Red Hat Security Advisory 2024-4718-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
468df0834dc99a2d3101a627940031c66ec49a267229c12b6169871636ace5daRed Hat Security Advisory 2024-4716-03 - An update for openssh is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a code execution vulnerability.
1ae4c0611972d7cbacf86e10dbee837eda7ff974919ea55126c29bd7332f6b4bRed Hat Security Advisory 2024-4333-03 - Moderate Logging for Red Hat OpenShift - 5.9.4.
42d0fc8c7f8777767a8549608bee20a6a8ade997b8e8aac0bb9198b75734eaaaPerten Instruments Process Plus Software versions 1.11.6507.0 and below suffer from local file inclusion, hardcoded credential, and execution with unnecessary privilege vulnerabilities.
92c6be9a95dec36f75c305fd1ec54275736478e25459c036cab67f945826b0f2Ubuntu Security Notice 6905-1 - It was discovered that Rack incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause Rack to consume resources, leading to a denial of service. It was discovered that Rack incorrectly handled Multipart MIME parsing. A remote attacker could possibly use this issue to cause Rack to consume resources, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
f1fb99c460c408c54600bfb86185879ad2833e7b4ce66083ea2f2adece4c2d2bUbuntu Security Notice 6904-1 - It was discovered that PyMongo incorrectly handled certain BSON. An attacker could possibly use this issue to read sensitive information or cause a crash.
fcdec1b07b070a6622feb7e4235b0acc1f1a048b493cbdd384578b9850c079a6tc is a low-tech free software to chat anonymously and ciphered over Tor circuits in PGP. Use it to protected your communication end-to-end with RSA/DSA encryption and keep yourself anonymously reachable by anyone who only knows your .onion address and your public key. All this and more in 3278 lines of C code that compile and run on BSD and Linux systems with an IRC like GUI. As this is a rolling release and does not have an official build yet, the prior version on Packet Storm was replaced with this updated code base.
6c67a5801efc2a283234e2f35e78d64c742c4135b8931a73f5ed69073993ef33Red Hat Security Advisory 2024-4717-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.
2a02b4915e8c2ff33295c851f4ef088aa4f068b2b322aa2a9c78f8ec187cc6e7Red Hat Security Advisory 2024-4713-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Issues addressed include code execution and use-after-free vulnerabilities.
3a72ee436dc05f0c47719e8dbc954c6eb8dec748f207f0ae84336bb6fd1420e9Red Hat Security Advisory 2024-4697-03 - An update is now available for the Red Hat build of Cryostat 3 on RHEL 8.
79070c148d2d5eb975b74c2c5ab3519c00b0290a075521ddedb9a1ce6d400eb7Ubuntu Security Notice 6898-4 - Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service.
8b053de7161b766a9cba5511fe20d03faf97b54bcfcc24fb43aa58677af61c15Ubuntu Security Notice 6893-3 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
7f62f78668bc36911b1f96b40c020e8124cd85ad4a7b7ca69e27900327bdb441Ubuntu Security Notice 6896-5 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.
df9560dc3783d3d4a0c9d99e6352e1f6ea6dd5c66518086f9ad8789fbd721813LMS ZAI version 6.1 suffers from an ignored default credential vulnerability.
ac6f91ffe20c571e57ac0c8a6aef0c5437b2d37e5f53c46ef41059f24100b7dbQuick Job version 2.4 suffers from an insecure direct object reference vulnerability.
ed619defcb18f94880d7fdc150758b05fc052d89b88cf6c32eda99ac714a326bPPDB ONLINE version 1.3 appears to suffer from an administrative page disclosure issue.
567512dc29f3191d46966af5a6dd1339474aa567f65e1c6564dccda43acadad3PHP MaXiMuS version 2.5.2 suffers from a cross site scripting vulnerability.
f7f012f0611c7ac312b6b0ad3df48db019ad64a1683b0a0e3c97146f444edd95NUKE SENTINEL version 2.5.2 suffers from a cross site scripting vulnerability.
04959e224e4d66c86926b38e058df306a652f0dbf3a13e5a864ba731b33ed47cMinfotech CMS version 2.0 suffers from a remote SQL injection vulnerability.
c70371f0daa1616ffe4fc66938a433e31d91535c9593510fb4fccef1fdbc587eeDesign CMS version 2.0 suffers from an insecure direct object reference vulnerability.
55a4eca00e7267d8d4d5cdd94c2b99447eef8059c06cab914a3401ebda7966f2This Metasploit module chains two vulnerabilities to achieve authenticated remote code execution against Softing Secure Integration Server version 1.22. In CVE-2022-1373, the restore configuration feature is vulnerable to a directory traversal vulnerability when processing zip files. When using the "restore configuration" feature to upload a zip file containing a path traversal file which is a dll called ..\..\..\..\..\..\..\..\..\..\..\Windows\System32\wbem\wbemcomn.dll. This causes the file C:\Windows\System32\wbem\wbemcomn.dll to be created and executed upon touching the disk. In CVE-2022-2334, the planted wbemcomn.dll is used in a DLL hijacking attack when Softing Secure Integration Server restarts upon restoring configuration, which allows us to execute arbitrary code on the target system. The chain demonstrated in Pwn2Own used a signature instead of a password. The signature was acquired by running an ARP spoofing attack against the local network where the Softing SIS server was located. A username is also required for signature authentication. A custom DLL can be provided to use in the exploit instead of using the default MSF-generated one.
138c45447c1d3fa090b4666327e202412f377f34d7873c3c578299783f2b2a43This Metasploit module exploits a format string vulnerability in Ghostscript versions before 10.03.1 to achieve a SAFER sandbox bypass and execute arbitrary commands. This vulnerability is reachable via libraries such as ImageMagick. This exploit only works against Ghostscript versions 10.03.0 and 10.01.2. Some offsets adjustment will probably be needed to make it work with other versions.
3e3f414d0ec3165e352b2624a3e784100a79ab838c827536fa557daa6cf4b2b8I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
249b35c1e061e194ee18048b0644cc5e2c5cf785ffce655e3124eb959dc189ffLogwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.
5eb42d983a9667003368b572149fce788c0d7e13daaf1f28ad1bf3a140b865cfCollateral Damage is a kernel exploit for Xbox SystemOS using CVE-2024-30088. It targets Xbox One and Xbox Series consoles running kernel versions 25398.4478, 25398.4908, and 25398.4909. The initial entrypoint is via the Game Script UWP application.
37f647ed1a6f781f4be32182919dbb9877f42dbd8d26a16f662f280d73a0ade5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed