This archive contains all of the 173 exploits added to Packet Storm in May, 2023.
3f39d22e54526c7d409e403a1a6382ca215777d5cae90bbe636eca920ce8f752Ubuntu Security Notice 6134-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
f29d43641cf6602854ca5f12c8ec924f3cc0c924589ae311e0273f588159f703Ubuntu Security Notice 6133-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information.
8dbd60b85d91d8541dce5a452bbd26cd2c78f4622dc2154acc6b4aac98331f41Ubuntu Security Notice 6130-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
eb8fea09209e1b2a9abd8095f300d58cce398ab3b53779fad1bc9628adcea281Ubuntu Security Notice 6132-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
3a2b50e313c2b4827e0511e7d699e0f91e738af1c052d4ce14e197ce64a96362Ubuntu Security Notice 6131-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
dc564d8e0327ead2dc5b56ea1fdacab2e8e966c41d956a83876c3ad9c642ef13Ubuntu Security Notice 6129-1 - It was discovered that Avahi incorrectly handled certain DBus messages. A local attacker could possibly use this issue to cause Avahi to crash, resulting in a denial of service.
f65369fa40ed2e7b77a7fc379d24f62c423708f82d427ec75676f1d90369baf7Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
e2a5cdf7a3ce61d88cc9b378dd84618e9618ea6645c6863b04d35ed89762182cTotal CMS version 1.7.4 suffers from a remote shell upload vulnerability.
311a9fa22f204b4564b82c2a94c4476851b555dc106ca4601cf30653dcdf3e5aKesionCMS ASP version 9.5 suffers from an add administrator vulnerability.
8f7da64c05cea45e214c0b133100220a4e4204662264b751cdf75e0cfc9d4cf3Ubuntu Security Notice 6128-2 - USN-6128-1 fixed a vulnerability in CUPS. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that CUPS incorrectly handled logging. A remote attacker could use this issue to cause CUPS to crash, resulting in a denial of service, or possibly execute arbitrary code.
fceb8af9b14db12b79923f7e06c1daf58e6a5764133e7f09083a028c0f8d9b1eInlislite version 3.1 appears to leave default credentials installed after installation.
b9a6310f5485e8143c98e287ccc11ae6c0522999d2a43b0f2c5124b69bb29bedBiig Order version 2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
135c4823d5cfa6367b9062549ef2f52f49f5c9ff501993937fb584f0c14f9fd6
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed