Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.
227edf0e1e6b54dc9893cfd1ecd8621291cc85d1d06808874394aad555f8a8a4A command injection vulnerability exists in multiple GL.iNet network products, allowing an attacker to inject and execute arbitrary shell commands via JSON parameters at the gl_system_log and gl_crash_log interface in the logread module. This Metasploit exploit requires post-authentication using the Admin-Token cookie/sessionID (SID), typically stolen by the attacker. However, by chaining this exploit with vulnerability CVE-2023-50919, one can bypass the Nginx authentication through a Lua string pattern matching and SQL injection vulnerability. The Admin-Token cookie/SID can be retrieved without knowing a valid username and password. Many products are vulnerable.
b2bca998991626f23b36c98d002d2080249ea5f70d1ddbf836bc60a85c0470dfThis Metasploit exploit module uses saltstack salt to deploy a payload and run it on all targets which have been selected (default all). Currently only works against nix targets.
089952eb6cbf532bc25c3176998f1732aa55627e24f74d1317773bc48528a206Gentoo Linux Security Advisory 202401-29 - A vulnerability has been discovered in sudo which can lead to execution manipulation through rowhammer-style memory manipulation. Versions less than 1.9.15_p2 are affected.
c143e72940de2f1c32f8d40256913db81b8bf24204c3b33d0e07ab146d0af245Gentoo Linux Security Advisory 202401-28 - Multiple vulnerabilities have been discovered in GOCR, the worst of which could lead to arbitrary code execution. Versions below or equal to 0.52-r1 are affected.
6fc7dddef1557df666bc93f37aa520ad50514ef1ce878fb8642ee85c979fe0edDebian Linux Security Advisory 5604-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in side channel attacks, leaking sensitive data to log files, denial of service or bypass of sandbox restrictions.
25108b8a08605a9bce524bb051d237998769db2d9c500fc6fcae6a5d10cb1173Ubuntu Security Notice 6596-1 - It was discovered that Apache::Session::LDAP incorrectly handled invalid X.509 certificates. If a user or an automated system were tricked into opening a specially crafted invalid X.509 certificate, a remote attacker could possibly use this issue to perform spoofing and obtain sensitive information.
648f53945f35e3b5a8f8450fb3c2d2f3f18eee03cb15064323f9661e13fbc080Red Hat Security Advisory 2024-0381-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.
efdbfa0ef3d75feae3bac1603132f7ffa28bd7da0f04de8568a24ec4c563b305Red Hat Security Advisory 2024-0378-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include out of bounds write and use-after-free vulnerabilities.
05369fc29d2e250d5abc52bc4a100600fa926587abbf4341a7afc37973bdc699Red Hat Security Advisory 2024-0376-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.
99df553bf670245ea57409bb670a32b2a4b4ac9da7932278aecb483005a1f1cdRed Hat Security Advisory 2024-0374-03 - An update for python-pip is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a traversal vulnerability.
aca7268546fe5f209e0fa0512ae242587576a7d22a54acf950b7abcdf24acef6Red Hat Security Advisory 2024-0371-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 7.
bcff02c4ab2cee65f1d0c78f46d013a7803b2ab50b3df645a9521c51a6c36292Red Hat Security Advisory 2024-0347-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 7.
caac303ef44faa91543aae28d16b4fcc89acdd1d124c830f7a7491d5dec8e02bRed Hat Security Advisory 2024-0346-03 - An update for kernel is now available for Red Hat Enterprise Linux 7.
83f80ef6f2ed477c1ec131a801e8f01c6bd6e072945fc43503e009b6f0aea9eaRed Hat Security Advisory 2024-0345-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 7.
577f221d2e76f426fe238a8135c7fae4c7d1338480e41329e362e8922a5d1576Red Hat Security Advisory 2024-0343-03 - An update for LibRaw is now available for Red Hat Enterprise Linux 7. Issues addressed include a buffer overflow vulnerability.
075d7069c79ec7e12b87469938c378682c5007a7c2ff8646d54827ddac707a4aRed Hat Security Advisory 2024-0340-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Issues addressed include a use-after-free vulnerability.
dab68529b81279c9fc67dc5aa812d200f1c9f79fc5cab36fd927305135b37f1fRed Hat Security Advisory 2024-0337-03 - Updated images are now available for Red Hat Advanced Cluster Security 4.2.4. The updated images includes security fixes.
19db80999a77e4ecb8dde82547a8badfdbf0c2a5a8ecd5b431a7cd5d48b66672Red Hat Security Advisory 2024-0293-03 - Red Hat OpenShift Container Platform release 4.14.10 is now available with updates to packages and images that fix several bugs and add enhancements.
b9617c742c1952bb71f5efa61a3ecba1f86618087a9fd9f38b7a9b98f45a79f9Red Hat Security Advisory 2024-0292-03 - Red Hat build of MicroShift release 4.14.10 is now available with updates to packages and images that fix several bugs.
fe3f9cc6b23f67d337419f1bd8e7c5a5e680199779cf1aea42105d23bb5f5172Red Hat Security Advisory 2024-0290-03 - Red Hat OpenShift Container Platform release 4.14.10 is now available with updates to packages and images that fix several bugs and add enhancements.
e51d95e8f7abd8b3cad2fb79d59dd19b709f17a3b1cdd651c8441d81900c5b7bRed Hat Security Advisory 2024-0288-03 - Red Hat OpenShift Container Platform release 4.13.30 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.
bce672f8eac787c14f0dca12101a53da182c172b3ee819dcabd2169baf60d4b6Debian Linux Security Advisory 5603-1 - Several vulnerabilities were discovered in the Xorg X server, which may result in privilege escalation if the X server is running privileged or denial of service.
65170e720390016746938ce39410c03723012788646a60ef3f1d3cd9788338a3Gentoo Linux Security Advisory 202401-27 - Multiple vulnerabilities have been discovered in Ruby, the worst of which could lead to execution of arbitrary code. Multiple versions are affected.
94bd32b96511589b4ae3eae1e1b96022fbaeeb99eb332b00a775c863282498baEmployee Management System version 1.0 suffers from a remote SQL injection vulnerability.
2cdd7465daf80c1c6af2cb65f841da2c989782f7f35a4a454a78069803f07728
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed