This archive contains all of the 116 exploits added to Packet Storm in August, 2021.
1854109f17e8bc271ea7f561e45923488b7238dbbb19a6b8fc0b4d532e611ce2Ubuntu Security Notice 5060-2 - USN-5060-1 fixed a vulnerability in NTFS-3G. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that NTFS-3G incorrectly handled certain image file. An attacker could possibly use this issue to execute arbitrary code.
4457527b23f96c206b3df1b061d456a6dcdcdb750fc2d5bdda7051d1a082da07Linux kernels from 5.7-rc1 prior to 5.13-rc4, 5.12.4, 5.11.21, and 5.10.37 are vulnerable to a bug in the eBPF verifier's verification of ALU32 operations in the scalar32_min_max_and function when performing AND operations, whereby under certain conditions the bounds of a 32 bit register would not be properly updated. This can be abused by attackers to conduct an out of bounds read and write in the Linux kernel and therefore achieve arbitrary code execution as the root user. The target system must be compiled with eBPF support and not have kernel.unprivileged_bpf_disabled set, which prevents unprivileged users from loading eBPF programs into the kernel. Note that if kernel.unprivileged_bpf_disabled is enabled this module can still be utilized to bypass protections such as SELinux, however the user must already be logged as a privileged user such as root.
72309dfd15f65e29e815be3b1add6fc3b2c2baad6cb3b01ac2bbfff15a8b2c9dMany Moxa devices suffer from command injection, cross site scripting, and outdated software vulnerabilities.
91e5218cfa2c2452c1da0918b3b85328aad5bcf76352c949affc7a9a10a95a39Confluence Server version 7.12.4 unauthenticated OGNL injection remote code execution exploit.
edfa2004247afa5b006485a948fb93b61c91fbe8e09997fd1180dcd5758b7ddcRed Hat Security Advisory 2021-3399-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds write and use-after-free vulnerabilities.
4494ee8b7be74847e36f59f258843bd1c2d73737a8e168d20950d6eff4f12b59OpenEMR version 6.0.0 suffers from an insecure direct object reference vulnerability.
7d6123e4f92dbeac0fc04f7f189c4e37165184bded23fe55900d9c1c2944b65aTraffic Offense Management System version 1.0 remote code execution exploit that leverages a remote SQL vulnerability.
6f3c9fc3eb0973a596147f098d1a202dea7c9b21d5ccde275be721a687271c18WordPress GetPaid payments plugin version 2.4.6 suffers from an html injection vulnerability.
debcc7e3479505a6e52f1155295df62498881cef2051bbd1fd39f6f65d790501Ubuntu Security Notice 5060-1 - It was discovered that NTFS-3G incorrectly handled certain image file. An attacker could possibly use this issue to execute arbitrary code.
c8aa2727bc592dba695ebc4a4e5b279258f44c498b212a898d9e6296b3de91d7Whitepaper called HiveNightmare AKA SeriousSAM. It details an overview of CVE-2021-36934 and provides exploitation details.
6b2f808ea234ce7630f8d7f1e9174e0e3c62ad056188b18315bbf76d42c8c731COVID-19 Contact Tracing System web app with QR Code Scanning version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
65bfd748e4acc27cb5df73d53350628dfaef17ece6a6fe72d8b2737edaee7016Red Hat Security Advisory 2021-3248-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.9.
78848ced1877739b50d4a82c228c9f22039c3bd17b557625fd4b145386c74fa0Telegram Desktop version 2.9.2 suffers from a denial of service vulnerability.
2986312bfedab59f0891103887db0410ab39cf2e37bc59ec21e7f0e79a90ea98
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed