exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 29 RSS Feed

Files Date: 2022-01-20

Red Hat Security Advisory 2022-0205-02
Posted Jan 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0205-02 - Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 8.2.3 replaces Data Grid 8.2.2 and includes bug fixes and enhancements. Issues addressed include code execution and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-44832, CVE-2021-45046, CVE-2021-45105
SHA-256 | cd250dbbc8b631f4ef49a56cd288bb1c2a6242ea87976dd61585e624dd348188
OpenSCAP Libraries 1.3.6
Posted Jan 20, 2022
Site open-scap.org

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.

Changes: New features include the ability to select and exclude groups of rules on the command line, boot-time remediation service for systemd's Offline Update mode, memory limit control using OSCAP_PROBE_MEMORY_USAGE_RATIO environment variable, allowing disablement of SHA-1 and MD5, allowing providing pre-downloaded components, and introducing the OSBuild Blueprint fix type. About a dozen bug fixes were also applied.
tags | protocol, library
systems | unix
SHA-256 | 40634f2e27a542b112d2e3b374ebbef7e56af18a3d8ae78da2462ab0b1e4e6b7
Grandstream GXV3175 Unauthenticated Command Execution
Posted Jan 20, 2022
Authored by Brendan Coles, alhazred, Brendan Scarvell | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in Grandstream GXV3175 IP multimedia phones. The settimezone action does not validate input in the timezone parameter allowing injection of arbitrary commands. A buffer overflow in the phonecookie cookie parsing allows authentication to be bypassed by providing an alphanumeric cookie 93 characters in length. This module was tested successfully on Grandstream GXV3175v2 hardware revision V2.6A with firmware version 1.0.1.19.

tags | exploit, overflow, arbitrary
advisories | CVE-2019-10655
SHA-256 | d0fc19a40c910116b96508ffd011c4004a203947a4105f88adf98dfcb129e127
VMware vCenter Server Unauthenticated Log4Shell JNDI Injection Remote Code Execution
Posted Jan 20, 2022
Authored by Spencer McIntyre, RageLtMan, jbaines-r7, w3bd3vil | Site metasploit.com

VMware vCenter Server is affected by the Log4Shell vulnerability whereby a JNDI string can be sent to the server that will cause it to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the root user in the case of the Linux virtual appliance and SYSTEM on Windows. This Metasploit module will start an LDAP server that the target will need to connect to. This exploit uses the logon page vector.

tags | exploit, java, root
systems | linux, windows
advisories | CVE-2021-44228
SHA-256 | a640959afe63b432e9f52c735f5ef2799a3bab57bd19790c2fcebb608d3e3a86
GRAudit Grep Auditing Tool 3.3
Posted Jan 20, 2022
Authored by Wireghoul | Site justanotherhacker.com

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.

Changes: Fixed false positive rate in compressed js files. More secret rules. Restructured and updated classic asp rules. Updated fruit rules. Updated SQL, spsqli, ruby, android, java, and dotnet rules. Fixed greedyness in perl super global rules. Improved test case. Bug fixes for dotnet and sql rulesets. Added test case for bad quantifiers in rules. Changed test cases for consistency and portability. Rule set for auditing SCA exclusions. Updated ampscript rules. Added .github/ files for sponsorship/issues/pull requests.
tags | tool
systems | unix
SHA-256 | cce3339a277e3dbab7f9c849a9cb657c9d4d0950fd8a9a1420fad6b45a2a1fa8
Botan C++ Crypto Algorithms Library 2.19.0
Posted Jan 20, 2022
Site botan.randombit.net

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.

Changes: Added a forward error correction code compatible with the zfec library. Improved Emscripten build. Made change to always use -L before build flags. Fixed compilation issue on earlier macOS versions. Added a GCC 4.8 CI target to prevent build regressions. Added support for Loongarch64. Added a check of the OSXSAVE flag before using AVX2 instructions.
tags | library
SHA-256 | 240d9e56e6acb91ef4cf06a8a1c6c0f101c61d40cf48cccf139faef821d7040b
AIDE 0.17.4
Posted Jan 20, 2022
Authored by Rami Lehti | Site aide.github.io

AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.

Changes: Fix to prealculate buffer size in base64 functions.
tags | tool, intrusion detection
systems | unix
advisories | CVE-2021-45417
SHA-256 | c81505246f3ffc2e76036d43a77212ae82895b5881d9b9e25c1361b1a9b7a846
Kernel Live Patch Security Notice LSN-0084-1
Posted Jan 20, 2022
Authored by Benjamin M. Romer

William Liu and Jamie Hill-Daniel discovered that the file system context functionality in the Linux kernel contained an integer underflow vulnerability, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux
advisories | CVE-2022-0185
SHA-256 | ebdd28169715872d3dae12d04faac30cc03a75e8432f2814b583409805684cf6
Red Hat Security Advisory 2022-0083-03
Posted Jan 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0083-03 - This release of Red Hat build of Eclipse Vert.x 4.1.8 GA includes security updates. For more information, see the release notes listed in the References section. Issues addressed include code execution and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-44832, CVE-2021-45046, CVE-2021-45105
SHA-256 | 24d4e3d0f6f554caca41028699284d0f12ccf8d2788aba8df711c0ae434e4e18
Red Hat Security Advisory 2022-0216-06
Posted Jan 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0216-06 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include code execution and denial of service vulnerabilities.

tags | advisory, java, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-44832, CVE-2021-45046, CVE-2021-45105
SHA-256 | 281f02999e731e669e2b47357df331e1d340b028336f73a01d9e81a5d0009985
Ubuntu Security Notice USN-5243-1
Posted Jan 20, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5243-1 - David Bouman discovered that AIDE incorrectly handled base64 operations. A local attacker could use this issue to cause AIDE to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2021-45417
SHA-256 | bfebbb3ece1658aff738be79c7f134e2a0be247fb2c4bd9aaa0e4baeedb807b8
Ubuntu Security Notice USN-5242-1
Posted Jan 20, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5242-1 - It was discovered that Open vSwitch incorrectly handled certain fragmented packets. A remote attacker could possibly use this issue to cause Open vSwitch to consume resources, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2021-3905
SHA-256 | 77f8da0e77c6ef919feee5799eb6b9efb97a2189371d1bd1cc64792259209d4d
Ubuntu Security Notice USN-5021-2
Posted Jan 20, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5021-2 - USN-5021-1 fixed vulnerabilities in curl. This update provides the corresponding updates for Ubuntu 16.04 ESM. Harry Sintonen and Tomas Hoger discovered that curl incorrectly handled TELNET connections when the -t option was used on the command line. Uninitialized data possibly containing sensitive information could be sent to the remote server, contrary to expectations.

tags | advisory, remote, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-22898, CVE-2021-22925
SHA-256 | cede935a59164fab44bf9dcd2dc33490586a63319e73fe18ccbedba4041ff602
Red Hat Security Advisory 2022-0203-03
Posted Jan 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0203-03 - The releases of Red Hat Fuse 7.8.2, 7.9.1 and 7.10.1 serve as a patch to Red Hat Fuse on Karaf and Red Hat Fuse on Spring Boot and includes security fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2021-44228, CVE-2021-44832, CVE-2021-45046, CVE-2021-45105
SHA-256 | f8f49c5ce9654d296d93186fe4a411f91a37373917ccb904ee88d4aee08b2dd8
Red Hat Security Advisory 2022-0202-04
Posted Jan 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0202-04 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2016-4658, CVE-2018-20845, CVE-2018-20847, CVE-2018-25009, CVE-2018-25010, CVE-2018-25012, CVE-2018-25013, CVE-2018-25014, CVE-2018-5727, CVE-2018-5785, CVE-2019-12973, CVE-2019-13750, CVE-2019-13751, CVE-2019-17594, CVE-2019-17595, CVE-2019-18218, CVE-2019-19603, CVE-2019-20838, CVE-2019-5827, CVE-2020-10001, CVE-2020-12762, CVE-2020-13435, CVE-2020-13558, CVE-2020-14145, CVE-2020-14155, CVE-2020-15389, CVE-2020-16135
SHA-256 | 194b1fb3244796d500710e340e920f92f4abc83abbfaacd11163fd0cbe51025b
Red Hat Security Advisory 2022-0191-03
Posted Jan 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0191-03 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.9.2 images.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-31525, CVE-2021-33195, CVE-2021-33197, CVE-2021-33198, CVE-2021-34558, CVE-2021-42574, CVE-2021-43527
SHA-256 | ff212f83b966f05194a3c89d8842a710d265243e5de79983a7c1b64df072bee3
Red Hat Security Advisory 2022-0199-02
Posted Jan 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0199-02 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2022-23094
SHA-256 | cba116a8ccd05fea01368a369b31a845a85169c45f170a62a3ca4d23bfd14890
Ubuntu Security Notice USN-5241-1
Posted Jan 20, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5241-1 - It was discovered that QtSvg incorrectly handled certain malformed SVG images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause QtSvg to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-19869
SHA-256 | 32d6d60a122670053f2e460a06106159ff6aabe1544ead509400874e9613b9da
Ubuntu Security Notice USN-5240-1
Posted Jan 20, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5240-1 - William Liu and Jamie Hill-Daniel discovered that the file system context functionality in the Linux kernel contained an integer underflow vulnerability, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-0185
SHA-256 | f38197d468b0ac1b459114cface6fdb664c54f6bfdf6561758bfbe79ee4a41e0
Red Hat Security Advisory 2022-0190-04
Posted Jan 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0190-04 - Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-21290
SHA-256 | a16be12348f952b69b8aea47b4cfeef33e3288ed755b47ac8b32100e8c944fc5
Red Hat Security Advisory 2022-0188-07
Posted Jan 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0188-07 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a heap overflow vulnerability.

tags | advisory, overflow, kernel
systems | linux, redhat
advisories | CVE-2021-4155, CVE-2022-0185
SHA-256 | 9285d1161496f0d2f04d09373979faf3ed79e7a3f31a711af8ec8c440d65e0ce
Red Hat Security Advisory 2022-0114-04
Posted Jan 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0114-04 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.41.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-39241, CVE-2021-40346
SHA-256 | ed8e6ee8e1359e5ec6d149d048c3e6cee2c5658382a303084a7c82eada049519
Red Hat Security Advisory 2022-0186-07
Posted Jan 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0186-07 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include heap overflow and privilege escalation vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2021-4154, CVE-2021-4155, CVE-2022-0185
SHA-256 | 255bbad280ff777117f481929995d0e8be22db96c27a7cbab200dab6e85e611d
Red Hat Security Advisory 2022-0187-04
Posted Jan 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0187-04 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include heap overflow and privilege escalation vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2021-4154, CVE-2021-4155, CVE-2022-0185
SHA-256 | 027360ba53dd866197d83e94c2fa0af7a9631774a89b45f9aad23660f6067bd1
Ransomware MVID-2022-0461 Builder Babuk Insecure Permissions
Posted Jan 20, 2022
Authored by malvuln | Site malvuln.com

Ransomware Builder Babuk malware suffers from an insecure permissions vulnerability.

tags | exploit
SHA-256 | 3c941a72449b7c9a59a6744e375bc03e286f20d54c74ae9d72164f9f4476462d
Page 1 of 2
Back12Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close