packetstormsecurity.comPacket Storm

exploit the possibilities Register | Login Files News Users Authors Home Files News &[SERVICES_TAB] About Contact Add New Europol Confirms Incident Following Alleged Auction Of Staff Data Ascension Making Progress After Ransomware Attack Dell Says Info Leaked After Hacker Claims Access To 49M Records NATO Draws A Cyber Red Line In Tensions With Russia Recent Files All Exploits Advisories Tools Whitepapers Other Debian Security Advisory 5688-1 Posted May 13, 2024 Authored by Debian | Site debian.org Debian Linux Security Advisory 5688-1 - It was discovered that missing input sanitising in the Atril document viewer could result in writing arbitrary files in the users home directory if a malformed epub document is opened. tags | advisory , arbitrary systems | linux , debian Download | Favorite | View Debian Security Advisory 5687-1 Posted May 13, 2024 Authored by Debian | Site debian.org Debian Linux Security Advisory 5687-1 - A security issue was discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. Google is aware that an exploit for CVE-2024-4671 exists in the wild. tags | advisory , denial of service , arbitrary , info disclosure systems | linux , debian Download | Favorite | View Kemp LoadMaster Local sudo Privilege Escalation Posted May 13, 2024 Authored by bwatters-r7 , Dave Yesland | Site metasploit.com This Metasploit module abuses a feature of the sudo command on Progress Kemp LoadMaster. Certain binary files are allowed to automatically elevate with the sudo command. This is based off of the file name. Some files have this permission are not write-protected from the default bal user. As such, if the file is overwritten with an arbitrary file, it will still auto-elevate. This module overwrites the /bin/loadkeys file with another executable. tags | exploit , arbitrary Download | Favorite | View Gentoo Linux Security Advisory 202405-33 Posted May 13, 2024 Authored by Gentoo | Site security.gentoo.org Gentoo Linux Security Advisory 202405-33 - Multiple vulnerabilities have been discovered in PoDoFo, the worst of which could lead to code execution. Versions greater than or equal to 0.10.1 are affected. tags | advisory , vulnerability , code execution systems | linux , gentoo Download | Favorite | View Gentoo Linux Security Advisory 202405-32 Posted May 13, 2024 Authored by Gentoo | Site security.gentoo.org Gentoo Linux Security Advisory 202405-32 - Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. Versions greater than or equal to 115.10.0 are affected. tags | advisory , remote , vulnerability , code execution systems | linux , gentoo Download | Favorite | View Gentoo Linux Security Advisory 202405-31 Posted May 13, 2024 Authored by Gentoo | Site security.gentoo.org Gentoo Linux Security Advisory 202405-31 - A vulnerability has been discovered in Kubelet, which can lead to privilege escalation. Versions greater than or equal to 1.28.5 are affected. tags | advisory systems | linux , gentoo Download | Favorite | View Ubuntu Security Notice USN-6771-1 Posted May 13, 2024 Authored by Ubuntu | Site security.ubuntu.com Ubuntu Security Notice 6771-1 - It was discovered that SQL parse incorrectly handled certain nested lists. An attacker could possibly use this issue to cause a denial of service. tags | advisory , denial of service systems | linux , ubuntu Download | Favorite | View Panel.SmokeLoader MVID-2024-0682 Cross Site Request Forgery / Cross Site Scripting Posted May 13, 2024 Authored by malvuln | Site malvuln.com Panel.SmokeLoader malware suffers from cross site request forgery, and cross site scripting vulnerabilities. tags | exploit , vulnerability , xss , csrf Download | Favorite | View Panel.SmokeLoader MVID-2024-0681 Cross Site Scripting Posted May 13, 2024 Authored by malvuln | Site malvuln.com Panel.SmokeLoader malware suffers from a cross site scripting vulnerability. tags | exploit , xss Download | Favorite | View Esteghlal F.C. Cross Site Scripting Posted May 13, 2024 Authored by E1.Coders Esteghlal F.C.’s site suffers from a cross site scripting vulnerability. tags | exploit , xss Download | Favorite | View Red Hat Security Advisory 2024-2822-03 Posted May 13, 2024 Authored by Red Hat | Site access.redhat.com Red Hat Security Advisory 2024-2822-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability. tags | advisory , denial of service systems | linux , redhat Download | Favorite | View Red Hat Security Advisory 2024-2821-03 Posted May 13, 2024 Authored by Red Hat | Site access.redhat.com Red Hat Security Advisory 2024-2821-03 - An update for bind and dhcp is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. tags | advisory systems | linux , redhat Download | Favorite | View Red Hat Security Advisory 2024-2820-03 Posted May 13, 2024 Authored by Red Hat | Site access.redhat.com Red Hat Security Advisory 2024-2820-03 - An update for varnish is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability. tags | advisory , denial of service systems | linux , redhat Download | Favorite | View Red Hat Security Advisory 2024-2817-03 Posted May 13, 2024 Authored by Red Hat | Site access.redhat.com Red Hat Security Advisory 2024-2817-03 - An update is now available for Red Hat OpenShift GitOps v1.10.5 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. tags | advisory systems | linux , redhat Download | Favorite | View Red Hat Security Advisory 2024-2816-03 Posted May 13, 2024 Authored by Red Hat | Site access.redhat.com Red Hat Security Advisory 2024-2816-03 - An update is now available for Red Hat OpenShift GitOps v1.12.2 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. tags | advisory systems | linux , redhat Download | Favorite | View Red Hat Security Advisory 2024-2815-03 Posted May 13, 2024 Authored by Red Hat | Site access.redhat.com Red Hat Security Advisory 2024-2815-03 - An update is now available for Red Hat OpenShift GitOps v1.11.4 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. tags | advisory systems | linux , redhat Download | Favorite | View Arm Mali 5th Gen Dangling ATE Posted May 13, 2024 Authored by Jann Horn , Google Security Research In mmu_insert_pages_no_flush(), when a HUGE_HEAD page is mapped to a 2M aligned GPU address, this is done by creating an Address Translation Entry (ATE) at MIDGARD_MMU_LEVEL(2) (in other words, an ATE covering 2M of memory is created). This is wrong because it assumes that at least 2M of memory should be mapped. mmu_insert_pages_no_flush() can be called in cases where less than that should be mapped, for example when creating a short alias of a big native allocation. Later, when kbase_mmu_teardown_pgd_pages() tries to tear down this region, it will detect that unmapping a subsection of a 2M ATE is not possible and write a log message complaining about this, but then proceed...