This archive contains all of the 159 exploits added to Packet Storm in February, 2022.
c5a335ca98f983dd4a352b4d6bcfb1d53435b53de1f0eaa23926a056e7ae3e20This Metasploit modules exploits CVE-2020-26950, a use-after-free exploit in Firefox. The MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This exploit uses a somewhat novel technique of spraying ArgumentsData structures in order to construct primitives. The shellcode is forced into executable memory via the JIT compiler, and executed by writing to the JIT region pointer. This exploit does not contain a sandbox escape, so firefox must be run with the MOZ_DISABLE_CONTENT_SANDBOX environment variable set, in order for the shellcode to run successfully. This vulnerability affects Firefox versions prior to 82.0.3, Firefox ESR versions prior to 78.4.1, and Thunderbird versions prior to 78.4.2, however only Firefox versions up to 79 are supported as a target. Additional work may be needed to support other versions such as Firefox 82.0.1.
c5497acbfe1516edccf2f8747d261489391c42dfa92ad82028efc92b075df944Red Hat Security Advisory 2022-0687-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.
2d3f8766f4f08c404e5c5f3eabe6435b0dbdde93b6a4a7e79ad278062cd70ff5Red Hat Security Advisory 2022-0655-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.23. Issues addressed include a memory exhaustion vulnerability.
3e043d2935f40660cdd00df903b9330458addc092fa78100d8433379125b23a7Red Hat Security Advisory 2022-0708-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include code execution, denial of service, and spoofing vulnerabilities.
f83547ba4736bf0787d355efe1d9f8bfeb8c4feba15c83208f06fc61783cd7d3Ubuntu Security Notice 5309-1 - It was discovered that virglrenderer incorrectly handled memory. An attacker inside a guest could use this issue to cause virglrenderer to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that virglrenderer incorrectly initialized memory. An attacker inside a guest could possibly use this issue to obtain sensitive host information.
ab9f417bca8301a1ebf7d28154f0b01717304bdddbffd6ad6764daabe360354aRufus version 3.17.1846 suffers from a dll hijacking vulnerability for both the executable and portable executable versions.
42fcbedb2c79d9033d0335150d18fd779bd19602a3a66fa43470c1ec1778e164
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed