This archive contains all of the 305 exploits added to Packet Storm in August, 2023.
318476ac1bc9bf54269b5ef720a1af663027fc51aec84f6ac50fdfaefabf181a
Tinycontrol LAN Controller version 3 suffers from an insecure access control allowing an unauthenticated attacker to change accounts passwords and bypass authentication gaining panel control access.
b73a4ce4098f2e112550c164020040cd4883a903e72ab85a3eac9af475efe958
Tinycontrol LAN Controller version 3 suffers from an issue where an unauthenticated attacker can retrieve the controller's configuration backup file and extract sensitive information that can allow him/her/them to bypass security controls and penetrate the system in its entirety.
4010a70611adf3f6b1b2deae4aa257eb13cae334608ce487ca572842a346f924
Tinycontrol LAN Controller version 3 suffers from an unauthenticated remote denial of service vulnerability. An attacker can issue direct requests to the stm.cgi page to reboot and also reset factory settings on the device.
9b6ba51344fefe8dd52543c161ab1ed42968403a056b495c0371ffad0323a48c
Debian Linux Security Advisory 5487-1 - A security issue was discovered in Chromium, which could result in the execution of arbitrary code.
eda160110884932e18fd97ab024a3c3fd6115815faf377f97fe3a003936a0318
Ubuntu Security Notice 6332-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service.
7895b909f0b7291037f3541c0436bb88a700a07bb8073b7931b1633f08940c35
VMWare Aria Operations for Networks (vRealize Network Insight) static SSH key remote code execution proof of concept exploit.
ae67475970c05c39bc93428dddf3a98ddfed987c1bd13fb23f729e242a686959
Ubuntu Security Notice 6331-1 - It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service. Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux kernel did not properly validate arguments to ioctl in some situations. A local attacker could possibly use this to cause a denial of service.
e7e858530b92101dc98943524cd5b05bb28b944a4fee7fea85ad9f330c37d63b
Microsoft Windows Kernel renaming layered keys does not reference count security descriptors, leading to a use-after-free condition.
07ccb330f6ce87a10f6763766477dee076f0af9a3d5ca41262bb308dae53fe47
Ubuntu Security Notice 6330-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.
deecf2a1038859bc54e7bc4552ec064b918fba9c85121f69ac6b49fd50ccbe1a
Proof of concept exploit for Oracle RMAN on Oracle database versions 19c, 18c, 12.2.0.1, and 12.1.0.2 where an RMAN controlfile operation is not adequately logged.
a4b527febec8b5e2538fa176029d4e006f6958e1699c0f13efc73dce25b4e691
PlayTube version 3.0.1 suffers from an information leakage vulnerability.
6634c359fbe26d15c6168d3a3cc4055c0d3b3c5bc2b752d4130d644d141485be
Clcknshop version 1.0.0 suffers from a remote SQL injection vulnerability.
5d0bc8cf65ee16ee6800fa873f2a015852b5863a2f7e875de8dae0a747d4712a
Clcknshop version 1.0.0 suffers from a cross site scripting vulnerability.
731dc5c1d3bb31d868003fea4ea01fe16db4a44cc1e7d133a7e37b79559d3152
Ubuntu Security Notice 6329-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.
3ab2535d6b2e3760934b04db84af47208028e08f7cdfe874f45bdbc71644631b
Ubuntu Security Notice 6328-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.
c4feb5d7fc10a439682355b4dd5a2b38977e66c51fb19680ebef69b62ce10d71
Ubuntu Security Notice 6327-1 - Zheng Zhang discovered that the device-mapper implementation in the Linux kernel did not properly handle locking during table_clear operations. A local attacker could use this to cause a denial of service. It was discovered that a use-after-free vulnerability existed in the HFS+ file system implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service.
72aa78e35cd621fa782450da790d2fa333e270e5f36b03b02cd2a82160f024d3
Ubuntu Security Notice 6326-1 - It was discovered that GitPython did not block insecure options from user inputs in the clone command. An attacker could possibly use this issue to execute arbitrary commands on the host.
530e6ebb850926ef6626a1c0006c82c38d0e8206dae8a2be5b10a29e1c9aeac6
Red Hat Security Advisory 2023-4921-01 - Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. This erratum releases a new image for Red Hat Single Sign-On 7.6.5 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service for on-premise or private cloud deployments, aligning with the standalone product release. Issues addressed include a denial of service vulnerability.
04ed950baf20eb72090ecb125e066c48fa5b02c2883d91243f0a5723e64dcc9d
Red Hat Security Advisory 2023-4919-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.5 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a denial of service vulnerability.
712845c226d45217eb6527dc42ccc56a9544ad4f3676b124cc5c9be248235525
Red Hat Security Advisory 2023-4918-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.5 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a denial of service vulnerability.
7d240ee320c576adc64aaecb485090d37e2f764a22870dd9370a6386089ed8d2