Proof of concept exploit that uses a use-after-free vulnerability due to a race condition in MIDI devices in Linux Kernel version 5.6.13.
5772575942e33bf0bb3f88209aeb358c538c5851a59e7ed25e4a63653b6b7cdaThis article provides an in-depth analysis of two kernel vulnerabilities within the Mali GPU, reachable from the default application sandbox, which the researcher independently identified and reported to Google. It includes a kernel exploit that achieves arbitrary kernel r/w capabilities. Consequently, it disables SELinux and elevates privileges to root on Google Pixel 7 and 8 Pro models.
ef155a55cc982cf4afc865e723a64f73dd992184a6af2b3f6fd8a54318748977Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.
95438612672226776aef09c283564541b50a78dfaaf09308b2ac21ffea6adfe5Ubuntu Security Notice 6985-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program.
b2ed887bda1225e6a107abc79f6788f4ff09335f9bbfeb2491bad8367d72c41bDebian Linux Security Advisory 5765-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
dfab6913b39748bebfcdb6654b977dbe4d0b99559dd95f8e7705706523881d55OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide.
2e8a40b01979afe8be0bbfb3de5dc1c6709fedb46d6c89c10da114ab5fc3d281OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide.
52b5f1c6b8022bc5868c308c54fb77705e702d6c6f4594f99a0df216acf46239OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide.
053a31fa80cf4aebe1068c987d2ef1e44ce418881427c4464751ae800c31d06cOpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide.
23c666d0edf20f14249b3d8f0368acaee9ab585b09e1de82107c66e1f3ec9533Ubuntu Security Notice 6988-1 - It was discovered that Twisted incorrectly handled response order when processing multiple HTTP requests. A remote attacker could possibly use this issue to delay and manipulate responses. This issue only affected Ubuntu 24.04 LTS. It was discovered that Twisted did not properly sanitize certain input. An attacker could use this vulnerability to possibly execute an HTML injection leading to a cross-site scripting attack.
b3e9ccedfdbf38665257767f0dc668db4901ec80e4f37709d43bcb54502ddae9Backdoor.Win32.Symmi.qua malware suffers from a buffer overflow vulnerability.
0bc924461f903a4b4b69a0e094001ae59f6aed7881aa5a2aff5dfa55c34905b6HackTool.Win32.Freezer.br (WinSpy) malware suffers from an insecure credential storage vulnerability.
574e327046bc7ed7b91b795a2eebcc7e87a001021d334845c357d1bc082517f0Debian Linux Security Advisory 5764-1 - David Benjamin reported a flaw in the X.509 name checks in OpenSSL, a Secure Sockets Layer toolkit, which may cause an application performing certificate name checks to crash, resulting in denial of service.
dbf872d29754a22cae6b26afe4476d039ce5bf85e293b9b862b484c9f5dc17fdBackdoor.Win32.Optix.02.b malware suffers from a hardcoded credential vulnerability.
8c8ad33e111ebd91632229baa25c24e2eb3101bf3951d070074c5b4618e78fcfUbuntu Security Notice 6986-1 - David Benjamin discovered that OpenSSL incorrectly handled certain X.509 certificates. An attacker could possible use this issue to cause a denial of service or expose sensitive information.
4e4ced71393d9b0e6bca8be03216a18e90e10465a4695a4677bf735d58d9bcc9Backdoor.Win32.JustJoke.21 (BackDoor Pro - v2.0b4) malware suffers from a code execution vulnerability.
efd34490081822962a9907289feb284b29b116cd83a6df573fe5cae3f6d09fb1Backdoor.Win32.PoisonIvy.ymw malware suffers from an insecure credential storage vulnerability.
2a0b97e3b01f0c3a9c85e1a96ede18240c61b21ee538261305346eec34828cd5Ubuntu Security Notice 6981-2 - USN-6981-1 fixed vulnerabilities in Drupal. This update provides the corresponding updates for Ubuntu 14.04 LTS. It was discovered that Drupal incorrectly sanitized uploaded filenames. A remote attacker could possibly use this issue to execute arbitrary code.
e0c2bcfb7cd5f77e1fac909f4e05b9cd81d53faaf5f7d19ef0e52afe64fba15aUbuntu Security Notice 6987-1 - It was discovered that Django incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. It was discovered that Django incorrectly handled certain email sending failures. A remote attacker could possibly use this issue to enumerate user emails by issuing password reset requests and observing the outcomes.
f3f2768b2dc77ce49a90cc01a26c241df8af7757a71eacfd0692358e81f14191Online Travel Agency System version 1.0 suffers from a remote shell upload vulnerability.
e1c910902237872a9a7ebb40f19760f24f84f89e4b7e66a2979867c3d7860ef2Red Hat Security Advisory 2024-6297-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a use-after-free vulnerability.
5cc20428962c5e96e99663eb34b09d3dc7fd62a16878786c5a890e15c6a2adeaRed Hat Security Advisory 2024-6274-03 - Red Hat OpenShift distributed tracing 3.3.0.
8e461c303fc1b59fb9d0099ae9115f1b645327c8b8e7a8d2d8959b891ec556cdTourism Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
db170b3ac31a17248bfa19e67220ae00449f12c6e02e1fc5d27c5fcdf490b79aRed Hat Security Advisory 2024-6268-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.
bcaf946a5a71812f65f38fa1422640555bb12eeebf06c04f114413abe56cfb08Red Hat Security Advisory 2024-6267-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.
6d7fd01d1e5d53c9f06cc3b67c13d6d2568060479043bc1fdb200e6e4ba66395
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed