MikroTik version 6.40.5 kernel failure denial of service proof of concept exploit.
36f04caad4ac752ccca12cdf6117122b6b2396e310fadba93409a4509e2e9900GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.
c798a7e04fde047c322b64ac87b10d9b44c887327564be6cd62b5df1eadfa98cMikroTik RouterBoard versions 6.39.2 and 6.40.5 DNS daemon denial of service proof of concept exploit.
88579439a2df3b04166fc4daa7d8edd3fdfa180e542fd56d1bc866fa43c3cc2aLibraw version 0.8.15 suffers from a denial of service vulnerability.
edc5e60b75f274544b8c6f864088d7b512ec89fc5de9e0bcb020100658a95905Debian Linux Security Advisory 4058-1 - Two vulnerabilities were discovered in optipng, an advanced PNG optimizer, which may result in denial of service or the execution of arbitrary code if a malformed file is processed.
b84c1a921adc41bca979394f25eb0fe5dae0ff87622f79d61a9e6db554e19f04Ubuntu Security Notice 3512-1 - David Benjamin discovered that OpenSSL did not correctly prevent buggy applications that ignore handshake errors from subsequently calling certain functions. It was discovered that OpenSSL incorrectly performed the x86_64 Montgomery multiplication procedure. While unlikely, a remote attacker could possibly use this issue to recover private keys.
a103b944d6f8a85749386afed57846e8edac57db3a95092b4bd3128777b3642fDebian Linux Security Advisory 4062-1 - It discovered that the Private Browsing mode in the Mozilla Firefox web browser allowed to fingerprint a user across multiple sessions via IndexedDB.
79e6fa33d72f31becbc7e2b10a9a236b19e8b03007426e94a8f3eb202b023bb9Debian Linux Security Advisory 4061-1 - Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.
172c96f61e24947755622149176d0f25a172d4a0fd3c02dbb07f0f536eae4917Debian Linux Security Advisory 4060-1 - It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for CIP Safety, IWARP_MPA, NetBIOS, Profinet I/O and AMQP, which result in denial of dervice or the execution of arbitrary code.
baafb717d0e7867222f1233524c5fb4ed9a64ec234e5fccf38d9a6b0efdc6e24Slackware Security Advisory - New openssl packages are available for Slackware 14.2 and -current to fix security issues.
df944e02ba3ab7e2c344e82703dedcc6aaf7c147044b9875407518d20e3be9a5FreeBSD Security Advisory - Invoking SSL_read()/SSL_write() while in an error state causes data to be passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. Various other issues were addressed.
bb3377d0fb3c1fc7d239e5446ade3da5c43af286b662042e0a558c54cd6d4ed5Debian Linux Security Advisory 4059-1 - It was discovered that libXcursor, a X cursor management library, is prone to several heap overflows when parsing malicious files. An attacker can take advantage of these flaws for arbitrary code execution, if a user is tricked into processing a specially crafted cursor file.
d7f9c24a8f07ce16763dcc954b7a6eb8900a35b776185c65a1fe94d1cc86b6b8macOS and iOS suffer from a kernel double free vulnerability due to IOSurfaceRootUserClient not respecting MIG ownership rules.
4314c9b3d4d919fbf8280f16f7d8de49f26550f782ad1c352b5a319dee587e69macOS suffers from a getrusage stack leak through struct padding.
f3c771e820e8f87d811a6417706be697870406b209dca5dce3bea7c2d48f9b1fmacOS suffers from an so_pcb type confusion vulnerability in necp_get_socket_attributes.
f2be6f0616271669be7061d78a7fed3616c67d1ae20bdb5246c68bbfa933e85dThe XNU kernel suffers from a memory corruption vulnerability due to an integer overflow in the __offsetof usage in posix_spawn on 32-bit platforms.
f7fc095e9ffc9005294cb0c5bdf1bae20905714fe9a1dccd5bb6d3e940f2bfd2macOS / iOS suffer from multiple kernel use-after-free vulnerabilities due to incorrect IOKit object lifetime management in IOTimeSyncClockManagerUserClient.
752bf8adfa42c1db21266f6817c3ff5c3ef4a4a157ab2fbb3882400fdc6fb035The macOS kernel suffers from a code execution vulnerability due to a lack of bounds checking in AppleIntelCapriController::GetLinkConfig.
e6906ea2b28432c3baf84f42363204bf8884dc823824bf02ba0d05aa103772e9macOS and iOS suffer from a kernel double free due to incorrect API usage in flow divert socket option handling.
0b5dfcc9863d0ed99660566f6392ccc4d9189ce7b6334fa7a00773db58a29596There is a XNU kernel memory disclosure flaw caused by a bug in the kernel API for detecting kernel memory disclosures. No, this isn't a failure at writing a description.
ba49fa13feb0b9639612d9036d4af3a7b5d132687f6e588b7a54efb2a037d8edLibTIFF pal2rgb version 4.0.9 suffers from a heap buffer overflow.
486b62b720ef8bb312f7496bf8a372d21b851c675d409d0e2494af78258a9e14Vanguard version 1.4 suffers from a remote SQL injection vulnerability.
4050fec86a07adc592c7299c588258f048bb826ca44a9118b6b5d7e1c39c9aabVanguard version 1.4 suffers from an arbitrary file upload vulnerability.
340dcf9e419ddec18c2ead2d41f2f2870ca3b82d0257efbb0a965d52e1d7ac79Basic Job Site Script version 2.0.5 suffers from a remote SQL injection vulnerability.
80baebb95e71ada1236a0c5b4a4a879d1d4f4d10da4e949b4df84ab9d4df3611Resume Clone Script version 2.0.5 suffers from a remote SQL injection vulnerability.
09e74ed1d5a067ee3ab3e2d475220b792c9359caa75c7655ae5b43dd269b0137
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed