exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

Files Date: 2022-11-18

Red Hat Security Advisory 2022-7874-01
Posted Nov 18, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7874-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.53. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2021-45485, CVE-2021-45486, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-21618, CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628, CVE-2022-2588, CVE-2022-26945, CVE-2022-30321, CVE-2022-30322
SHA-256 | 85e6274c67ee28e8ecf094f45e514c4c3e9eeadc0ca46dce10845a5ae0bac975
Red Hat Security Advisory 2022-7865-01
Posted Nov 18, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7865-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.41. Issues addressed include a man-in-the-middle vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-36881
SHA-256 | 6f1f37e153b326b2fd8d49dcf1ba5599e4d6106034999e2c31a809b0fa14f6f0
Ubuntu Security Notice USN-5686-2
Posted Nov 18, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5686-2 - USN-5686-1 fixed several vulnerabilities in Git. This update provides the corresponding fix for CVE-2022-39260 on Ubuntu 16.04 ESM. Kevin Backhouse discovered that Git incorrectly handled certain command strings. An attacker could possibly use this issue to cause a crash or arbitrary code execution.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, ubuntu
advisories | CVE-2022-39260
SHA-256 | 7c55176af95c8d316fd0b090742e85481704c14d13826cce6e070cdc7d1c71f0
Debian Security Advisory 5285-1
Posted Nov 18, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5285-1 - Multiple security vulnerabilities have been found in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for information disclosure or the execution of arbitrary code.

tags | advisory, overflow, arbitrary, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2021-37706, CVE-2021-43299, CVE-2021-43300, CVE-2021-43301, CVE-2021-43302, CVE-2021-43303, CVE-2021-43804, CVE-2021-43845, CVE-2021-46837, CVE-2022-21722, CVE-2022-21723, CVE-2022-23608, CVE-2022-24763, CVE-2022-24764
SHA-256 | 5954aa3a6292b16c124f88a5565b25ffb1de65f24ab2438dbac72d360d3842cd
Ubuntu Security Notice USN-5732-1
Posted Nov 18, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5732-1 - It was discovered that Unbound incorrectly handled delegations with a large number of non-responsive nameservers. A remote attacker could possibly use this issue to cause Unbound to consume resources, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2022-3204
SHA-256 | d5a84972ef23fdec7088587f3b3731521f203ef1328c2d358dc3fd732874a924
Debian Security Advisory 5284-1
Posted Nov 18, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5284-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2022-45403, CVE-2022-45404, CVE-2022-45405, CVE-2022-45406, CVE-2022-45408, CVE-2022-45409, CVE-2022-45410, CVE-2022-45411, CVE-2022-45412, CVE-2022-45416, CVE-2022-45418, CVE-2022-45420, CVE-2022-45421
SHA-256 | 38e1e821f6402a69957dafce0462e7fa54982b8d1a7e196da83411f864a07c98
Red Hat Security Advisory 2022-8524-01
Posted Nov 18, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8524-01 - Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 8.4.0 replaces Data Grid 8.3.1 and includes bug fixes and enhancements. Find out more about Data Grid 8.4.0 in the Release Notes[3]. Issues addressed include cross site scripting and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, xss
systems | linux, redhat
advisories | CVE-2022-0235, CVE-2022-23647, CVE-2022-24823, CVE-2022-25857, CVE-2022-38749, CVE-2022-38750, CVE-2022-38751, CVE-2022-38752
SHA-256 | bf83175af6bd8f86227a3df154656e0d2511b3653027b8064dd712094546c645
Red Hat Security Advisory 2022-8532-01
Posted Nov 18, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8532-01 - Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2022-24790
SHA-256 | f99ca7ea9ed243473d6fbea7af48141d48e50c717dd4fa1cb777903b4b37e19e
Ubuntu Security Notice USN-5638-2
Posted Nov 18, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5638-2 - USN-5638-1 fixed a vulnerability in Expat. This update provides the corresponding updates for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Rhodri James discovered that Expat incorrectly handled memory when processing certain malformed XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-40674
SHA-256 | 0d692189046a0e9373724b41008cffba2f050fa2dc5520bfce444df5a9c035b3
Ubuntu Security Notice USN-5730-1
Posted Nov 18, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5730-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2022-32888, CVE-2022-42824
SHA-256 | 82f654d00686895db438b4366f58202c68cffce2c89495df58f2794e67d2ca38
Ubuntu Security Notice USN-5731-1
Posted Nov 18, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5731-1 - It was discovered that multipath-tools incorrectly handled symlinks. A local attacker could possibly use this issue, in combination with other issues, to escalate privileges. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. It was discovered that multipath-tools incorrectly handled access controls. A local attacker could possibly use this issue, in combination with other issues, to escalate privileges.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2022-41973, CVE-2022-41974
SHA-256 | 9624ae8fb4d6e0770272c04b66838bae629e7de815fff8a5dfa0edc820f31a3a
PatrIoT: Practical And Agile Threat Research For IoT
Posted Nov 18, 2022
Authored by Emre Suren, Robert Lagerstrom, Fredrik Heiding, Johannes Olegard | Site doi.org

PatrIoT provides a four-stage IoT vulnerability research methodology built on top of four key elements: logical attack surface decomposition, compilation of top 100 weaknesses, lightweight risk scoring, and step-by-step penetration testing guidelines. The proposed methodology is evaluated with multiple IoT products. The results indicate that PatrIoT allows cyber security practitioners without much experience to advance vulnerability research activities quickly and reduces the risk of critical IoT penetration testing steps being overlooked.

tags | paper
SHA-256 | 7ef04fa8b69b383da473db2f732cbb05957268406e540aab12aa566dc3408119
AppleAVD AppleAVDUserClient::decodeFrameFig Memory Corruption
Posted Nov 18, 2022
Authored by Google Security Research, natashenka

In the function AppleAVDUserClient::decodeFrameFig, a location in the decoder's IOSurface input buffer is calculated, and then bzero is called on it. The size of this IOSurface's allocation is controllable by the userspace caller, so the calculated pointer can go out of bounds, leading to memory corruption. This issue could potentially allow an unprivileged local application to escalate its privileges to the kernel.

tags | exploit, kernel, local
advisories | CVE-2022-32907
SHA-256 | a9f971c8dcec3381b92b6bafb61fc99c1b1da326eec460ede2682c51580f3f3e
AppleAVD deallocateKernelMemoryInternal Missing Surface Lock
Posted Nov 18, 2022
Authored by Google Security Research, natashenka

In AppleAVD.kext, pixel buffers are mapped by calling AppleAVDUserClient::_mapPixelBuffer, which eventually calls AppleAVD::allocateKernelMemoryInternal. If the buffer is an IOSurface, the function calls IOSurface::deviceLockSurface before allocating memory by calling prepare. But when a pixel buffer is unmapped by calling AppleAVDUserClient::_unmapPixelBuffer, which calls AppleAVD::deallocateKernelMemoryInternal, the IOSurface is not locked before calling complete. This means that mapping and unmapping can occur at the same time, leading to kernel memory corruption. This bug could allow escalation to kernel privileges from a local app.

tags | exploit, kernel, local
advisories | CVE-2022-32827
SHA-256 | fa06dd34c9fcfaf9f03c6a70c7fd7fc078ff6872d40e76e3295731e58256ce8a
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close