Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.
17333748eb6ab56a11a7027eba925e82f58b2d38176ac24b6fa3354b41993fe3Ubuntu Security Notice 6942-1 - It was discovered that Gross incorrectly handled memory when composing log entries. An attacker could possibly use this issue to cause Gross to crash, resulting in a denial of service, or possibly execute arbitrary code.
feb2f237b27e68ffb24d8a4d362b5ae5b9244219d8230adee41aad3672240643Ubuntu Security Notice 6943-1 - It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected tomcat8 for Ubuntu 18.04 LTS It was discovered that Tomcat incorrectly handled certain HTTP/2 connection requests. A remote attacker could use this issue to obtain wrong responses possibly containing sensitive information. This issue only affected tomcat8 for Ubuntu 18.04 LTS
f0aa0eff0ede3e5e3704517eb7ba3f99160da85aee66c59e0606b7a0e59f71b9This archive contains all of the 105 exploits added to Packet Storm in July, 2024.
ed3100062dccd204225c57e2bfca387cb694af9154705c4edf36706d394e8ec8This is the official vulnerability disclosure report for CVEs CVE-2024-38881 through CVE-2024-38891 by jTag Labs. This report details critical security vulnerabilities found within Caterease Software, a product of Horizon Business Services Inc. These vulnerabilities have significant implications for the confidentiality, integrity, and availability of the software and the sensitive data it handles. The issues include problems like remote SQL injection, command injection, authentication bypass, hard-coded credentials, and more.
922dd24931dfc780dbe72f5070222b4450361d9b42c8b9a975582549453b4573Tourism Management System version 2.0 suffers from a cross site scripting vulnerability.
6a6ea6ff0446e61f5a321b7cbbcd79e00b45d07a8609be34e9aff3443d2f5e5eComputer Laboratory Management System version 1.0 suffers from an incorrect access control that allows for privilege escalation.
3993bf953169c9693309f12504dc8d422d5a33116865a83135e3a0dd9befb630Ubuntu Security Notice 6909-2 - USN-6909-1 fixed several vulnerabilities in Bind. This update provides the corresponding update for Ubuntu 18.04 LTS. Toshifumi Sakaguchi discovered that Bind incorrectly handled having a very large number of RRs existing at the same time. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service.
06bca4f6d5a9f305cf07f48c14000e2250516db86891e6a4647f465a1667e725Leads Manager Tool suffers from remote SQL injection and cross site scripting vulnerabilities.
a5f2822b36f3d9ad0225477aba58244bbd90f789258b7d465e98eee2442d617dUbuntu Security Notice 6926-2 - 黄思聪 discovered that the NFC Controller Interface implementation in the Linux kernel did not properly handle certain memory allocation failure conditions, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service.
2d46229c1bb410100a951de8431f990f91bf51ba7ec8b3772ca11b05a1a2247cReadymade Unilevel Ecommerce MLM suffers from remote blind SQL injection and cross site scripting vulnerabilities. These issues affected the version released as late as March 15, 2024.
6516c67721502532af286b998f1bd2aa37ea2c5c4806a9a0fa77479cd3a3c623Appointment Scheduler version 3.0 suffers from an insecure direct object reference vulnerability.
704b395184ea72d2a89e336b4e3419816c72acc8e4b5bccaec26769e25c2ce41AccPack Cop version 1.0 suffers from a cross site request forgery vulnerability.
9019bcc0149f6bd585eeb57145abd8d8ab36247d7e4f551459497d7ef6a6c872AccPack Buzz version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
a0f0238eba0d8231f30c544ad475ae53ca1f9efe7a95b25bbeb3893d8d8820f7Red Hat Security Advisory 2024-4982-03 - OpenShift API for Data Protection 1.3.3 is now available. Issues addressed include a denial of service vulnerability.
bdee5d8d2f9300e30e73fe74fc77fba222bc8ea328b6e0f69b9b0f2734a25b32Red Hat Security Advisory 2024-4972-03 - An update is now available for Red Hat OpenShift GitOps v1.11.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a denial of service vulnerability.
b669d81ead1b521de9129342ee8f759af9c0ba623d2ca9e2f6d53ea313086dc4Red Hat Security Advisory 2024-4971-03 - An update for emacs is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.
f1de96d6591f3909c0d57ad04f0394b3ee1208a3347f64f1c3fa870a239b6bf5Red Hat Security Advisory 2024-4970-03 - An update for kpatch-patch-4_18_0-305_120_1 is now available for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a privilege escalation vulnerability.
e7a7ea6c37568e12a8affdaecfbf64336db2ae323f5ad19decfaadb8877416bbRed Hat Security Advisory 2024-4943-03 - An update for httpd is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.
4a7b9d6f819185f31ed0963404f3afe7d3e23a7aba486c2a4158fdec55d35ed4Red Hat Security Advisory 2024-4858-03 - Red Hat OpenShift Container Platform release 4.16.5 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include deserialization and memory exhaustion vulnerabilities.
da66ba87e3611e718278afe32ba1bd82bd699ddc5629604c55d6e2f3833d581fRed Hat Security Advisory 2024-4848-03 - Red Hat OpenShift Container Platform release 4.13.46 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include deserialization and memory exhaustion vulnerabilities.
6f24ef50626aee5ed0e8c53fbde0e004703bac6565f2bd36b37e21eafa21943cRed Hat Security Advisory 2024-4846-03 - Red Hat OpenShift Container Platform release 4.13.46 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.
01bea6eac4eb94260d765efc65ca3722b8ea33a4372717f039dff980fcdb1123Ubuntu Security Notice 6922-2 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Chenyuan Yang discovered that the Unsorted Block Images flash device volume management subsystem did not properly validate logical eraseblock sizes in certain situations. An attacker could possibly use this to cause a denial of service.
71b8947d41c138f27d222eb7302e5df7fb65a49f364bca58542817fdfba1fd3fUbuntu Security Notice 6936-1 - It was discovered that Apache Commons Collections allowed serialization support for unsafe classes by default. A remote attacker could possibly use this issue to execute arbitrary code.
915864c106ba1f20dec42a0e6d56fbfeba7b088c4b12b3f58c4bd561ac9b887bUbuntu Security Notice 6941-1 - It was discovered that the Python ipaddress module contained incorrect information about which IP address ranges were considered “private†or “globally reachableâ€. This could possibly result in applications applying incorrect security policies.
111b39ad42a74b48cc3d8cc88aad37bf6346b3ce048406d371b36951d2b5be53
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed