This archive contains all of the 522 exploits added to Packet Storm in September, 2024. Please note the increase in size for this month is due to a massive backlog of older exploits being added to the archive and is not representative of an uptick in new issues being discovered.
8e55d45d17c797a008c2549c382151243f42b03a5be9b34ae0965c6b1d014788The Nitro PDF Pro application uses a .msi installer file (embedded into an executable .exe installer file) for installation. The MSI installer uses custom actions in repair mode in an unsafe way. Attackers with low-privileged system access to a Windows system where Nitro PDF Pro is installed, can exploit the cached MSI installer's custom actions to effectively escalate privileges and get a command prompt running in context of NT AUTHORITY\SYSTEM. Versions prior to 14.26.1.0 and 13.70.8.82 and affected.
a84e46e6f47edcfa84a24b20d405dc9009aef6635aeed2d4103f5c1e3b453e54An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective.
2328f6faa4b6ae3ca330a27bb8694e1604bd747c455740abb7e147c4bd02a379Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.
77cfde0e3fe797209e92e741f526d6000c97302a686dd0b4cfa3801b2df4b199Ubuntu Security Notice 7048-1 - Suyue Guo discovered that Vim incorrectly handled memory when flushing the typeahead buffer, leading to heap-buffer-overflow. An attacker could possibly use this issue to cause a denial of service.
bcaa966b946ebbac60b29bd722b6caa356f8d815ffea551ffb97ecb1e1d02926Ubuntu Security Notice 7015-3 - USN-7015-1 fixed several vulnerabilities in Python. This update provides the corresponding updates for CVE-2023-27043 for python2.7 in Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS, and for python3.5 in Ubuntu 16.04 LTS. It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python email module incorrectly quoted newlines for email headers. A remote attacker could possibly use this issue to perform header injection. It was discovered that the Python http.cookies module incorrectly handled parsing cookies that contained backslashes for quoted characters. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python zipfile module incorrectly handled certain malformed zip files. A remote attacker could possibly use this issue to cause Python to stop responding, resulting in a denial of service.
0390e83a0739fcfacc6a5629ced929a50e15b96cabb5e32ff94afb187b1335a3Ubuntu Security Notice 7046-1 - It was discovered that Flatpak incorrectly handled certain persisted directories. An attacker could possibly use this issue to read and write files in locations it would not normally have access to. A patch was also needed to Bubblewrap in order to avoid race conditions caused by this fix.
01a084264fd2fb9f4288cdb3292854813991efd6cef3d7e5731bff2eba86f5b4Red Hat Security Advisory 2024-7443-03 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes. The updated image includes security and bug fixes.
229619073f9f2227cd9d36135978e6288b6ae8cbdb1db4d4e61f022d65a7de87Red Hat Security Advisory 2024-7442-03 - A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Issues addressed include an information leakage vulnerability.
3e77eb8b2d7adbdc24265a7bbc600b297889816e9eb58afdcf8d687194ce6c09Red Hat Security Advisory 2024-7441-03 - A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include an information leakage vulnerability.
921c1bfe0e56ac72439bbc0517cbf7d6a3bef2b07d23105007abd4fa6b151f8fRed Hat Security Advisory 2024-7436-03 - The components for Red Hat OpenShift for Windows Containers 10.17.0 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.
f9f6a21021825712bf4746f21d3128dde3ff2cc370b717d9e3f6b54dc5961898Red Hat Security Advisory 2024-7434-03 - An update for 389-ds-base is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.
d6f0ea6c6a6c62c2b517fe837aa9d1edd1f7722313c915cd174236efeefd31fcRed Hat Security Advisory 2024-7433-03 - An update for kpatch-patch-4_18_0-372_118_1 and kpatch-patch-4_18_0-372_91_1 is now available for Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions.
d4bc429c18e4d13241eb1fc3a122bddaca4637cd7cd3e8688dcb266530f778c0Student Study Center Management System version 1.0 suffers from an ignored default credential vulnerability.
784cc27f73e683e0fe07c9ff81d6781cff9ab45ae899bf8af79fd81378e9b889Red Hat Security Advisory 2024-7432-03 - An update for kpatch-patch-5_14_0-427_13_1 and kpatch-patch-5_14_0-427_31_1 is now available for Red Hat Enterprise Linux 9.
8782d0583a22ab537c2a2d3bf197bd0e8a68bef828af9f9550d782de0d818162Red Hat Security Advisory 2024-7431-03 - An update for kpatch-patch-5_14_0-284_52_1 and kpatch-patch-5_14_0-284_79_1 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
abdf48b33b4a020f1f1ea53a3a853502f9ffa48300274cb9515bbc02c9d194baRed Hat Security Advisory 2024-7430-03 - An update for kpatch-patch-4_18_0-477_43_1 and kpatch-patch-4_18_0-477_67_1 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
d15a70b5f018f48f50437fcc6d136c529c95f9892486f913d739309f23275ea2Red Hat Security Advisory 2024-7429-03 - An update for kpatch-patch-4_18_0-553 and kpatch-patch-4_18_0-553_16_1 is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.
1b80c7cbf41af9cbbdc77cbc854f0751e74627115c659e7ef263483c64a0857bRed Hat Security Advisory 2024-7428-03 - An update for kpatch-patch-5_14_0-70_112_1 and kpatch-patch-5_14_0-70_85_1 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
edb367b104cf59c284886fe98fcd1847ee9e2f4d4cabc6c245ae02bdd7565fccStudent Management System version 1.0 suffers from an ignored default credential vulnerability.
101a31a6e1d44b64433889c04447671ac782b12e96a0e31c2720d9240165a90aRed Hat Security Advisory 2024-7427-03 - An update for kpatch-patch-4_18_0-305_120_1 and kpatch-patch-4_18_0-305_138_1 is now available for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include code execution and use-after-free vulnerabilities.
a21567818c7ffd2e4e49f7d85f8646d428c1470888748d0bb222ca63720933a7Red Hat Security Advisory 2024-7421-03 - An update for python-gevent is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a privilege escalation vulnerability.
16de725a918adfde0dabbfb6254ab0711f3af24ffe7d5835f1b443c36ad5f838Red Hat Security Advisory 2024-7418-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.
040f3fab4e23666424c6b7aa26b2d7206fe23689ce435562baa10457c5153c36Red Hat Security Advisory 2024-7417-03 - An update for python3 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.
f33aabbc04aa3c1c91e5a613fb1255279b63b12ddc76f2a93e89d6e475ea9236Student Attendance Management System version 1.0 suffers from a PHP code injection vulnerability.
211655fa45954e4ae6f9a85ce74ab73c1e00115284ac0474fff8f8cb752a988d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed