Ubuntu Security Notice 6912-1 - James Henstridge discovered that provd incorrectly handled environment variables. A local attacker could possibly use this issue to run arbitrary programs and escalate privileges.
e0dbb950650ffee9227bc95e04f82d63498894eebd4019dc3c14308edd63d54fGentoo Linux Security Advisory 202407-27 - Multiple vulnerabilities have been discovered in ExifTool, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 12.42 are affected.
70b2c3a2a8c960c71bcd4a2608a6410fd215532ae908cfca040c366b7b0a7175Ubuntu Security Notice 6911-1 - Arnaud Morin discovered that Nova incorrectly handled certain raw format images. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information.
8f717bc82952c168a0370701143e28cfffe9992338fcaf85126f67a805e5c78eUbuntu Security Notice 6908-1 - It was discovered that the Tomcat SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. A remote attacker could possibly use this issue to execute arbitrary code.
7726e75bbe7b39bbdc84999efb427741b22bbfa118702c92655b75b6eafddeefUbuntu Security Notice 6896-5 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.
df9560dc3783d3d4a0c9d99e6352e1f6ea6dd5c66518086f9ad8789fbd721813This Metasploit module chains two vulnerabilities to achieve authenticated remote code execution against Softing Secure Integration Server version 1.22. In CVE-2022-1373, the restore configuration feature is vulnerable to a directory traversal vulnerability when processing zip files. When using the "restore configuration" feature to upload a zip file containing a path traversal file which is a dll called ..\..\..\..\..\..\..\..\..\..\..\Windows\System32\wbem\wbemcomn.dll. This causes the file C:\Windows\System32\wbem\wbemcomn.dll to be created and executed upon touching the disk. In CVE-2022-2334, the planted wbemcomn.dll is used in a DLL hijacking attack when Softing Secure Integration Server restarts upon restoring configuration, which allows us to execute arbitrary code on the target system. The chain demonstrated in Pwn2Own used a signature instead of a password. The signature was acquired by running an ARP spoofing attack against the local network where the Softing SIS server was located. A username is also required for signature authentication. A custom DLL can be provided to use in the exploit instead of using the default MSF-generated one.
138c45447c1d3fa090b4666327e202412f377f34d7873c3c578299783f2b2a43This Metasploit module exploits a format string vulnerability in Ghostscript versions before 10.03.1 to achieve a SAFER sandbox bypass and execute arbitrary commands. This vulnerability is reachable via libraries such as ImageMagick. This exploit only works against Ghostscript versions 10.03.0 and 10.01.2. Some offsets adjustment will probably be needed to make it work with other versions.
3e3f414d0ec3165e352b2624a3e784100a79ab838c827536fa557daa6cf4b2b8Ubuntu Security Notice 6903-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Ronald Crane discovered that Thunderbird did not properly manage certain memory operations in the NSS. An attacker could potentially exploit this issue to cause a denial of service.
ef4b61c19ba1cf89ba89cd01bfc4d81fcf08875ddab9da8ccaa5a0275782a54cAdobe Commerce and Magento Open Source are affected by an XML injection vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction. Versions Affected include Adobe Commerce and Magento Open Source 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8, and earlier. This exploit uses the arbitrary file reading aspect of the issue to impersonate a user.
6dc2631d3032a832f090c548531e8b8f77ef41c5778c811973c0342b99b373e0Debian Linux Security Advisory 5733-1 - Multiple security issues were discovered in Thunderbird, which could potentially result in the execution of arbitrary code.
db8a7a3e6a1ff7d153fd74c94d94c02f5f563869049e63d3ceffadae2054c44cUbuntu Security Notice 6896-4 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.
8dd27500ca03c621e3b332d4f4a48899a12b1e1709641167738660d0e4522fabUbuntu Security Notice 6895-3 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A privileged attacker could possibly use this to to cause a denial of service.
c2cdeb8147a5ff711973b3c8fee175db573062bd9897685481c20a336ce711ebDebian Linux Security Advisory 5732-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
ba84e05a4e793af50e4bc61477d6411ed2ca8af40ee288a51b55587888d2ff97It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). Various other issues were also addressed.
e841c7c43cd27027fc1462482840cc26556602ee6c248d45547e0f6361010c71Ubuntu Security Notice 6896-3 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.
a1423a94bbd0e244b50a9dcc42a0d161e6c9763ef9a664b4bc82761901f3c48bUbuntu Security Notice 6900-1 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A privileged attacker could possibly use this to to cause a denial of service.
e97da32f17a29fe4696411be940643a9db1b1d29119fc6286db6efced74e2225Ubuntu Security Notice 6899-1 - It was discovered that GTK would attempt to load modules from the current directory, contrary to expectations. If users started GTK applications from shared directories, a local attacker could use this issue to execute arbitrary code, and possibly escalate privileges.
3b03edf0100cf13653aca5320ea932c005b64b5643d0f2ccd3c6fdfaf9f0b194Ubuntu Security Notice 6896-2 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.
dd9e0f93243e62103de4d357f064855355dac13a553ba3fe9e049172d42486a0Ubuntu Security Notice 6895-2 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A privileged attacker could possibly use this to to cause a denial of service.
cb98f5e56d9db06a20eb3399970fe6e4dd6d1c03b16d42a3b8b246d6254a725fGeoServer is an open-source software server written in Java that provides the ability to view, edit, and share geospatial data. It is designed to be a flexible, efficient solution for distributing geospatial data from a variety of sources such as Geographic Information System (GIS) databases, web-based data, and personal datasets. In the GeoServer versions before 2.23.6, greater than or equal to 2.24.0, before 2.24.4 and greater than equal to 2.25.0, and before 2.25.1, multiple OGC request parameters allow remote code execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. An attacker can abuse this by sending a POST request with a malicious xpath expression to execute arbitrary commands as root on the system.
60f349aa901f9dae2286ae790ca0dc4f7e03fb5120fbbaa6cd6f79d5a14fe921Ubuntu Security Notice 6896-1 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.
23031a0845782c0666fea9cf551de81c3f62aa5f01672ed9481d97357d4ec438Ubuntu Security Notice 6895-1 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A privileged attacker could possibly use this to to cause a denial of service.
13204fe1d646093191f86b432d013bd53e9fab0b9ef81134435e8e12af260d6aUbuntu Security Notice 6894-1 - Muqing Liu and neoni discovered that Apport incorrectly handled detecting if an executable was replaced after a crash. A local attacker could possibly use this issue to execute arbitrary code as the root user. Gerrit Venema discovered that Apport incorrectly handled connections to Apport sockets inside containers. A local attacker could possibly use this issue to connect to arbitrary sockets as the root user.
49657c9f208951940a5882e6ed621f3a8835ab9be322277e1a813b58651c0404This Metasploit module exploits an authenticated administrator-level vulnerability in Atlassian Confluence, tracked as CVE-2024-21683. The vulnerability exists due to the Rhino script engine parser evaluating tainted data from uploaded text files. This facilitates arbitrary code execution. This exploit will authenticate, validate user privileges, extract the underlying host OS information, then trigger remote code execution. All versions of Confluence prior to 7.17 are affected, as are many versions up to 8.9.0.
b198d9755cf50ac9c6b86be9526d83c12bdaeab6e989721de64dd0ef6781f8d3Debian Linux Security Advisory 5727-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or privilege escalation.
2523385fae70cf9d7e1b9deceb6dd134ddad7cc34eb85646a5da5277f602c176
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed