what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

Files Date: 2024-10-22

Debian Security Advisory 5795-1
Posted Oct 22, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5795-1 - Cedric Krier discovered that python-sql, a library to write SQL queries in a pythonic way, performed insufficient sanitizing which could result in SQL injection.

tags | advisory, sql injection, python
systems | linux, debian
advisories | CVE-2024-9774
SHA-256 | e6ae4b806618868271a568847282414626155e507e7451c60c2e232cc3aac875
Debian Security Advisory 5794-1
Posted Oct 22, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5794-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or information disclosure.

tags | advisory, java, denial of service, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2024-21208, CVE-2024-21210, CVE-2024-21217, CVE-2024-21235
SHA-256 | d38e317023dbf069ec3844471d1111a0cc4ddfa3e3de5ea812dcba5c6ee80347
ABB Cylon Aspect 3.08.01 persistenceManagerAjax.php Command Injection
Posted Oct 22, 2024
Authored by LiquidWorm | Site zeroscience.mk

ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the directory HTTP POST parameter called by the persistenceManagerAjax.php script.

tags | exploit, web, arbitrary, shell, php
SHA-256 | 94b9c452c40fa97359bd14766458b08e7dbabab381af5bfc9f983be77b4e1601
DTLS ClientHello Race Conditions In WebRTC Implementations
Posted Oct 22, 2024
Authored by Sandro Gauci, Alfred Farrugia | Site enablesecurity.com

This white paper, titled "DTLS 'ClientHello' Race Conditions in WebRTC Implementations," details a security vulnerability affecting multiple WebRTC implementations. The research uncovers a security flaw where certain implementations fail to properly verify the origin of DTLS "ClientHello" messages in WebRTC sessions, potentially leading to denial of service attacks. The paper includes methodology, affected systems, and recommendations for mitigation.

tags | paper, denial of service
SHA-256 | eb9b90060957ab9a31665bc8c84c603533eeccd79e0c24bfa578d26e43901509
Ubuntu Security Notice USN-7080-1
Posted Oct 22, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7080-1 - Toshifumi Sakaguchi discovered that Unbound incorrectly handled name compression for large RRsets, which could lead to excessive CPU usage. An attacker could potentially use this issue to cause a denial of service by sending specially crafted DNS responses.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2024-8508
SHA-256 | cc7105052cdc61cec40803353bdf5bd7234e9e5535f0ccbd99d8e011b2a6ec92
Ubuntu Security Notice USN-7078-1
Posted Oct 22, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7078-1 - Atte Kettunen discovered that Firefox did not properly validate before inserting ranges into the selection node cache. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2024-9936
SHA-256 | 1384fe43e656351dfff115b8a598ae38edc6fd1b15fa5bd10c4ef73f06367497
Ubuntu Security Notice USN-7072-2
Posted Oct 22, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7072-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2024-27397
SHA-256 | 08de50fda1a204987e7b236b4d60489118dfcdd288c610737173e129183556ed
Ubuntu Security Notice USN-7062-2
Posted Oct 22, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7062-2 - USN-7062-1 fixed vulnerabilities in libgsf. This update provides the corresponding updates for Ubuntu 24.10. It was discovered that libgsf incorrectly handled certain Compound Document Binary files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could possibly use this issue to execute arbitrary code.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2024-36474
SHA-256 | 7416855bcecac5b5624e8e37e7f8de249410a20a22cc5adf52eff7f97219bf3d
Linux Dangling PFN Mapping / Use-After-Free
Posted Oct 22, 2024
Authored by Jann Horn, Google Security Research, Seth Jenkins

An error path in usbdev_mmap() (where remap_pfn_range() fails midway through) frees pages before the PFN mapping pointing to those pages is cleaned up, making physical page use-after-free possible. Some other drivers look like they might have similar issues.

tags | exploit
advisories | CVE-2024-47674
SHA-256 | 9954c73a5d4b25cfd2ae71c579096d9048f40475e6683e174f991dae3312c11d
Ubuntu Security Notice USN-7042-3
Posted Oct 22, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7042-3 - USN-7042-2 released an improved fix for cups-browsed. This update provides the corresponding update for Ubuntu 24.10. Simone Margaritelli discovered that cups-browsed could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute arbitrary code when a printer is used. This update disables support for the legacy CUPS printer discovery protocol.

tags | advisory, remote, arbitrary, local, protocol
systems | linux, ubuntu
advisories | CVE-2024-47176
SHA-256 | bcfb45a99344cfbb1e508b8fa8b50297a7f22efed18b112b2d79da6dc19b12cd
Red Hat Security Advisory 2024-8014-03
Posted Oct 22, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-8014-03 - Network Observability 1.7 for Red Hat OpenShift. Issues addressed include code execution, cross site scripting, and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2024-34155
SHA-256 | 98af9b707c7bf6fe22d29e7c3bc78754e1ace6f0ff84bac13f16b35686a6520f
Red Hat Security Advisory 2024-7759-03
Posted Oct 22, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-7759-03 - Multicluster Engine for Kubernetes 2.6.3 General Availability release images and updated container images.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-42459
SHA-256 | d8426d1b795c5cfa9bf5293a7a777d093c7f3cdb96227e95ffb02e0884662239
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close