what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 26 RSS Feed

Files Date: 2022-09-09

Ubuntu Security Notice USN-5605-1
Posted Sep 9, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5605-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-33061, CVE-2021-33656
SHA-256 | 90229ee7d360ca1032c3774eb7541dd265334f14d1b68b0af1fdde07e84033cb
Sagemath 9.0 Overflow / Denial Of Service
Posted Sep 9, 2022
Authored by Georgi Guninski

Sagemath version 9.0 suffers from overflow and denial of service vulnerabilities.

tags | exploit, denial of service, overflow, vulnerability
SHA-256 | cd33738d86983c0d334c06354102833ee1f1e36d4ad569b092958d9f143920da
Red Hat Security Advisory 2022-6407-01
Posted Sep 9, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6407-01 - A minor version update is now available for Red Hat Camel K that includes CVE fixes in the base images, which are documented in the Release Notes document linked in the References section. Issues addressed include denial of service, information leakage, integer overflow, and resource exhaustion vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2020-27223, CVE-2020-36518, CVE-2020-9492, CVE-2021-20289, CVE-2021-22132, CVE-2021-22137, CVE-2021-2471, CVE-2021-28163, CVE-2021-28164, CVE-2021-28165, CVE-2021-3520, CVE-2021-3629, CVE-2021-37714, CVE-2021-38153
SHA-256 | cc86bb2ed063a9b8609ef6960b486d0a7bff3be7ef9e7f5716ccc3523480f3ed
.NET XML Signature Verification External Entity Injection
Posted Sep 9, 2022
Authored by Google Security Research, Felix Wilhelm

XML signature verification in .NET 6 as implemented in System.Security.Cryptography.Xml.SignedXml is vulnerable to external entity injection attacks.

tags | exploit
advisories | CVE-2022-34716
SHA-256 | fb9e0a77092860baf50e4dd27de48b363926968c3606d0db1631fac8f83f0ff4
Windows Credential Guard TGT Renewal Information Disclosure
Posted Sep 9, 2022
Authored by James Forshaw, Google Security Research

On Windows, the Kerberos ticket renewal process can be used with CG to get an unencrypted TGT session key for a currently authenticated user leading to information disclosure.

tags | exploit, info disclosure
systems | windows
advisories | CVE-2022-35822
SHA-256 | 1f9bd51e7f807ea1be820b38b4053f9b704e41211fd5779bce57f43bf497716a
Ubuntu Security Notice USN-5604-1
Posted Sep 9, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5604-1 - It was discovered that LibTIFF incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. It was discovered that LibTIFF incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-2867, CVE-2022-2868
SHA-256 | 985101ae6c88f4e12ea624e503543f0ddecca97062b1bda50ff4700636ff6271
Windows Credential Guard Non-Constant Time Comparison Information Disclosure
Posted Sep 9, 2022
Authored by James Forshaw, Google Security Research

On Windows, the handling of cryptographic data comparison in the CG secure process does not use constant time algorithms resulting in information disclosure.

tags | advisory, info disclosure
systems | windows
advisories | CVE-2022-34704
SHA-256 | 1eae27125e32160c8f3573cd0f12536dc12d59971e45282431a815f2a69f4009
InTouch Access Anywhere Secure Gateway 2020 R2 Path Traversal
Posted Sep 9, 2022
Authored by Jens Regel | Site crisec.de

InTouch Access Anywhere Secure Gateway versions 2020 R2 and below suffer from a path traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2022-23854
SHA-256 | c9873dff912c339fc99f6c1c0d26c32ecee59d977893de8864d051af5bba5038
Red Hat Security Advisory 2022-6263-01
Posted Sep 9, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6263-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.61. Issues addressed include denial of service and out of bounds read vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-38561, CVE-2022-1353, CVE-2022-21540, CVE-2022-21541, CVE-2022-2526, CVE-2022-29154, CVE-2022-34169
SHA-256 | f81d6d7743dfee9d3117b3d90921d3f45e47a85facb6f384cd437bf521688c88
Windows Credential Guard KerbIumGetNtlmSupplementalCredential Information Disclosure
Posted Sep 9, 2022
Authored by James Forshaw, Google Security Research

On Windows, the KerbIumGetNtlmSupplementalCredential CG API does not check the encryption key type leading to information disclosure of key material.

tags | exploit, info disclosure
systems | windows
advisories | CVE-2022-34712
SHA-256 | bfc4de1d074e4d56008f260f7b9c997af5b2161990204d92efb3480c889c7baa
Windows Credential Guard KerbIumCreateApReqAuthenticator Key Information Disclosure
Posted Sep 9, 2022
Authored by James Forshaw, Google Security Research

On Windows, CG API KerbIumCreateApReqAuthenticator can be used to decrypt arbitrary encrypted Kerberos keys leading to information disclosure.

tags | exploit, arbitrary, info disclosure
systems | windows
advisories | CVE-2022-34711
SHA-256 | 795dc1d7b2670d24abb7d74a9852a53667f29e9616266571270c30ddde0cf221
Ubuntu Security Notice USN-5603-1
Posted Sep 9, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5603-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-33061, CVE-2021-33656
SHA-256 | 1d1f666adf73d2989de4744ce636092a060c9c71252883fc6fdf9fdffbedc3fd
Online Notice Board 2022 SQL Injection
Posted Sep 9, 2022
Authored by nu11secur1ty

Online Notice Board 2022 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 933c3875a54089fc520191cb1f6a96c4760027618d879e98189221f649b8cc2a
Red Hat Security Advisory 2022-6262-01
Posted Sep 9, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6262-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.6.61. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2021-39226, CVE-2022-1353, CVE-2022-21540, CVE-2022-21541, CVE-2022-2526, CVE-2022-29154, CVE-2022-30631, CVE-2022-34169
SHA-256 | 72548ddc1adb7743918cfe4de6f5c9572a4cdabfee46870057e2ef7ea8b5251e
mbDrive Lite WiFi Flash Disk 1.4.0 Cross Site Scripting
Posted Sep 9, 2022
Authored by Chokri Hammedi

mbDrive Lite WiFi Flash Disk version 1.4.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 51023eaa6d3fa8c871e79d6e732f795bbd9070c25b2bde0918b7f7b75307aee1
AirDisk 7.5.5 Cross Site Scripting
Posted Sep 9, 2022
Authored by Chokri Hammedi

AirDisk version 7.5.5 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5c2171b386d4185c2d365152bd1f99a0e03692cfe0babd1487055e726dd594e8
Windows Credential Guard Kerberos Change Password Privilege Escalation
Posted Sep 9, 2022
Authored by James Forshaw, Google Security Research

Windows Credential guard does not prevent using encrypted Kerberos keys to change a user's password leading to elevation of privilege.

tags | exploit
systems | windows
advisories | CVE-2022-35771
SHA-256 | 963aa15cc46082f2880e53f09434bff0855b293f238fa1b7b59fcc34a5c7c568
Windows Credential Guard Insufficient Checks On Kerberos Encryption Type Use
Posted Sep 9, 2022
Authored by James Forshaw, Google Security Research

Windows CG APIs, which take encrypted keys, do not limit what encryption or checksum types can be used with those keys. This can result in using weak encryption algorithms which could be abused to either generate keystreams or brute force encryption keys.

tags | exploit
systems | windows
advisories | CVE-2022-34710
SHA-256 | a89b74c0dc18c8ac3c1161dc1b3af00aa0758ae52080749f23434cc90472d8b2
Ubuntu Security Notice USN-5602-1
Posted Sep 9, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5602-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. It was discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-33061, CVE-2022-1012, CVE-2022-1729, CVE-2022-1852, CVE-2022-1943, CVE-2022-1973, CVE-2022-2503, CVE-2022-2873, CVE-2022-2959
SHA-256 | ce844e4f8d52119424aa42281985343f750bff17c8cdf3876b66566fda087ec6
@Drive 2.8 Local File Inclusion
Posted Sep 9, 2022
Authored by Chokri Hammedi

@Drive version 2.8 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 1c242342304c59d9a82db2eb45e80f971e783004a6b81e805655fb5adc09c690
Windows Credential Guard BCrypt Context Use-After-Free Privilege Escalation
Posted Sep 9, 2022
Authored by James Forshaw, Google Security Research

On Windows, the method for allocating a context when using the CG BCrypt APIs is insecure leading to use-after-free of secure memory resulting in elevation of privilege.

tags | exploit
systems | windows
advisories | CVE-2022-34705
SHA-256 | c22c4583f57e6b94c3c87d7e06f1807aec4eb6add28377b878080567d6bba7a8
Windows Credential Guard ASN1 Decoder Type Confusion Privilege Escalation
Posted Sep 9, 2022
Authored by James Forshaw, Google Security Research

On Windows, a number of Kerberos CG APIs do not verify the ASN1 PDU type when decoding and encoding Kerberos ASN1 structures leading to type confusion and elevation of privilege.

tags | exploit
systems | windows
advisories | CVE-2022-34709
SHA-256 | af00e87e42028f79ab35606912cd654841bc7965655e5d68e202a8ef913306f4
Windows Kernel Registry Hive Memory Problems
Posted Sep 9, 2022
Authored by Google Security Research, mjurczyk

The Windows kernel suffers from multiple memory problems when handling incorrectly formatted security descriptors in registry hives.

tags | exploit, kernel, registry
systems | windows
advisories | CVE-2022-35768
SHA-256 | 293c30cffcbb94043ce3d944e538e450e3725f0cfaac4a97ac6e1fd8f5cb1152
Windows Kernel Unchecked Blink Cell Index Invalid Read/Write
Posted Sep 9, 2022
Authored by Google Security Research, mjurczyk

The Windows kernel suffers from an invalid read/write condition due to an unchecked Blink cell index in the root security descriptor.

tags | exploit, kernel, root
systems | windows
advisories | CVE-2022-34708
SHA-256 | f5ef4884111855adc3fd46bc812f23d93a2b2cd3ea5d058dca7ff112e15a1d10
Windows Kernel Refcount Overflow Use-After-Free
Posted Sep 9, 2022
Authored by Google Security Research, mjurczyk

The Windows kernel suffers from a use-after-free vulnerability due to a refcount overflow in the registry hive security descriptors.

tags | exploit, overflow, kernel, registry
systems | windows
advisories | CVE-2022-34707
SHA-256 | 887d2c7083667658525f99cb11e9070e5fce0488ac2056ebd3b6c51b176ad7c3
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close