what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 544 RSS Feed

Files Date: 2023-10-01 to 2023-10-31

Gentoo Linux Security Advisory 202310-20
Posted Oct 30, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202310-20 - A vulnerability has been discovered in rxvt-unicode where data written to the terminal can lead to code execution. Versions greater than or equal to 9.30 are affected.

tags | advisory, code execution
systems | linux, gentoo
advisories | CVE-2022-4170
SHA-256 | 51693714edc63725a63b018c30f566d28311880f518aca2b99ea93357c62de90
Gentoo Linux Security Advisory 202310-19
Posted Oct 30, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202310-19 - A vulnerability has been discovered in Dovecot that can lead to a privilege escalation when master and non-master passdbs are used. Versions greater than or equal to 2.3.19.1-r1 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2022-30550
SHA-256 | 7d5b178b888666bb41a4b00c126e67dcfd03c3815a0b2193c4d0a4211d3ac5f5
Debian Security Advisory 5538-1
Posted Oct 30, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5538-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2023-5721, CVE-2023-5724, CVE-2023-5725, CVE-2023-5728, CVE-2023-5730, CVE-2023-5732
SHA-256 | 13d430a698ce0376929e6fb9fcb25cf1473b6d7614ae60cd378159bce26b0833
Debian Security Advisory 5537-1
Posted Oct 30, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5537-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions or denial of service.

tags | advisory, java, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2023-22067, CVE-2023-22081
SHA-256 | 0eeed70553bfb9531621dba4f488f4691219e3d5cde4d3a4e900f1210dea1363
Gentoo Linux Security Advisory 202310-18
Posted Oct 30, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202310-18 - Multiple vulnerabilities have been discovered in Rack, the worst of which can lead to sequence injection in logging components. Versions greater than or equal to 2.2.3.1 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2022-30122, CVE-2022-30123
SHA-256 | 86b585c9573a1b65c779b8c93d6cc850deda0a4aed5c6b406f38241f7297bc18
Gentoo Linux Security Advisory 202310-17
Posted Oct 30, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202310-17 - Multiple vulnerabilities have been discovered in UnZip, the worst of which could lead to code execution. Versions greater than or equal to 6.0_p27 are affected.

tags | advisory, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2022-0529, CVE-2022-0530
SHA-256 | f4552caef56f30d794b0ba0e1e91cd76ee5847effb4792b98e9b326cf7509a23
VinChin VMWare Backup 7.0 Hardcoded Credential / Remote Code Execution
Posted Oct 30, 2023
Authored by Gregory Boddin

VinChin Backup and Recovery in VinChin VMWare Backup versions 5.0 through 7.0 suffers from hardcoded credential and remote code execution vulnerabilities.

tags | advisory, remote, vulnerability, code execution
advisories | CVE-2023-45498, CVE-2023-45499
SHA-256 | 1bf4b6f3ddc51b5e4e5494dbac71f64c14b1398adab76827b7be2ebd47dea460
Ubuntu Security Notice USN-6455-1
Posted Oct 30, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6455-1 - It was discovered that Exim incorrectly handled validation of user-supplied data, which could lead to memory corruption. A remote attacker could possibly use this issue to execute arbitrary code. It was discovered that Exim incorrectly handled validation of user-supplied data, which could lead to an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-42117, CVE-2023-42119
SHA-256 | 323c6ff2a013a77f6d6aa929e97a11a9e629fa736c7266c0bfa1231fe81b46e8
Ubuntu Security Notice USN-6456-1
Posted Oct 30, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6456-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Kelsey Gilbert discovered that Firefox did not properly manage certain browser prompts and dialogs due to an insufficient activation-delay. An attacker could potentially exploit this issue to perform clickjacking.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-5721, CVE-2023-5723, CVE-2023-5724, CVE-2023-5725, CVE-2023-5728, CVE-2023-5731
SHA-256 | 3a71181f5bb0c5d956c376670a0764c65e741e9fd84d5b5ed5446b241074df73
Red Hat Security Advisory 2023-6161-01
Posted Oct 30, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-6161-01 - The Migration Toolkit for Containers 1.7.14 is now available. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-29406
SHA-256 | 03585b8e48b66d9c2192b3617a3ea539aa0efac6f83d44cbe1bc778c5783cff6
Red Hat Security Advisory 2023-6158-01
Posted Oct 30, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-6158-01 - An update is now available for Red Hat Ansible Automation Platform 2.4.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-43665
SHA-256 | 313cafee5dadc0027b7426f1df2e09b10f9af6f481e712803e660fe2aed93506
Red Hat Security Advisory 2023-6156-01
Posted Oct 30, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-6156-01 - The components for Red Hat OpenShift support for Windows Containers 8.1.0 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat, windows
advisories | CVE-2023-2431
SHA-256 | 3aee63407f3d6a9303bbc743ba737bb9fb4bbe332c2de4f66b5886fc0befc56e
Red Hat Security Advisory 2023-6144-01
Posted Oct 30, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-6144-01 - An update for custom-metrics-autoscaler-adapter-container, custom-metrics-autoscaler-admission-webhooks-container, custom-metrics-autoscaler-container, custom-metrics-autoscaler-operator-bundle-container, and custom-metrics-autoscaler-operator-container is now available for the Custom Metric Autoscaler operator for Red Hat OpenShift. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-44487
SHA-256 | 4767fea192115bcbc513e331ca051afd8b160f08e9a892260cbd2e0e6cdd1a82
Red Hat Security Advisory 2023-6022-01
Posted Oct 30, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-6022-01 - An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-44487
SHA-256 | 326e999748476107cee62ab27666a4651310ccc95d9f9d02f36a531fbe88d7e2
Zeek 6.0.2
Posted Oct 30, 2023
Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: This release fixes 5 security bugs and 6 non-security bugs.
tags | tool, intrusion detection
systems | unix
SHA-256 | 2421989adcee6a29f48a8f7272f719edbe954d66c2e86e3a52e79cae177f887c
Red Hat Security Advisory 2023-6021-01
Posted Oct 30, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-6021-01 - An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-44487
SHA-256 | 8c32e2c73defb1a48e044778ec2a771ff0f6a98007b5d80086095ead8435a0a6
Red Hat Security Advisory 2023-5992-01
Posted Oct 30, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5992-01 - An update for the python27:2.7 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-40217
SHA-256 | 2ef0cbb1252124e3733f8a2e023e601bbc791b349535aa95f9db83f62aab0867
Splunk edit_user Capability Privilege Escalation
Posted Oct 27, 2023
Authored by Heyder Andrade, RedWay Security, Santiago Lopez | Site metasploit.com

Splunk suffers from an issue where a low-privileged user who holds a role that has the edit_user capability assigned to it can escalate their privileges to that of the admin user by providing a specially crafted web request. This is because the edit_user capability does not honor the grantableRoles setting in the authorize.conf configuration file, which prevents this scenario from happening. This exploit abuses this vulnerability to change the admin password and login with it to upload a malicious app achieving remote code execution.

tags | exploit, remote, web, code execution
advisories | CVE-2023-32707
SHA-256 | 7181dfaec2f1f7eb973d6e9ba2bc3a477b83011115b041d9cb0b9ad5e441fc41
Falco 0.36.2
Posted Oct 27, 2023
Authored by Sysdig | Site sysdig.org

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.

Changes: No changes were made to Falco itself, just libs.
tags | tool, intrusion detection
systems | unix
SHA-256 | b09786888fd6fa1e9f9958104a7a1b91282e95ace4f5b33d333704db76b2cf3c
phpFox 4.8.13 PHP Object Injection
Posted Oct 27, 2023
Authored by EgiX | Site karmainsecurity.com

phpFox versions 4.8.13 and below have an issue where user input passed through the "url" request parameter to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the application scope, allowing them to perform a variety of attacks, such as executing arbitrary PHP code.

tags | exploit, remote, arbitrary, php
advisories | CVE-2023-46817
SHA-256 | ee85170a47f6253886312ffd969da7bc6af218c972178b1c78103cec1ae79a03
SugarCRM 13.0.1 Shell Upload
Posted Oct 27, 2023
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 13.0.1 and below suffer from a remote shell upload vulnerability in the set_note_attachment SOAP call.

tags | exploit, remote, shell
SHA-256 | f051a516487d8fd4a224aa9c883a0ab530f400da930805694f2f73cbeae5a487
SugarCRM 13.0.1 Server-Side Template Injection
Posted Oct 27, 2023
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 13.0.1 and below suffer from a server-side template injection vulnerability in the GetControl action from the Import module. This issue can be leveraged to execute arbitrary php code.

tags | exploit, arbitrary, php
SHA-256 | 482a650864ca894b028d96d1341d94b0fd22a59191625c172302fe115ad4deb5
XAMPP 3.3.0 Buffer Overflow
Posted Oct 27, 2023
Authored by Talson

XAMPP version 3.3.0 .ini unicode + SEH buffer overflow exploit.

tags | exploit, overflow
advisories | CVE-2023-46517
SHA-256 | 1ca692b072e3e08fac192c7f2fc261d0ac4feb8be639620958ba27b295c9541f
Debian Security Advisory 5536-1
Posted Oct 27, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5536-1 - An important security issue was discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

tags | advisory, denial of service, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2023-5472
SHA-256 | 8dc27122c27d00fc7f75791b3d0ac5dda33c19caad3ed212f62aa04a79188200
Red Hat Security Advisory 2023-6148-01
Posted Oct 27, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-6148-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.9 General Availability release images, which provide security updates and fix bugs. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-39318
SHA-256 | 7328757d0b982e2a9eacd4be6d01b3decdf0c7d25fbb2e5abe1c69826cfc1546
Page 1 of 22
Back12345Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close