what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 32 RSS Feed

Files Date: 2023-07-26

Debian Security Advisory 5459-1
Posted Jul 26, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5459-1 - Tavis Ormandy discovered that under specific microarchitectural circumstances, a vector register in "Zen 2" CPUs may not be written to 0 correctly. This flaw allows an attacker to leak register contents across concurrent processes, hyper threads and virtualized guests.

tags | advisory
systems | linux, debian
advisories | CVE-2023-20593
SHA-256 | 468061b2cb0d06b75c3b3fffb7e543f14109afe8666089072a76301ce3ff5d0b
Red Hat Security Advisory 2023-4283-01
Posted Jul 26, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4283-01 - OpenStack Networking is a virtual network service for OpenStack. Just as OpenStack Compute provides an API to dynamically request and configure virtual servers, OpenStack Networking provides an API to dynamically request and configure virtual networks. These networks connect 'interfaces' from other OpenStack services. The OpenStack Networking API supports extensions to provide advanced network capabilities.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-3637
SHA-256 | b2a71e5b6eed1c0ef3917b658f0a1f1f403712ed3a5ddbc813a21480e9a3c3fc
Red Hat Security Advisory 2023-4282-01
Posted Jul 26, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4282-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-24329
SHA-256 | cec0eaed40c25240f6fb49c9ac7ef7aca66c59347914db30f27969164bb7fa58
RoomCast TA-2400 Cleartext Private Key / Improper Access Control
Posted Jul 26, 2023
Authored by Calvin Star, Austin Henderson, jTagLabs

The RoomCast TA-2400, versions 1.0-3.1+, has multiple critical security vulnerabilities, including clear-text storage of sensitive information within executables, improper access control, improper privilege management, and the use of hard-coded passwords. Uniting these vulnerabilities paves the way for a complete compromise of the device and, in turn, exposes clients to direct threats from those exploiting the compromised unit.

tags | exploit, vulnerability
advisories | CVE-2023-33742, CVE-2023-33743, CVE-2023-33744, CVE-2023-33745
SHA-256 | 591f5f7541f146f4f1ddc9d5f29ce8ed51770335548e9e37e8c055dd3b040e3c
Ubuntu Security Notice USN-6250-1
Posted Jul 26, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6250-1 - Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-2640, CVE-2023-3090, CVE-2023-31248, CVE-2023-32629, CVE-2023-3269, CVE-2023-3389, CVE-2023-3390, CVE-2023-35001
SHA-256 | a3c2bee7fb44adf555ec4f0c4513eec063216c00e3541ec88c1729871be7fb50
Red Hat Security Advisory 2023-4276-01
Posted Jul 26, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4276-01 - An update is now available for Red Hat DevWorkspace Operator. Red Hat Product Security has rated this update as having a security impact of Moderate.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-24736, CVE-2023-1667, CVE-2023-2283, CVE-2023-26604, CVE-2023-3089
SHA-256 | 38648fc5bcd6a58af8ec4f25cec2f7d5eab5d991e5752ce15385166aff31dec4
VMWare Aria Operations For Networks Remote Command Execution
Posted Jul 26, 2023
Authored by h00die, Sina Kheirkhah | Site metasploit.com

VMWare Aria Operations for Networks (vRealize Network Insight) is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the root user. The RPC interface is protected by a reverse proxy which can be bypassed. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. A malicious actor can get remote code execution in the context of root on the appliance. VMWare 6.x version are vulnerable. This Metasploit module exploits the vulnerability to upload and execute payloads gaining root privileges. Successfully tested against version 6.8.0.

tags | exploit, remote, arbitrary, root, code execution
advisories | CVE-2023-20887
SHA-256 | 9a55a0c02bec8e756eeac40f3ab58ccc0499c9bbbde741db5c148ebfa61b29ee
Debian Security Advisory 5458-1
Posted Jul 26, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5458-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions, information disclosure, reduced cryptographic strength of the AES implementation, directory traversal or denial of service.

tags | advisory, java, denial of service, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22044, CVE-2023-22045, CVE-2023-22049
SHA-256 | 56826eebf6a5edd1903ff8a78cf717b85576a27002c8d40f49867c4087279cf9
Apple Security Advisory 2023-07-24-8
Posted Jul 26, 2023
Authored by Apple | Site apple.com

Apple Security Advisory 2023-07-24-8 - watchOS 9.6 addresses bypass, code execution, and use-after-free vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple
advisories | CVE-2023-32381, CVE-2023-32416, CVE-2023-32433, CVE-2023-32441, CVE-2023-32734, CVE-2023-35993, CVE-2023-37450, CVE-2023-38133, CVE-2023-38136, CVE-2023-38565, CVE-2023-38572, CVE-2023-38580, CVE-2023-38593, CVE-2023-38594
SHA-256 | 03d0aae896b234bedefafcc6cdf2d4b950fad52f9d153fb12c3ce0ca2f618bd5
Ubuntu Security Notice USN-6249-1
Posted Jul 26, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6249-1 - Ruihan Li discovered that the memory management subsystem in the Linux kernel contained a race condition when accessing VMAs in certain conditions, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service or execute arbitrary code. Querijn Voet discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-3269, CVE-2023-3389
SHA-256 | fa00f685b65a90c9484ef2ebfc948200123e1ec2275cb03b1d48584874eb8d27
Kernel Live Patch Security Notice LSN-0096-1
Posted Jul 26, 2023
Authored by Benjamin M. Romer

It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform data buffer size validation in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly expose sensitive information. Reima Ishii discovered that the nested KVM implementation for Intel x86 processors in the Linux kernel did not properly validate control registers in certain situations. An attacker in a guest VM could use this to cause a denial of service (guest crash). Various other issues were also addressed.

tags | advisory, denial of service, x86, kernel
systems | linux
advisories | CVE-2023-1380, CVE-2023-30456, CVE-2023-31248, CVE-2023-31436, CVE-2023-35001
SHA-256 | f71c9e71db4bb6c2c048a5f92cbb08cec9d660d843f677df4000f97384e9be37
ETSI WEBstore 2023 Cross Site Scripting
Posted Jul 26, 2023
Authored by Vulnerability Laboratory, Lars Guenther | Site vulnerability-lab.com

ETSI WEBstore 2023 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | e7ad6b342fcf8f62482b6ecf480f23e449749c10257130b5a70a0d0805a2f43d
Ubuntu Security Notice USN-6245-1
Posted Jul 26, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6245-1 - Adam Bell discovered that Trove incorrectly handled arguments to the backup command. A remote attacker could possibly use this issue to execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
SHA-256 | 5ba9355ecb39fd072d6192044c3a9835853627dbb1396c506946df2bebfc54cc
Apple Security Advisory 2023-07-24-7
Posted Jul 26, 2023
Authored by Apple | Site apple.com

Apple Security Advisory 2023-07-24-7 - tvOS 16.6 addresses bypass, code execution, and use-after-free vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple
advisories | CVE-2023-32381, CVE-2023-32433, CVE-2023-32441, CVE-2023-32734, CVE-2023-35993, CVE-2023-37450, CVE-2023-38133, CVE-2023-38572, CVE-2023-38594, CVE-2023-38595, CVE-2023-38600, CVE-2023-38606, CVE-2023-38611
SHA-256 | d29c659b0a0ca1c8d52c08bd15c84087590dc344b780dd274ca0bfea5c832f9f
Ubuntu Security Notice USN-6248-1
Posted Jul 26, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6248-1 - It was discovered that the network queuing discipline implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service. It was discovered that a race condition existed in Adreno GPU DRM driver in the Linux kernel, leading to a double-free vulnerability. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2022-47929, CVE-2023-21106, CVE-2023-2640, CVE-2023-31248, CVE-2023-32629, CVE-2023-3389, CVE-2023-35001
SHA-256 | b8f3da6963dc1b1e3cc8907b151d7eea0916cee6b2d4a566e0162f800b0fab21
Apple Security Advisory 2023-07-24-6
Posted Jul 26, 2023
Authored by Apple | Site apple.com

Apple Security Advisory 2023-07-24-6 - macOS Big Sur 11.7.9 addresses code execution, out of bounds read, and use-after-free vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple
advisories | CVE-2023-28319, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322, CVE-2023-2953, CVE-2023-32381, CVE-2023-32418, CVE-2023-32433, CVE-2023-32441, CVE-2023-32443, CVE-2023-35983, CVE-2023-35993, CVE-2023-36854, CVE-2023-38259
SHA-256 | ee0e370612feffcdd195d2217699ccfdfa302e2ed0cf29ec464c6c6c2bde8f81
Ubuntu Security Notice USN-5807-3
Posted Jul 26, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5807-3 - USN-5807-1 fixed a vulnerability in libXpm. This update provides the corresponding update for Ubuntu 14.04 ESM. Marco Ivaldi discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2022-46285
SHA-256 | 1d7cd9e80fc6254c983be3fed20f539e1edb09fda01cd905ea28e645ab590a35
Ubuntu Security Notice USN-6247-1
Posted Jul 26, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6247-1 - David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering. It was discovered that the IDT 77252 ATM PCI device driver in the Linux kernel did not properly remove any pending timers during device exit, resulting in a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service or execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2022-2663, CVE-2022-3635, CVE-2022-47929, CVE-2023-2860, CVE-2023-31248, CVE-2023-35001
SHA-256 | 61a789330b36bb59452695c01cc71820e77a036e8d7f9331f88a8e22ffbd82e6
Apple Security Advisory 2023-07-24-5
Posted Jul 26, 2023
Authored by Apple | Site apple.com

Apple Security Advisory 2023-07-24-5 - macOS Monterey 12.6.8 addresses code execution, out of bounds read, and use-after-free vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple
advisories | CVE-2023-28319, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322, CVE-2023-2953, CVE-2023-32381, CVE-2023-32416, CVE-2023-32418, CVE-2023-32433, CVE-2023-32441, CVE-2023-32442, CVE-2023-32443, CVE-2023-35983, CVE-2023-35993
SHA-256 | 8f28ed064f450316ecc855c2c8e034834dfbba8071bddb178c5eb88e95963236
Journal Management Software 1.2.4 SQL Injection
Posted Jul 26, 2023
Authored by indoushka

Journal Management Software version 1.2.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 8883a5e06c6009c8edda3ade1d57d027563e7dc28bcd313531103de5840639e2
Ubuntu Security Notice USN-6244-1
Posted Jul 26, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6244-1 - Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2023-20593
SHA-256 | 2ab65abd4d06d0e7df4e94c6500344bf85853a495babcddcce55dffcda3a3469
Joomla VirtueMart 2.6.12.2 SQL Injection
Posted Jul 26, 2023
Authored by indoushka

Joomla VirtueMart component version 2.6.12.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 39866f41e162d1c3e4864764312ed024c4ca1a92db8ca6e8789625e26ac247ff
Ubuntu Security Notice USN-6129-2
Posted Jul 26, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6129-2 - USN-6129-1 fixed a vulnerability in Avahi. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Avahi incorrectly handled certain DBus messages. A local attacker could possibly use this issue to cause Avahi to crash, resulting in a denial of service.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2023-1981
SHA-256 | f0489fcfdb023c7fa35d0ea265e60a14b4b4693cd971da74545ee7c7bd1932aa
Ubuntu Security Notice USN-6246-1
Posted Jul 26, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6246-1 - It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Mingi Cho discovered that the netfilter subsystem in the Linux kernel did not properly validate the status of a nft chain while performing a lookup by id, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2023-3090, CVE-2023-31248, CVE-2023-3389, CVE-2023-3390, CVE-2023-3439, CVE-2023-35001
SHA-256 | 7f9ddb30c299540f775c7e9d346e63ed48d654b7514ccd96b18201204baecce7
Apple Security Advisory 2023-07-24-4
Posted Jul 26, 2023
Authored by Apple | Site apple.com

Apple Security Advisory 2023-07-24-4 - macOS Ventura 13.5 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple
advisories | CVE-2023-28319, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322, CVE-2023-2953, CVE-2023-32364, CVE-2023-32381, CVE-2023-32416, CVE-2023-32418, CVE-2023-32429, CVE-2023-32433, CVE-2023-32441, CVE-2023-32442, CVE-2023-32443
SHA-256 | c637626493b675cefdcd4fdba35ad174a41ee73e582783331eefed49239a1e71
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close