exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 24 of 24 RSS Feed

Files Date: 2023-12-07

Ubuntu Security Notice USN-6540-1
Posted Dec 7, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6540-1 - It was discovered that BlueZ did not properly restrict non-bonded devices from injecting HID events into the input subsystem. This could allow a physically proximate attacker to inject keystrokes and execute arbitrary commands whilst the device is discoverable.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-45866
SHA-256 | 8a870ceb8e8b80fecb7bdf6531423f8e70b239e9839c50be042ab87d8f8c36d4
ConQuest Dicom Server 1.5.0d Remote Command Execution
Posted Dec 7, 2023
Authored by Cody Sixteen

Conquest Dicom Server version 1.5.0d pre-authentication remote command execution exploit.

tags | exploit, remote
SHA-256 | 2030c371174b7b07796cb759a9caa33926897c924929e76e6832e628b77586f3
Ubuntu Security Notice USN-6539-1
Posted Dec 7, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6539-1 - It was discovered that the python-cryptography Cipher.update_into function would incorrectly accept objects with immutable buffers. This would result in corrupted output, contrary to expectations. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. It was discovered that python-cryptography incorrectly handled loading certain PKCS7 certificates. A remote attacker could possibly use this issue to cause python-cryptography to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10.

tags | advisory, remote, denial of service, python
systems | linux, ubuntu
advisories | CVE-2023-23931, CVE-2023-49083
SHA-256 | 3a7b36d4d9cee2aab775270dde0bdeef3e2be1bced5dae6841e343a63c5c734e
Ubuntu Security Notice USN-6538-1
Posted Dec 7, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6538-1 - Jingzhou Fu discovered that PostgreSQL incorrectly handled certain unknown arguments in aggregate function calls. A remote attacker could possibly use this issue to obtain sensitive information. Pedro Gallegos discovered that PostgreSQL incorrectly handled modifying certain SQL array values. A remote attacker could use this issue to obtain sensitive information, or possibly execute arbitrary code. Hemanth Sandrana and Mahendrakar Srinivasarao discovered that PostgreSQL allowed the pg_signal_backend role to signal certain superuser processes, contrary to expectations.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-5868, CVE-2023-5869, CVE-2023-5870
SHA-256 | 9afe5a97b3af7f1f34949320cb900c8bf0c7916f33a0ea18ec291e8870e9b195
Ubuntu Security Notice USN-6537-1
Posted Dec 7, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6537-1 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service or possibly expose sensitive information.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-31085, CVE-2023-39189, CVE-2023-4244, CVE-2023-42754, CVE-2023-45898, CVE-2023-5090, CVE-2023-5158, CVE-2023-5178, CVE-2023-5345, CVE-2023-5633, CVE-2023-5717
SHA-256 | 8aef40e675ea284f23ed621bd7c35ed99674db45761dbfcf4196b8a01e0ab72e
Ubuntu Security Notice USN-6536-1
Posted Dec 7, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6536-1 - Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service or possibly expose sensitive information. Kyle Zeng discovered that the IPv4 implementation in the Linux kernel did not properly handle socket buffers when performing IP routing in certain circumstances, leading to a null pointer dereference vulnerability. A privileged attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-39189, CVE-2023-42754, CVE-2023-45898, CVE-2023-5158, CVE-2023-5178, CVE-2023-5717
SHA-256 | 491b7ae32101abad487102763eda45d30db3ca5f36849f84e358d72012a127f3
Ubuntu Security Notice USN-6463-2
Posted Dec 7, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6463-2 - USN-6463-1 fixed vulnerabilities in Open VM Tools. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker with Guest Operations privileges could possibly use this issue to elevate their privileges.

tags | advisory, remote, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-34058, CVE-2023-34059
SHA-256 | 539ac70bca3ea1e9964c520e718612b18a18216724e5f7d39c2a37c57be262c1
Ubuntu Security Notice USN-6535-1
Posted Dec 7, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6535-1 - Harry Sintonen discovered that curl incorrectly handled mixed case cookie domains. A remote attacker could possibly use this issue to set cookies that get sent to different and unrelated sites and domains. Maksymilian Arciemowicz discovered that curl incorrectly handled long file names when saving HSTS data. This could result in curl losing HSTS data, and subsequent requests to a site would be done without it, contrary to expectations. This issue only affected Ubuntu 23.04 and Ubuntu 23.10.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2023-46218, CVE-2023-46219
SHA-256 | ca215c083aa04234eeac9747474bc5e11097cdc295d4a17e21b08c44522bcfd5
Docker cgroups Container Escape
Posted Dec 7, 2023
Authored by h00die, Kevin Wang, T1erno, Yiqi Sun | Site metasploit.com

This Metasploit exploit module takes advantage of a Docker image which has either the privileged flag, or SYS_ADMIN Linux capability. If the host kernel is vulnerable, its possible to escape the Docker image and achieve root on the host operating system. A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.

tags | exploit, kernel, root
systems | linux
advisories | CVE-2022-0492
SHA-256 | f89ca645e9a7ab68a61d054b319e54c6af9a4e97faf0cab7987d8a5f919f6c11
Red Hat Security Advisory 2023-7695-03
Posted Dec 7, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7695-03 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include integer overflow and remote SQL injection vulnerabilities.

tags | advisory, remote, overflow, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2022-2625
SHA-256 | 6b45ff23954dd19b7ae5a1905b00a633834753da483202d4fca7355f0d246dc3
Red Hat Security Advisory 2023-7694-03
Posted Dec 7, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7694-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include integer overflow and remote SQL injection vulnerabilities.

tags | advisory, remote, overflow, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2022-2625
SHA-256 | c2ef26323aeba2495a61846d3aa33c27839062155ee71168665183c448245e95
Red Hat Security Advisory 2023-7678-03
Posted Dec 7, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7678-03 - Red Hat AMQ Streams 2.6.0 is now available from the Red Hat Customer Portal. Issues addressed include XML injection, bypass, and open redirection vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2022-46751
SHA-256 | a4ea8e6949195163d828da6657c62da1f74b176c721bff43f260a8715e7f3a9d
Red Hat Security Advisory 2023-7676-03
Posted Dec 7, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7676-03 - An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a man-in-the-middle vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-4586
SHA-256 | 7309ba6c927129d683e74a7e01c0064fa834be170846be389601a6a7590466ea
Red Hat Security Advisory 2023-7672-03
Posted Dec 7, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7672-03 - Red Hat OpenShift Virtualization release 4.14.1 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2022-41724
SHA-256 | ebd8d2ab3071242009d201be26f9c4b7d61e1765802629a9ed9a21d6b73f9676
Red Hat Security Advisory 2023-7670-03
Posted Dec 7, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7670-03 - Migration Toolkit for Runtimes 1.2.3 release.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-1436
SHA-256 | 43e1e76605d50da59105da08daedfdde3f0df070317d79162b191eabc9641c90
Red Hat Security Advisory 2023-7669-03
Posted Dec 7, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7669-03 - New Red Hat build of Cryostat 2.4.0 on RHEL 8 container images are now available.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-24815
SHA-256 | 1d646c2afa6010fec859a5a683c526cad6b9234b00f3d456e2b191199e98a600
Red Hat Security Advisory 2023-7668-03
Posted Dec 7, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7668-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-5824
SHA-256 | b7b23b7ec50e246383d4bc95c909a2048792ef5d5370cb0de637d268575ef3e9
Red Hat Security Advisory 2023-7667-03
Posted Dec 7, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7667-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include integer overflow and remote SQL injection vulnerabilities.

tags | advisory, remote, overflow, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2022-2625
SHA-256 | 19a0489de04fb625cb6cf8139ffba94b6c7595a5be8df1952ebd0f1dccd104c8
Red Hat Security Advisory 2023-7666-03
Posted Dec 7, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7666-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include integer overflow and remote SQL injection vulnerabilities.

tags | advisory, remote, overflow, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2022-41862
SHA-256 | 9186add4ca3ce4a0f37ba7a0eee984510fd6a599da84ec595f02efc6a5c5640d
Red Hat Security Advisory 2023-7665-03
Posted Dec 7, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7665-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-20593
SHA-256 | 5d9ec37046abe45eb9d342344e33e75017c0e296afde9f1cedac91935884f113
Red Hat Security Advisory 2023-7610-03
Posted Dec 7, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7610-03 - Red Hat OpenShift Container Platform release 4.12.45 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-44487
SHA-256 | 007ec831c979c205f844faca47662a21ddc626ca6376a929de64aad549e0c929
Red Hat Security Advisory 2023-7608-03
Posted Dec 7, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7608-03 - Red Hat OpenShift Container Platform release 4.12.45 is now available with updates to packages and images that fix several bugs and add enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-39325
SHA-256 | b802c3619f9cb9a96a186f228996435d57b9a2b82c42768dffc1c0cc692e48bb
Red Hat Security Advisory 2023-7607-03
Posted Dec 7, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7607-03 - Red Hat OpenShift Container Platform release 4.12.45 is now available with updates to packages and images that fix several bugs.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-39325
SHA-256 | 1adefd142772d27a076d23bb5f6d8232d541b4a25b7d26dbd9f73635804f9ff1
Winter CMS 1.2.2 Server-Side Template Injection
Posted Dec 7, 2023
Authored by tmrswrr

Winter CMS version 1.2.2 suffers from a server-side template injection vulnerability.

tags | exploit
SHA-256 | 5a1846a473ecee870f05c1911aa882692cd7fea92f60a296c9aeb82fa9f60d73
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close