Debian Linux Security Advisory 5505-1 - Matteo Memelli reported an out-of-bounds read flaw when parsing CDP addresses in lldpd, an implementation of the IEEE 802.1ab (LLDP) protocol. A remote attacker can take advantage of this flaw to cause a denial of service via a specially crafted CDP PDU packet.
968647edfdcc762ed146b80da0326a38d5db6635bcef790a259543fa19ea5a33Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.
96ea054bae525badb374d98587cec8d2b3dd499b91821aeb493bd143cbc27f43WatchGuard Firebox Web Update Unpacker is a small utility for extracting file system images from sysa-dl update files. The unpacker has been tested on firmware for the M400 and M500 series.
1ff788e9f72e2d22db50eb39b4947e9449f4f5d2fa1b7376e688722ed6fcb12dRoyalTSX version 6.0.1 suffers from an RTSZ file handling heap memory corruption vulnerability. The application receives SIGABRT after the RAPortCheck.createNWConnection() function is handling the SecureGatewayHost object in the RoyalTSXNativeUI. When the hostname has an array of around 1600 bytes and the Test Connection is clicked the application crashes instantly.
6bddf02ee202f21877203f81e88ca57213713fa9fe71c747db9f8b293f536b4aOPNsense versions 23.1.11_1, 23.7.3, and 23.7.4 suffer from cross site scripting vulnerabilities that can allow for privilege escalation.
76e4fc1b6aee4986d4bbb70760bae717204a144677ec04e5e69cc9e4ca014975Debian Linux Security Advisory 5504-1 - Several vulnerabilities were discovered in BIND, a DNS server implementation.
d08a45f75291405aa2fc709f550a23b9901e1dce097ebf1ca545a9a498d0dbd8Apple Security Advisory 2023-09-21-7 - macOS Monterey 12.7 addresses a privilege escalation vulnerability.
8ce806831c23799edfe51f75038820626c202835f3e8eab8dc7178462f887bccGlobal Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.
35256f0fc9b7a99eeb830d321b5976dc55f4abafc463b09e57965f8a55be4200GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.
56029e78a99c04d52b1358094ae5074e4cd8ea9b98cf6855f57ad9af27ac9518Apple Security Advisory 2023-09-21-6 - macOS Ventura 13.6 addresses bypass vulnerabilities.
38b6bdfc2c02e42e0dce4d0ecec7c16ebbb17b092bf7f5132dbe7b5849c9930eApple Security Advisory 2023-09-21-5 - watchOS 9.6.3 addresses bypass vulnerabilities.
5c5ee93b16e3c6712507d2ff6e5b7ed5829e719c8075068f4f94a53f4484563aUbuntu Security Notice 6190-2 - USN-6190-1 fixed a vulnerability in AccountsService. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Kevin Backhouse discovered that AccountsService incorrectly handled certain D-Bus messages. A local attacker could use this issue to cause AccountsService to crash, resulting in a denial of service, or possibly execute arbitrary code.
f440d8dc0f9ffb116adb040e10ecf34cedf3dcac2a8b62dbdd04bc7e53b2c517Ubuntu Security Notice 6365-2 - USN-6365-1 fixed a vulnerability in Open VM Tools. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker could possibly use this issue to bypass SAML token signature verification and perform VMware Tools Guest Operations.
e021010be0de73a4f28b80b4129ed427ea5f99b587b311842f8a521eb0fe74f4Whitepaper called Cybersecurity in Industry 4.0 and Smart Manufacturing: The Rise of Security in the Age of IoT, IIoT, ICS, and SCADA. This article examines Industry 4.0's relationship with the rapidly developing technologies Internet of Things (IoT), Industrial Internet of Things (IIoT), Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) and why cyber security is important in these areas.
0458410365974be314b620bd7944a4541658322fd5a9cee88134e46a6317b29bApple Security Advisory 2023-09-21-4 - watchOS 10.0.1 addresses bypass vulnerabilities.
5711a5ee98a1f4a97a803777178be3e4188589740ade0cf56b4a3c7e7dd8cdc2LogoBee CMS version 0.2 suffers from a cross site scripting vulnerability.
c2ead32c5cb5f5d010966c9529b1024ec709d62421149c9904c0751f97329087Lamano LMS version 0.1 suffers from an ignored default credential vulnerability.
1211a4d26c19dfb4f055d2493981d0ec9270c990f56c26cfafa09b3466428519Apple Security Advisory 2023-09-21-3 - iOS 16.7 and iPadOS 16.7 addresses bypass vulnerabilities.
f449601a62ebbbd144305ef4452d57a5c40a3de57572f6f193ea28a6a3b9c199Apple Security Advisory 2023-09-21-2 - iOS 17.0.1 and iPadOS 17.0.1 addresses bypass vulnerabilities.
f23503e52b808d43f23c89a857eaf734ab1d7444e01c12625db6d60309d2ad5eApple Security Advisory 2023-09-21-1 - Safari 16.6.1 addresses a code execution vulnerability.
766524a7cd017ff0881465c9f9c8e4ddd7862131dbd353efe01b6bc192483827Ubuntu Security Notice 6394-1 - It was discovered that Python incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code or cause a crash.
5e2657b51ce71bc1d6b8b0ec757dad995dd0b33e1ab6d102daa7f5cf3f0ac2b4Ubuntu Security Notice 6395-1 - Mickael Karatekin discovered that GNOME Shell incorrectly allowed the screenshot tool to view open windows when a session was locked. A local attacker could possibly use this issue to obtain sensitive information.
3f816a9930d178217a7288389d3b4673afe6c4eeaa9d4782303571213ae3bce4Red Hat Security Advisory 2023-5337-01 - A security update for Camel K 1.10.2 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Issues addressed include a bypass vulnerability.
ed7d5fe5d54a7396edfe589c00895db4b961bfec17d84304ef91eb9aeef28577Elasticsearch version 8.5.3 stack overflow proof of concept exploit.
3ea73849caae7368d08d81cb21e393baddfab08e0fc2108b64083363b66bb17aBDS Freebsd KLD rootkit for FreeBSD 13 that hides files, hides processes, hides ports, and has a bind shell backdoor.
9f6dc7f9bcc4c0f52a39a3c80657272125ec54dc594b44cc36889b2ff724d07c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed