Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
52891674347a463ce0fbbf1225cdb61f83c5db412d1c101cb48aa5f88a29e77dThe Ubiquiti UniFi Network Application versions 5.13.29 through 6.5.53 are affected by the Log4Shell vulnerability whereby a JNDI string can be sent to the server via the remember field of a POST request to the /api/login endpoint that will cause the server to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the server application. This Metasploit module will start an LDAP server that the target will need to connect to.
371aff703a1c6ed83abe19b12644a1663d1052646d88c385fcca8a64bc63db21Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.
689f3c68b99ef7af7d3c7007c3ff0a55d5674bdbf9c01f69a9f187726d6d4bafBotan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.
e26e00cfefda64082afdd540d3c537924f645d6a674afed2cd171005deff5560The XNU kernel suffers from a use-after-free vulnerability in mach_msg.
2f6301f083bee339053850c19d2a821eb5bf15e94079651382aba5531646e6f1Whitepaper that gives exploitation and overview details on the Log4j vulnerability as noted in CVE-2021-44228.
1718bbf0d45e1ebf16dbdf6e329a8b2f32b620f142e69ae4db5a2403502ff6acUbuntu Security Notice 5243-2 - USN-5243-1 fixed a vulnerability in aide. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. David Bouman discovered that AIDE incorrectly handled base64 operations. A local attacker could use this issue to cause AIDE to crash, resulting in a denial of service, or possibly execute arbitrary code.
12b8a57423f596d419f639a96d32a12ebdfdfb7da1752d9b72a1df3a19b19a96Red Hat Security Advisory 2022-0204-04 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include deserialization and integer overflow vulnerabilities.
6111b47584e079b991691672c83a9bb1ec283d806d9882e1a06c6f3bc72726b2Red Hat Security Advisory 2022-0232-02 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a heap overflow vulnerability.
1021642cd93d107bd3c68e50bdb465f39863c1f58e9f9dd4d9463294024f05b0Red Hat Security Advisory 2022-0211-04 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include deserialization and integer overflow vulnerabilities.
4ce14f3eb438b226de3c60089a87af6d69792d0aed8fa73d3694231e01d43b56Red Hat Security Advisory 2022-0185-03 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include deserialization and integer overflow vulnerabilities.
c65766993a3f6e45d1753c58150eb8ee04f8ced9690106f6de78b636d10b994fRed Hat Security Advisory 2022-0233-02 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include deserialization and integer overflow vulnerabilities.
ad227589de97531242ae10f793cacc7c47be2a842ec93d7f68c55efb0747b4faRed Hat Security Advisory 2022-0209-02 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include deserialization and integer overflow vulnerabilities.
0bc29c42f81a12c840cf1d83967196697ae8bddb306a1f61560184bf89d6c492Red Hat Security Advisory 2022-0231-03 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include heap overflow and privilege escalation vulnerabilities.
57770ee1c33dbd8dba6dacf04547cf9e17773b3c538fd57af340bf40ac1aa736Ubuntu Security Notice 5244-1 - Daniel Onaca discovered that DBus contained a use-after-free vulnerability, caused by the incorrect handling of usernames sharing the same UID. An attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service.
eb658d0fae205e9fb1cf3b939c4f2178257b0554ee56bdb3534db4af424f8a00Red Hat Security Advisory 2022-0230-03 - OpenShift Logging Bug Fix Release. Issues addressed include code execution and denial of service vulnerabilities.
741b2c0ef0ede5f4a7576bac2fdb735f258391b34069033c7131ec21ab7a60a4Ubuntu Security Notice 5248-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, trick a user into accepting unwanted permissions, conduct header splitting attacks, conduct spoofing attacks, bypass security restrictions, confuse the user, or execute arbitrary code.
ee94116ff4e4b3081cc98a796565452f32b9979d45115195dba7be2d4510ee9a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed