what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 78 RSS Feed

Files Date: 2024-01-26

Apple Security Advisory 01-22-2024-3
Posted Jan 26, 2024
Authored by Apple | Site apple.com

Apple Security Advisory 01-22-2024-3 - iOS 16.7.5 and iPadOS 16.7.5 addresses code execution vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple, ios
advisories | CVE-2023-38039, CVE-2023-38545, CVE-2023-38546, CVE-2023-42888, CVE-2023-42915, CVE-2023-42937, CVE-2024-23206, CVE-2024-23211, CVE-2024-23212, CVE-2024-23213, CVE-2024-23214, CVE-2024-23222
SHA-256 | f808342c47a19d49aca6649451e4d052f6ea01681c6945bc9ba9ef843c24277b
Apple Security Advisory 01-22-2024-2
Posted Jan 26, 2024
Authored by Apple | Site apple.com

Apple Security Advisory 01-22-2024-2 - iOS 17.3 and iPadOS 17.3 addresses bypass and code execution vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple, ios
advisories | CVE-2024-23203, CVE-2024-23204, CVE-2024-23206, CVE-2024-23207, CVE-2024-23208, CVE-2024-23210, CVE-2024-23211, CVE-2024-23212, CVE-2024-23213, CVE-2024-23214, CVE-2024-23215, CVE-2024-23217, CVE-2024-23218, CVE-2024-23219
SHA-256 | b07df46bbc49dc6256540afff75e6f47490aa51c8b41ac11c19d287b535dbba9
Vinchin Backup And Recovery 7.2 SystemHandler.class.php Command Injection
Posted Jan 26, 2024
Authored by Valentin Lobstein

Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in SystemHandler.class.php.

tags | exploit, php
advisories | CVE-2024-22903
SHA-256 | dc8db7a93b49f089a2c51bccac868cf579a7563c72b570b389665c44bbc72c33
Vinchin Backup And Recovery 7.2 Default Root Credentials
Posted Jan 26, 2024
Authored by Valentin Lobstein

Vinchin Backup and Recovery version 7.2 has been identified as being configured with default root credentials, posing a significant security vulnerability.

tags | exploit, root
advisories | CVE-2024-22902
SHA-256 | 143e6238373ef81a5ff8ac20adcd938850570b964ce2524cbda8409d063c34f6
Vinchin Backup And Recovery 7.2 Default MySQL Credentials
Posted Jan 26, 2024
Authored by Valentin Lobstein

A critical security issue has been discovered in Vinchin Backup and Recovery version 7.2. The software has been found to use default MYSQL credentials, which could lead to significant security risks.

tags | exploit
advisories | CVE-2024-22901
SHA-256 | 5cbb4901365c8c32a2383f8e2b3f381029f1d5fc24795a4103af00a458e5220b
Vinchin Backup And Recovery 7.2 syncNtpTime Command Injection
Posted Jan 26, 2024
Authored by Valentin Lobstein

Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in the syncNtpTime function.

tags | exploit
advisories | CVE-2024-22899
SHA-256 | 0242c4e4a374f9777179ac019e4dd5586b14c724b7f3ef5b41b8ad3c320ff6b3
Apple Security Advisory 01-22-2024-1
Posted Jan 26, 2024
Authored by Apple | Site apple.com

Apple Security Advisory 01-22-2024-1 - Safari 17.3 addresses code execution vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple
advisories | CVE-2024-23206, CVE-2024-23211, CVE-2024-23213, CVE-2024-23222
SHA-256 | 4fc580eabecac6cc0941c7dbb31dc0c9e9e26517ffed4f28575f33cf4039f0fa
CloudLinux CageFS 7.0.8-2 Insufficiently Restricted Proxy Command
Posted Jan 26, 2024
Authored by David Gnedt | Site sba-research.org

CloudLinux CageFS versions 7.0.8-2 and below insufficiently restrict file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment.

tags | exploit, arbitrary, local
advisories | CVE-2020-36772
SHA-256 | 7cfae83fd5939609459b8ed98a7edecfd614eb3c5cd3373d9da412bc106b20d1
CloudLinux CageFS 7.1.1-1 Token Disclosure
Posted Jan 26, 2024
Authored by David Gnedt | Site sba-research.org

CloudLinux CageFS versions 7.1.1-1 and below pass the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user.

tags | exploit, local, code execution
advisories | CVE-2020-36771
SHA-256 | 437f367ac50c53712ae264b28731e8929e461079e8ff05355b97f16fb6c32a55
Atlassian Confluence SSTI Injection
Posted Jan 26, 2024
Authored by Spencer McIntyre, Harsh Jaiswal, Rahul Maini | Site metasploit.com

This Metasploit module exploits an SSTI injection in Atlassian Confluence servers. A specially crafted HTTP request uses the injection to evaluate an OGNL expression resulting in OS command execution. Versions 8.5.0 through 8.5.3 and 8.0 to 8.4 are known to be vulnerable.

tags | exploit, web
advisories | CVE-2023-22527
SHA-256 | 39194aa16a97418685a42e7cf82542a18f6236bb69aa758c9c1945fa2ea34f1e
Vinchin Backup And Recovery 7.2 setNetworkCardInfo Command Injection
Posted Jan 26, 2024
Authored by Valentin Lobstein

Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in the setNetworkCardInfo function.

tags | exploit
advisories | CVE-2024-22900
SHA-256 | 2407896a2dd181668f83b4a0636bae9fcbdf6fe55fccd57e7c2642e04f270ff5
Ubuntu Security Notice USN-6609-1
Posted Jan 26, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6609-1 - Lin Ma discovered that the netfilter subsystem in the Linux kernel did not properly validate network family support while creating a new netfilter table. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could cause a denial of service or possibly expose sensitive information.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-6040, CVE-2023-6606, CVE-2023-6817, CVE-2023-6931, CVE-2023-6932, CVE-2024-0193
SHA-256 | 7817da0f85320897d02f798d322e3d70452b6ca00073b6296b4b4ddb3c2ca762
Ubuntu Security Notice USN-6608-1
Posted Jan 26, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6608-1 - It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could cause a denial of service or possibly expose sensitive information. Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel did not properly handle inactive elements in its PIPAPO data structure, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-6606, CVE-2023-6817, CVE-2023-6931, CVE-2023-6932, CVE-2024-0193
SHA-256 | 53d012190f358505aba80f3efda1bdc41b32100cecfe3ea36a9fb9da7a26ed55
Ubuntu Security Notice USN-6607-1
Posted Jan 26, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6607-1 - It was discovered that the SMB network file sharing protocol implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Lin Ma discovered that the netfilter subsystem in the Linux kernel did not properly validate network family support while creating a new netfilter table. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2023-5345, CVE-2023-6040, CVE-2023-6606, CVE-2023-6817, CVE-2023-6931, CVE-2023-6932, CVE-2024-0193
SHA-256 | 129bf8e03fcff7ad53aea0dbb1617e402b728e93911e0d73e3c75fb0e9b25fd1
YahooPOPs 1.6 Denial Of Service
Posted Jan 26, 2024
Authored by Fernando Mengali

YahooPOPs version 1.6 remote denial of service exploit.

tags | exploit, remote, denial of service
SHA-256 | 449e12767e831eece79a8fae26beee6a73b9b0d9dc6530b98922775af27df060
Ubuntu Security Notice USN-6606-1
Posted Jan 26, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6606-1 - It was discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could cause a denial of service or possibly expose sensitive information.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-51779, CVE-2023-6606, CVE-2023-6817, CVE-2023-6931, CVE-2024-0193
SHA-256 | 7b9d61bb626e469fa6a211001e9c00d7fdd18aa20f3fbf87c320c90b5853f103
Ubuntu Security Notice USN-6605-1
Posted Jan 26, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6605-1 - Lin Ma discovered that the netfilter subsystem in the Linux kernel did not properly validate network family support while creating a new netfilter table. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could cause a denial of service or possibly expose sensitive information.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-6040, CVE-2023-6606, CVE-2023-6931, CVE-2023-6932
SHA-256 | cdb12864a59aff826d39ce99319286459b3c2cc26a55968cce8994e8c4d8d20d
Ubuntu Security Notice USN-6604-1
Posted Jan 26, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6604-1 - It was discovered that the ASUS HID driver in the Linux kernel did not properly handle device removal, leading to a use-after-free vulnerability. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service. Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-1079, CVE-2023-20588, CVE-2023-45863, CVE-2023-6606, CVE-2023-6931, CVE-2023-6932
SHA-256 | d17c6353365258970841d80fc94ccc64beed6a1122b15a1bc1be29121160ed39
Ubuntu Security Notice USN-6603-1
Posted Jan 26, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6603-1 - It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could cause a denial of service or possibly expose sensitive information. Budimir Markovic, Lucas De Marchi, and Pengfei Xu discovered that the perf subsystem in the Linux kernel did not properly validate all event sizes when attaching new events, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-6606, CVE-2023-6931, CVE-2023-6932
SHA-256 | 9fe186eef0aa6e0a6c7c161754052e49f62293ba385d9ccd44897abc7326341d
Ubuntu Security Notice USN-6602-1
Posted Jan 26, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6602-1 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that a race condition existed in the Linux kernel when performing operations with kernel objects, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-20588, CVE-2023-45863, CVE-2023-6606, CVE-2023-6931, CVE-2023-6932
SHA-256 | e4ea46e063ed7320c58795d9803e3ac6d7fa5f331537b1801175adb5167bb09e
Ubuntu Security Notice USN-6601-1
Posted Jan 26, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6601-1 - It was discovered that the IGMP protocol implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2023-6932
SHA-256 | cca79625b03d2bb1e94883b9d350917c326da4fe2ad588949119d92376aebd76
Ubuntu Security Notice USN-6600-1
Posted Jan 26, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6600-1 - Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues. MariaDB has been updated to 10.3.39 in Ubuntu 20.04 LTS, 10.6.16 in Ubuntu 22.04 LTS and 10.11.6 in Ubuntu 23.10. CVE-2022-47015 only affected the MariaDB packages in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2022-47015
SHA-256 | 16c1095a14d9614f39b8bb44a170521da170553a595595a6e28eea3b61004115
Ubuntu Security Notice USN-6599-1
Posted Jan 26, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6599-1 - Yeting Li discovered that Jinja incorrectly handled certain regex. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. It was discovered that Jinja incorrectly handled certain HTML passed with xmlatter filter. An attacker could inject arbitrary HTML attributes keys and values potentially leading to XSS.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-28493, CVE-2024-22195
SHA-256 | c4598e532c545a8d7a06e60082eca74ab86406a361138570c7495e31b23944fd
Red Hat Security Advisory 2024-0530-03
Posted Jan 26, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0530-03 - An update is now available for the Red Hat build of Cryostat 2 on RHEL 8. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-4043
SHA-256 | 1f3ad6f77ab6b4d3afdfac0816f95a171bf65805aea9b756b7b663ee63c7d6a9
Red Hat Security Advisory 2024-0500-03
Posted Jan 26, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0500-03 - An update for openssl is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-5363
SHA-256 | 79ea5b662faf0d46f123482b6437eccc01739ac46cb2ae34fb71fc9700d2edbd
Page 1 of 4
Back1234Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close