This Metasploit module exploits an arbitrary command injection in Webmin versions prior to 1.997. Webmin uses the OS package manager (apt, yum, etc.) to perform package updates and installation. Due to a lack of input sanitization, it is possible to inject an arbitrary command that will be concatenated to the package manager call. This exploit requires authentication and the account must have access to the Software Package Updates module.
40335e81c5e1920c59b3fa7d7b9555cf342eefb7151f937070f230f69f2b8ee3
This Metasploit module exploits CVE-2022-37393, which is a vulnerability in Zimbra's sudo configuration that permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.
1f2fa01d64e190544e661f442158ebf1f08cb719c08299334a3fc484cc386cd2
AirSpot 5410 versions 0.3.4.1-4 and below suffer from an unauthenticated remote command injection vulnerability.
0453a46f41ec4c59c37a44bb644827c11fe0d7e8677419a16aefa00836c95383
Sophos XG115w Firewall version 17.0.10 MR-10 suffers from an authentication bypass vulnerability.
caaaf298385288773c3e71845cbf340e5bbbc9ab2655ac84f91e638760b5551a
Ubuntu Security Notice 5562-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
c885f38b774059929fa7229f706f1468b065d9a0e066149d46b5f404b4fda36c
Ubuntu Security Notice 5559-1 - It was discovered that Moment.js incorrectly handled certain input paths. An attacker could possibly use this issue to cause a loss of integrity by changing the correct path to one of their choice. It was discovered that Moment.js incorrectly handled certain input. An attacker could possibly use this issue to cause a denial of service.
fe596b86b638bc47b0fe957f167ddfe79c05169fb8234a0b5b8b4d39d00df4e2
Ubuntu Security Notice 5561-1 - It was discovered that GNOME Web incorrectly filtered certain strings. A remote attacker could use this issue to perform cross-site scripting attacks. This issue only affected Ubuntu 20.04 LTS. It was discovered that GNOME Web incorrectly handled certain long page titles. A remote attacker could use this issue to cause GNOME Web to crash, resulting in a denial of service, or possibly execute arbitrary code.
9973ace527cbf32f5526f709c8f797db2c055203bb74e2e7b0d7f3b387c1dd77
Red Hat Security Advisory 2022-5069-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include code execution, cross site scripting, denial of service, information leakage, and traversal vulnerabilities.
c2604c1404ab92e0e038e4eeaeed4c184a896885e1b0fbbc3ef5ae6df328db80
Ubuntu Security Notice 5560-2 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
9074f1f7178d2158077da7331b9b96dca3ab1875c317daaedb241651b9c2b8e3
Ubuntu Security Notice 5560-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
a156f85855d3dfab07d60c5d05ef3c9ea3d5a70c935227a3feb4443ce0a5e57a
Red Hat Security Advisory 2022-6038-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
13d3ef77bac94846f6eddc57a82517b000d17a3b9df85470a20d94c6ac7a2ce7
Red Hat Security Advisory 2022-5068-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a denial of service vulnerability.
30e00d08c07434f6fc92069d48ab3c33166cfe75f5097f3b4aae5ca92fe1476e
Red Hat Security Advisory 2022-6037-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.422 and .NET Runtime 3.1.28.
eb359556b2f782d9ef41c42f17b0ac04f90433a610b45f780b90911bb1e31f1d
Red Hat Security Advisory 2022-5070-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include denial of service, out of bounds read, and traversal vulnerabilities.
e7b215852adbc1951046d56f7036f6b75803672b4422c7ce6cb43592abad6003
Ubuntu Security Notice 5558-1 - Zhao Liang discovered that libcdio was not properly performing memory management operations when processing ISO files, which could result in a heap buffer overflow or in a NULL pointer dereference. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service.
1d6a495bf2cef207e4a430fe621479724aa8eac3fc97c8aee7146d1c085ad4b5
Gentoo Linux Security Advisory 202208-11 - A vulnerability has been discovered in pam-u2f which could allow a local attacker to bypass PIN entry. Versions less than 1.1.1 are affected.
b822ab1fb862c7ae71bd1170a063818eb2b4229a42de540cf20332ae8ba1d2e6
Gentoo Linux Security Advisory 202208-6 - Multiple vulnerabilities have been discovered in lxml, the worst of which could result in denial of service. Versions less than 4.9.1 are affected.
6d9496250c6b1be096da8fdfc2ddf483123bdd7eda3323ea9efa66b39b901e0a
Gentoo Linux Security Advisory 202208-12 - Multiple vulnerabilities have been discovered in mdbtools. Versions less than 0.9.3 are affected.
e08a3105438b7ee38c717a5f7298359df5f8a1293413dcdafdd36e5d46cf6a45
Gentoo Linux Security Advisory 202208-14 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 91.12.0 are affected.
f184d188e33d6d6de8f9f81306f8ff465c4a27f70f5f59cd68ea9a662b3e9fbb
Gentoo Linux Security Advisory 202208-10 - Multiple vulnerabilities have been found in Spice Server, the worst of which may result in the remote execution of arbitrary code. Versions less than 0.15.0 are affected.
8fe4c7d61314a86aefd52fe0d33ab444d5c54474fddc49b1423bcd52ebb852ad
Gentoo Linux Security Advisory 202208-7 - A buffer overread in LibRaw might allow an attacker to cause denial of service. Versions less than 0.20.2 are affected.
9414a94e678145470481e7cc868d7e162d239d1b42e3791f8cf15db44e64c3b2
Gentoo Linux Security Advisory 202208-8 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. Versions less than 91.12.0:esr are affected.
fc4c6986e8aede7a5e8bb420e78fe9cd1f9dfa569ec3d07e1e623b50bbd053b8
Gentoo Linux Security Advisory 202208-13 - A vulnerability in libass could result in denial of service. Versions less than 0.15.1 are affected.
1388af97b30cdbb2b63a31b0850f5ea0e3695f0a9efdf5d86a0736c6e799ea54
Gentoo Linux Security Advisory 202208-9 - Multiple vulnerabilities have been discovered in HashiCorp Consul, the worst of which could result in denial of service. Versions less than 1.9.17 are affected.
bd7d7988fa234190975e9fd8fcaaf69efde7aa9b404976582474894dfe9fee0e
Red Hat Security Advisory 2022-5997-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. The ceph-ansible package provides Ansible playbooks for installing, maintaining, and upgrading Red Hat Ceph Storage. Perf Tools is a collection of performance analysis tools, including a high-performance multi-threaded malloc() implementation that works particularly well with threads and STL, a thread-friendly heap-checker, a heap profiler, and a cpu-profiler.
c49df8477f0fd11893bf5b70ef0b2fe8b05249efa55854768c41ecb341eb3571