Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
1fa1703c34c1e615e7bcfa6d847c612795623e8bc52d36b15a8846c391362248If an incoming SIP message contains a malformed multi-part body an out-of-bounds read access may occur, which can result in undefined behavior. Note, it is currently uncertain if there is any externally exploitable vector within Asterisk for this issue, but they are providing this as a security issue out of caution.
97b8999a7c776bc25667d248af8128d9089bb735a74f21b5e8602a90fb5d57dcWhen acting as a UAC, and when placing an outgoing call to a target that then forks, Asterisk may experience undefined behavior after a dialog set is prematurely freed.
caf0098653c4aa078aff32dd6a697ddb405273dec27531e5365356d26193b7feApache APISIX has a default, built-in API token that can be used to obtain full access of the admin API. Access to this API allows for remote LUA code execution through the script parameter added in the 2.x version. This module also leverages another vulnerability to bypass th e IP restriction plugin.
75f7fd4db82a985948b400b9686ffc05f654d453b228621992abd5bb2505add2The header length on incoming STUN messages that contain an ERROR-CODE attribute is not properly checked. This can result in an integer underflow. Note, this requires ICE or WebRTC support to be in use with a malicious remote party.
b4d958ee6e32f6f622c4ae3b0cd99a1c00dcde4578e8d8eca299633634cfec4cUbuntu Security Notice 5313-1 - It was discovered that OpenJDK incorrectly handled deserialization filters. An attacker could possibly use this issue to insert, delete or obtain sensitive information. It was discovered that OpenJDK incorrectly read uncompressed TIFF files. An attacker could possibly use this issue to cause a denial of service via a specially crafted TIFF file. Jonni Passki discovered that OpenJDK incorrectly verified access restrictions when performing URI resolution. An attacker could possibly use this issue to obtain sensitive information.
1eb3844ca9c50179160fb123966e80d10db7fef227b2a4d34bf4764270c8da5cAttendance and Payroll System version 1.0 suffers from a remote code execution vulnerability.
8a42198f8d9f6fd6fe6e469fc47f164936a51032c097a2a20bc1bf5061b3f2ceAttendance and Payroll System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
aa6fadd8eaf57ec93dc1be2d5d7cfdce4180181ba8cacd94f6f3b30ff8c409ebUbuntu Security Notice 5314-1 - A use-after-free was discovered when removing an XSLT parameter in some circumstances. If a user were tricked into opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code. A use-after-free was discovered in the WebGPU IPC framework. If a user were tricked into opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code.
b17ace89140e01d36a866b024e58e378d04c3ad3415a3f2cadbeede314fa29fbHasura GraphQL version 2.2.0 suffers from an information disclosure vulnerability.
d4c6e0949dc24e69b126808b4183027a77f8f87d802e545bb38e5a82e2127d9cSpring Cloud Gateway version 3.1.0 suffers from a remote code execution vulnerability.
f9d18c9ee39c9cd35731f202ab51b6291925e1c7ed9abc366f47ad1b7b4f8e6aUbuntu Security Notice 5310-2 - USN-5310-1 fixed several vulnerabilities in GNU. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that the GNU C library getcwd function incorrectly handled buffers. An attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code.
13edb425e5376cd1e6f7b1f1a7b3b981295f9b7415ac52782a50d019971b7e29part-db version 0.5.11 suffers from a remote code execution vulnerability.
9da1fe5035a4d2fb8ec1ee927834a5b61ea02aa1c8a8bb69218312c8d6380b5eUbuntu Security Notice 5300-3 - USN-5300-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 21.10. It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly obtain sensitive information. It was discovered that PHP incorrectly handled certain scripts with XML parsing functions. An attacker could possibly use this issue to obtain sensitive information.
79f9d135d4d4a7c56dc43a848d48ffdb653c44069b4fe34f8a66deeb9811750fLoki RAT (Relapse) malware suffers from a remote SQL injection vulnerability.
f360a43787cda78af10420bd09311081fb3ab92487cc4daa8023042cf53e285dPrivate Internet Access version 3.3 suffers from an unquoted service path vulnerability.
9081a47374b387e598e4cbbd836ec0da7d432399214647b3c5d18c596c676d55Loki RAT (Relapse) malware suffers from a directory traversal vulnerability that can allow for arbitrary file deletion.
38a488d34c1a55e75b041524dba4177192be0b57d121b016291e69e18322ccfbMatrimony version 1.0 suffers from a remote SQL injection vulnerability.
43cafb28d6bd33a0cf68341d6ed85a5dd169aae68cd8b07cd700ae100a2f30dcCloudflare WARP version 1.4 suffers from an unquoted service path vulnerability.
079838f302318e8947c18c041fb543995af82b994f8f7ba21f0084b0d928a9e4Malwarebytes version 4.5 suffers from an unquoted service path vulnerability.
5d3b338c6b63fa0e19f25fadaae3a0c56720448c0466a9380022704057d9075eFoxit PDF Reader version 11.0 suffers from an unquoted service path vulnerability.
e960ef66e4b747d6f9a4cfdcc7b0f2af4a177caa7d262118d388ef0e31b50512
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed