A partial blind cross site request forgery (CSRF) vulnerability exists in perfSONAR versions 4.x through 4.4.5 within the /perfsonar-graphs/ test results page. Parameters and values can be injected/passed via the URL parameter, forcing the client to connect unknowingly in the background to other sites via transparent XMLHTTPRequests. This partial blind CSRF bypasses the built-in whitelisting function in perfSONAR.
44092efeff9a22718267fc8ee3d1add5f9f7c1bd035ed2fb94ece0d6baf60239perfSONAR bundles with it a graphData.cgi script, used to graph and visualize data. There is a flaw in graphData.cgi allowing for unauthenticated users to proxy and relay HTTP/HTTPS traffic through the perfSONAR server. The vulnerability can potentially be leveraged to exfiltrate or enumerate data from internal web servers. This vulnerability was patched in perfSONAR version 4.4.5. Versions 4.x through 4.4.4 are affected. There is a whitelisting function that will mitigate, but is disabled by default.
57258cc3a50359f248bba303d6a0892af6f77e5cbd93340c72b5018222e14550Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. This is the LTS release.
bda39bb856902e6dd6077ea313a3eb8beccd487e0082a95917877f2b299cd86eSuricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
3225edcbd0277545b7128df7b71652e6816f3b4978347d2f4fe297d55ed070e8This Metasploit module chains two vulnerabilities on Microsoft Exchange Server that, when combined, allow an authenticated attacker to interact with the Exchange Powershell backend (CVE-2022-41040), where a deserialization flaw can be leveraged to obtain code execution (CVE-2022-41082). This exploit only supports Exchange Server 2019. These vulnerabilities were patched in November 2022.
52e94b2539eeb923ed6dfcf33bf21788d037db18208e166670e34916d20844ddIntel Data Center Manager versions 4.1.1.45749 and below suffer from an authentication bypass vulnerability via spoofing.
c994d19000e263ed1c33f5352902d080b70eb355d42bec09d1cf2d70a522e3e4OX App Suite versions 7.10.6 and below suffer from cross site scripting, server-side request forgery, and resource exhaustion vulnerabilities.
ba6b2cbc7f4a93851df3e4965e0195411ca754b70e55778fee524c5fadf9d260Hirschmann (Belden) BAT-C2 version 8.8.1.0R8 suffers from a remote authenticated command injection vulnerability.
902fa02d042cb42bf90b944d2600703447b836b6f9b4d286e2b0bca32793a471Ubuntu Security Notice 5718-2 - USN-5718-1 fixed a vulnerability in pixman. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Maddie Stone discovered that pixman incorrectly handled certain memory operations. A remote attacker could use this issue to cause pixman to crash, resulting in a denial of service, or possibly execute arbitrary code.
4fba7d2d1a4b1cbe7d2158569a85a80fe0aab7b0d5ae40c1ce0fde655445548fUbuntu Security Notice 5750-1 - It was discovered that GnuTLS incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service.
8d0498e3d4da525ac2ff53dd05fc680ea245f6b6c501a2220f966f7b34f7cdc8Ubuntu Security Notice 5749-1 - Erik de Castro Lopo and Agostino Sarubbo discovered that libsamplerate did not properly perform bounds checking. If a user were tricked into processing a specially crafted audio file, an attacker could possibly use this issue to cause a crash.
4790f5bdf916ab62a3e0d244f0d0f5c665eb2ed06a3b65db68e6c26314ef453fUbuntu Security Notice 5728-3 - Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the memory address space accounting implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
ebafaab2d5db4b2842460331e69fe77801e170fb619cc3bd4e090cd8f02623deRed Hat Security Advisory 2022-8669-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.
651abd4e04c6352dc73f17a724eab23338024825bf52c55e2d72fa513898d97eRed Hat Security Advisory 2022-8679-01 - The USBGuard software framework provides system protection against intrusive USB devices by implementing basic whitelisting and blacklisting capabilities based on device attributes. To enforce a user-defined policy, USBGuard uses the Linux kernel USB device authorization feature.
44319230a7031b0ae2beadd5bdc28f949e6758804cab4b17984ada9f3597470cRed Hat Security Advisory 2022-8673-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
97f3e50f702e5fe7cf05a0f316152fa8ad06cc0c499a2e5468a7b1c73ccba840Red Hat Security Advisory 2022-8680-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration.
c220eab95e2af8d1ee487903c3b78ffa3023b0e9770403994f85980302585792Ubuntu Security Notice 5745-2 - USN-5745-1 fixed vulnerabilities in shadow. Unfortunately that update introduced a regression that caused useradd to behave incorrectly in Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update reverts the security fix pending further investigation.
f6ac20e439d8d241d992c88ebb7f2f3eb0fba751ce497dfb7bfa0c5cc3142049Ubuntu Security Notice 5748-1 - It was discovered that Sysstat incorrectly handled certain arithmetic multiplications. An attacker could use this issue to cause Sysstat to crash, resulting in a denial of service, or possibly execute arbitrary code.
05fabde1cb6cfea55f277c3be3e27829f8f1a26de0cc437db0a779377dc8a475Red Hat Security Advisory 2022-8686-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
b8332406dcf5e7e427a7e164a3f092852ecc429438c292708f9ab5a8d3453c6fRed Hat Security Advisory 2022-8685-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a memory leak vulnerability.
343e5f92325dabc1c46200ae21744f2debc8776499f887f7d57d72fc355492b5Ubuntu Security Notice 5689-2 - USN-5689-1 fixed a vulnerability in Perl. This update provides the corresponding update for Ubuntu 22.10. It was discovered that Perl incorrectly handled certain signature verification. An remote attacker could possibly use this issue to bypass signature verification.
9c5f64f6ea6b671dac5426645ac570bc296b6ea28163623f578cc062704d0782
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed