exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 568 RSS Feed

Files Date: 2023-08-01 to 2023-08-31

Red Hat Security Advisory 2023-4876-01
Posted Aug 30, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4876-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR8-FP10.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2023-22049
SHA-256 | b877e67552065a035618163f8863de7837741b00771da9b04a313a06a5ea5731
Red Hat Security Advisory 2023-4875-01
Posted Aug 30, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4875-01 - Red Hat Advanced Cluster Management for Kubernetes 2.8.1 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security updates and fix several bugs. Issues addressed include bypass and privilege escalation vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2020-24736, CVE-2023-1667, CVE-2023-2283, CVE-2023-24329, CVE-2023-2602, CVE-2023-2603, CVE-2023-26604, CVE-2023-27536, CVE-2023-28321, CVE-2023-28484, CVE-2023-29469, CVE-2023-3027, CVE-2023-3089, CVE-2023-32681
SHA-256 | 4278174f93c1d772f4a823ea8170dcf6ceef2f9e3533e105e7415d7d54b22ead
Ubuntu Security Notice USN-6263-2
Posted Aug 30, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6263-2 - USN-6263-1 fixed vulnerabilities in OpenJDK. Unfortunately, that update introduced a regression when opening APK, ZIP or JAR files in OpenJDK 11 and OpenJDK 17. This update fixes the problem. Motoyasu Saburi discovered that OpenJDK incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11 and OpenJDK 17.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22044, CVE-2023-22045, CVE-2023-22049, CVE-2023-25193
SHA-256 | 06081ccdb3eddadabb6a4fa5e0132327183f58df6ae97e89790781710e41c2a2
Ubuntu Security Notice USN-6320-1
Posted Aug 30, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6320-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory when the "UpdateRegExpStatics" attempted to access "initialStringHeap". An attacker could potentially exploit this issue to cause a denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-4573, CVE-2023-4574, CVE-2023-4575, CVE-2023-4577, CVE-2023-4578, CVE-2023-4579, CVE-2023-4580, CVE-2023-4583, CVE-2023-4584, CVE-2023-4585
SHA-256 | 2c00e5233a4b95c7e2c687bc947a2caa809fd9c1dbecf3436ec032c47d968974
Ubuntu Security Notice USN-6319-1
Posted Aug 30, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6319-1 - Daniƫl Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorized memory reads via a speculative side-channel attack. A local attacker could use this to expose sensitive information, including kernel memory.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-20569
SHA-256 | 264454acc791ce66bd42cd80239785d3fdb569855ceca09b508876ab59fbbefd
Ubuntu Security Notice USN-6317-1
Posted Aug 30, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6317-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2022-40982, CVE-2023-20593, CVE-2023-3609, CVE-2023-3611, CVE-2023-3776
SHA-256 | 2ab1773db38e41773a51a50a8bdd5c08ff8c82f1c244a11b339811982508b30b
Ubuntu Security Notice USN-6318-1
Posted Aug 30, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6318-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2022-40982, CVE-2023-20593, CVE-2023-3609, CVE-2023-3610, CVE-2023-3611, CVE-2023-3776, CVE-2023-3777, CVE-2023-3995, CVE-2023-4004, CVE-2023-4015
SHA-256 | 1b7bbe8779efdf714318dc0d4a82b27e5611d839a9924800d8d0dbcd7ea7ca73
Ubuntu Security Notice USN-6316-1
Posted Aug 30, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6316-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2022-40982, CVE-2023-20593, CVE-2023-3777, CVE-2023-3995, CVE-2023-4004, CVE-2023-4015
SHA-256 | c4c9a23e316d26047a6db3093dd14fc8354a59af890d65bbbcff901cc0546675
Red Hat Security Advisory 2023-4862-01
Posted Aug 30, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4862-01 - Multicluster Engine for Kubernetes 2.3.1 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-3089, CVE-2023-37466, CVE-2023-37903
SHA-256 | 1ad87a039f397614227155b1989a38c60138aca5a44c6cdd65dce6ec2cc435ba
Red Hat Security Advisory 2023-4864-01
Posted Aug 30, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4864-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat, unix
advisories | CVE-2023-32360
SHA-256 | 653dbf74b7d2724b55e1b0112009173349a2e7ec55dd8284357a354da8ddd9e6
Ubuntu Security Notice USN-6315-1
Posted Aug 30, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6315-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2022-40982, CVE-2023-20593, CVE-2023-21400, CVE-2023-3609, CVE-2023-3610, CVE-2023-3611, CVE-2023-3776, CVE-2023-3777, CVE-2023-3995, CVE-2023-4004, CVE-2023-4015
SHA-256 | 873c4cefd57f45a1c8bc078ea3edde1dcdd2a6df91f90b68d4e4fd025a0371b4
Ubuntu Security Notice USN-6314-1
Posted Aug 30, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6314-1 - It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service. Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux kernel did not properly validate arguments to ioctl in some situations. A local attacker could possibly use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-36691, CVE-2022-0168, CVE-2022-1184, CVE-2022-27672, CVE-2022-4269, CVE-2023-0590, CVE-2023-1611, CVE-2023-1855, CVE-2023-1990, CVE-2023-2124, CVE-2023-2194, CVE-2023-28466, CVE-2023-30772, CVE-2023-3111
SHA-256 | c3c2f0678b85f5eaab86112f4b9c599f2b2244317cd1361e04c992ce485bc5c4
IQ-Medya CMS 2.0 Cross Site Scripting
Posted Aug 30, 2023
Authored by indoushka

IQ-Medya CMS version 2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ab1e62fc2de79708c62ff8ba7205592a862ce474915df4ff25b9a691573bdc26
Apache NiFi H2 Connection String Remote Code Execution
Posted Aug 30, 2023
Authored by h00die, Matei Mal Badanoiu | Site metasploit.com

The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. This exploit will result in several shells (5-7). Successfully tested against Apache nifi 1.17.0 through 1.21.0.

tags | exploit, shell, code execution
advisories | CVE-2023-34468
SHA-256 | 0160a2622a4649020abd8fb0d476ca59d2c4968c668499c8167e44d6c9276020
Juniper JunOS SRX / EX Remote Code Execution
Posted Aug 30, 2023
Authored by watchTowr Labs Team | Site github.com

A proof of concept exploit for chaining four CVEs to achieve remote code execution in Juniper JunOS within SRX and EX Series products.

tags | exploit, remote, code execution, proof of concept
systems | juniper
advisories | CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847
SHA-256 | ab0b70a7cc6a4a947d8faceced29674fb6ad7bf45e8a329120e642cb825e3c05
Ubuntu Security Notice USN-6313-1
Posted Aug 29, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6313-1 - It was discovered that FAAD2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. It was discovered that FAAD2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-32272, CVE-2021-32276, CVE-2021-32277, CVE-2021-32278, CVE-2023-38857
SHA-256 | 46ccbdda6ac6dd1a7f5445fa68830938eed5d6c1e65d848ccb2e648474c2dffc
Red Hat Security Advisory 2023-4835-01
Posted Aug 29, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4835-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers. Issues addressed include a privilege escalation vulnerability.

tags | advisory
systems | linux, redhat, windows
advisories | CVE-2023-3676, CVE-2023-3955
SHA-256 | 7d5fb7a904d0639e338b71274e76ed0da2872dc277b1ffefea5a9c601cec7d2f
Ubuntu Security Notice USN-6312-1
Posted Aug 29, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6312-1 - It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service. Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux kernel did not properly validate arguments to ioctl in some situations. A local attacker could possibly use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-36691, CVE-2022-0168, CVE-2022-1184, CVE-2022-27672, CVE-2022-4269, CVE-2023-0590, CVE-2023-1611, CVE-2023-1855, CVE-2023-1990, CVE-2023-2124, CVE-2023-2194, CVE-2023-28466, CVE-2023-30772, CVE-2023-3111
SHA-256 | 925705f14a84e7ecb29fa4649188f4da2792b062065b383661c4974e2d714a1f
Red Hat Security Advisory 2023-4828-01
Posted Aug 29, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4828-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include an out of bounds write vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2023-3090
SHA-256 | f9180b54333bfacb5bc7fb29b0a942965ea4bb74ff00da3b297826bbe6590d69
Grawlix 1.5.1 Cross Site Scripting
Posted Aug 29, 2023
Authored by nu11secur1ty

Grawlix version 1.5.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5dd35beba6ac582cc601ed4251101a93d1171a9e46150ab3b18106ee7ac0779c
Ubuntu Security Notice USN-6311-1
Posted Aug 29, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6311-1 - William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service. It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-4269, CVE-2022-48502, CVE-2023-0597, CVE-2023-1611, CVE-2023-1855, CVE-2023-1990, CVE-2023-2002, CVE-2023-2124, CVE-2023-2163, CVE-2023-2194, CVE-2023-2235, CVE-2023-2269, CVE-2023-23004, CVE-2023-28466
SHA-256 | 38951d5b718d49a0351a328ce7f776379eb4fae74bf9110977c3b729f3c0f8ac
Mozilla Firefox HSTS Enty Limit
Posted Aug 29, 2023
Authored by Konstantin

Mozilla Firefox only stores up to 1024 HSTS entries. When the limit is reached, Firefox discards entries based on their age and recent visits to the domain in question.

tags | advisory
SHA-256 | 28c30f393cb48239ab9dc658c1aff56b2651862c151910748a85b5596fc5ba67
Clam AntiVirus Toolkit 1.2.0
Posted Aug 29, 2023
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. This is the LTS source code release.

Changes: Added support for extracting Universal Disk Format (UDF) partitions. Added an option to customize the size of ClamAV's clean file cache. Introduced a SystemD timer for running Freshclam updates, without sending Freshclam into the background. Raised the MaxScanSize limit so the total amount of data scanned when scanning a file or archive may exceed 4 gigabytes. Added ability for Freshclam to use a client certificate PEM file and a private key PEM file for authentication to a private mirror. Various other updates.
tags | tool, virus
systems | unix
SHA-256 | 97a192dffe141480b56cabf1063d79a9fc55cd59203241fa41bfc7a98a548020
TOR Virtual Network Tunneling Tool 0.4.8.4
Posted Aug 29, 2023
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.

Changes: This is the very first stable release of the 0.4.8.x series making Proof-of-Work and Conflux available to the entire network. 4 bug fixes and 4 features have been announced.
tags | tool, remote, local, peer2peer
systems | unix
SHA-256 | 09c1ce74a25fc3b48c81ff146cbd0dd538cbbb8fe4e2964fc2fb2b192f6a1d2b
Ubuntu Security Notice USN-6310-1
Posted Aug 29, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6310-1 - It was discovered that json-c incorrectly handled certain JSON files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-32292
SHA-256 | 404947ee73899788b15b378503f91f2b5b27f30e6ea8800069775646c884f14b
Page 1 of 23
Back12345Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close