.org X server may result in privilege escalation if the X server is running privileged.

tags | advisory
systems | linux, debian
advisories | CVE-2022-2319, CVE-2022-2320
SHA-256 | b3b294395295b66ffccc26bc429578ddddf1ade98b67b031259e15d8fb2008c0
Debian Security Advisory 5200-1
Posted Aug 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5200-1 - It was discovered that libtirpc, a transport-independent RPC library, does not properly handle idle TCP connections. A remote attacker can take advantage of this flaw to cause a denial of service.

tags | advisory, remote, denial of service, tcp
systems | linux, debian
advisories | CVE-2021-46828
SHA-256 | 38ada30e05468c4fd73f4fe688a57bcf62aef2973f92e0c34641313f31d4fc1f
Debian Security Advisory 5201-1
Posted Aug 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5201-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

tags | advisory, denial of service, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2022-2603, CVE-2022-2604, CVE-2022-2605, CVE-2022-2606, CVE-2022-2607, CVE-2022-2608, CVE-2022-2609, CVE-2022-2610, CVE-2022-2611, CVE-2022-2612, CVE-2022-2613, CVE-2022-2614, CVE-2022-2615, CVE-2022-2616
SHA-256 | a27e4d376369abe925a9538cc82bba061f3b0944979834a297e3d979bd273d9e
Debian Security Advisory 5202-1
Posted Aug 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5202-1 - Sandipan Roy discovered two vulnerabilities in InfoZIP's unzip program, a de-archiver for .zip files, which could result in denial of service or potentially the execution of arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2022-0529, CVE-2022-0530
SHA-256 | 36556aef4d8ee1ea1bca8e75235ed57c9ee83212074eb61d50252bb122797595
Debian Security Advisory 5203-1
Posted Aug 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5203-1 - Jaak Ristioja discovered a double-free vulnerability in GnuTLS, a library implementing the TLS and SSL protocols, during verification of pkcs7 signatures. A remote attacker can take advantage of this flaw to cause an application using the GnuTLS library to crash (denial of service), or potentially, to execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary, protocol
systems | linux, debian
advisories | CVE-2022-2509
SHA-256 | c038aaae2edb6a92b44350b0af52c6b5fe0b18727cac7c7ac4c1435373e68b57
Debian Security Advisory 5204-1
Posted Aug 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5204-1 - Adam Doupe discovered multiple vulnerabilities in the Gstreamer plugins to demux Mastroska and AVI files which could result in denial of service or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2022-1920, CVE-2022-1921, CVE-2022-1922, CVE-2022-1923, CVE-2022-1924, CVE-2022-1925, CVE-2022-2122
SHA-256 | b555cdccfe1de5cbb4b4bbecdeba81f5ea861bdfa4844dfb17d59142aedddaab
Debian Security Advisory 5205-1
Posted Aug 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5205-1 - Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix.

tags | advisory, vulnerability
systems | linux, unix, debian
advisories | CVE-2022-2031, CVE-2022-32742, CVE-2022-32744, CVE-2022-32745, CVE-2022-32746
SHA-256 | 38c8b3ebb22a1e66f47eff731274a021a8d73de61f0bbd2b2282753d67ee31e9
Debian Security Advisory 5206-1
Posted Aug 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5206-1 - Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in HTTP request smuggling, cache poisoning or information disclosure.

tags | advisory, web, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2021-37150, CVE-2022-25763, CVE-2022-28129, CVE-2022-31778, CVE-2022-31779, CVE-2022-31780
SHA-256 | 360f2d39b410c071cd8f7de51bc39704e2140bcc7d3c4795e6882565c3d01c09
Debian Security Advisory 5207-1
Posted Aug 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5207-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2022-2585, CVE-2022-2586, CVE-2022-2588, CVE-2022-26373, CVE-2022-29900, CVE-2022-29901, CVE-2022-36879, CVE-2022-36946
SHA-256 | a834fc5673ea42539aceee3099b521390b2bb10a60b230031ba7bb0a98087e77
Debian Security Advisory 5208-1
Posted Aug 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5208-1 - Michael Catanzaro discovered a buffer overflow in the Epiphany web browser.

tags | advisory, web, overflow
systems | linux, debian
advisories | CVE-2022-29536
SHA-256 | d23341ebf5472198b1a93f4fd586704dacaf0011c8c3ad4ad28172856421aae2
Debian Security Advisory 5209-1
Posted Aug 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5209-1 - Yu Zhang and Nanyu Zhong discovered several vulnerabilities in net-snmp, a suite of Simple Network Management Protocol applications, which could result in denial of service or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability, protocol
systems | linux, debian
advisories | CVE-2022-24805, CVE-2022-24806, CVE-2022-24807, CVE-2022-24808, CVE-2022-24809, CVE-2022-24810
SHA-256 | 9d5a758e9f384092d74475c755963922f216382b3dcfaa96caae55b56f367106
Page 1 of 14
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close