Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.
c9a43894b87502a5f69efdb97dee637c9dd4d2c5dfef1c9d79b9d406adafdb76Debian Linux Security Advisory 5615-1 - It was discovered that runc, a command line client for running applications packaged according to the Open Container Format (OCF), was susceptible to multiple container break-outs due to an internal file descriptor leak.
a959e4508099a43ffce4457a32f3fdcb636129404d0c2704c808e2edae17a68fUbuntu Security Notice 6592-2 - USN-6592-1 fixed vulnerabilities in libssh. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that libssh incorrectly handled the ProxyCommand and the ProxyJump features. A remote attacker could possibly use this issue to inject malicious code into the command of the features mentioned through the hostname parameter.
8b05812f1564de798f6fac3b6ba6391af039f74309ab8408b47cb1ef70eee3faThis Metasploit exploit module leverages sql injection and local file inclusion vulnerabilities in Cacti versions prior to 1.2.26 to achieve remote code execution. Authentication is needed and the account must have access to the vulnerable PHP script (pollers.php). This is granted by setting the Sites/Devices/Data permission in the General Administration section.
b4ef67908324e2b53eac068bc36847b4c86d487875706d6d2339e053cc3970f0Gentoo Linux Security Advisory 202402-10 - Multiple vulnerabilities have been found in NBD Tools, the worst of which could result in arbitrary code execution. Versions greater than or equal to 3.24 are affected.
83b8d46f9c09fea3e5f24332fab518cfa8353b71b47ad892281a37e40beacce2runc versions 1.1.11 and below, as used by containerization technologies such as Docker engine and Kubernetes, are vulnerable to an arbitrary file write vulnerability. Due to a file descriptor leak it is possible to mount the host file system with the permissions of runc (typically root). Successfully tested on Ubuntu 22.04 with runc 1.1.7-0ubuntu1~22.04.1 using Docker build.
c42842f57bc20a342f98ba3468fd922f4034a579676faa1da23d0d71f03b5e91Debian Linux Security Advisory 5614-1 - Two vulnerabilities were discovered in zbar, a library for scanning and decoding QR and bar codes, which may result in denial of service, information disclosure or potentially the execution of arbitrary code if a specially crafted code is processed.
8622812f88e985e7306821abbdc0f758934b8fa49410f0223dd4e05e28a1acdbSISQUAL WFM version 7.1.319.103 suffers from a host header injection vulnerability.
999fb99ba1eaa913b2e2c723b3bae263813d0e1ac23dcb4ed598112369465431Ubuntu Security Notice 6622-1 - David Benjamin discovered that OpenSSL incorrectly handled excessively long X9.42 DH keys. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, leading to a denial of service. Sverker Eriksson discovered that OpenSSL incorrectly handled POLY1304 MAC on the PowerPC architecture. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.04.
ff69da46815898e29a74d2a9b2e923d655291a8edb80d059ecf7a44b3dc0eeb1Apple Security Advisory 02-02-2024-1 - visionOS 1.0.2 addresses a code execution vulnerability.
ef7c480cac8065bb23e20b2d4701f7e2cac7122e19abb127d2d019d5b25e894aMilesight IoT router versions UR5X, UR32L, UR32, UR35, and UR41 suffer from a credential leaking vulnerability due to unprotected system logs and weak password encryption.
4791d7ca6f5a11b71148995110e315c6b6ea98632d3810a0ca1aeb9e961c9eb3Gentoo Linux Security Advisory 202402-9 - Multiple out-of-bounds read vulnerabilities have been discovered in Wireshark. Versions greater than or equal to 4.0.11 are affected.
aedd47a5fac11b07ba34143204f93f64bc085e816f7faf686f4d18430bed47d4Sumatra PDF version 3.5.2 suffers from a DLL hijacking vulnerability.
260431c4bf718f16940d65c7a74690e935f1132e5750593158b7961d93c3e061Gentoo Linux Security Advisory 202402-8 - Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in denial of service. Versions greater than or equal to 3.0.10 are affected.
21ad378435b07083191f0c5fc69298cd031080be76d8665f35aae2aacebb11f1Gentoo Linux Security Advisory 202402-7 - Multiple vulnerabilities have been found in Xen, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 4.16.6_pre1 are affected.
19872780145bfa0c32c4309b28ecde3c62c36daf70f877bcfa9b07a713bfd2baWordPress Simple URLs plugin versions prior to 115 suffer from a cross site scripting vulnerability.
c30a14aad4b176fcca47e0448ca0f4736ce2e14ebe3feb095662f74d88b72153Gentoo Linux Security Advisory 202402-6 - Multiple vulnerabilities have been discovered in FreeType, the worst of which can lead to remote code execution. Versions greater than or equal to 2.13.0 are affected.
2332b930c1bc02b4c15052d2dd556f55c348f922103bdae172fa61778f27d3efGym Management System version 1.0 suffers from a persistent cross site scripting vulnerability. Original credit for this finding goes to Jyotsna Adhana in October of 2020 but uses a different vector of attack for this software version.
c0f2d33a4c3991ea99477e6d1d0b6c609743f37a52348c26fa084cc05b9df687Gentoo Linux Security Advisory 202402-5 - Multiple vulnerabilities have been discovered in Microsoft Edge, the worst of which could lead to remote code execution. Versions greater than or equal to 120.0.2210.61 are affected.
c844eb6242995346f26fd4f6088786fbcb1b77133dff69f6873e1a0045401326Gentoo Linux Security Advisory 202402-4 - A vulnerability has been discovered in GNAT Ada Suite which can lead to remote code execution. Versions prior to 2019-r2 are affected.
36a43e2ded398a3755890db87828d0b486520c2a8a1e13a524cbc8a5ff206c35WhatsUp Gold 2022 version 22.1.0 Build 39 suffers from a persistent cross site scripting vulnerability.
c220ac742e0433187b0d69c0b84acee272914b285cfb7aab956f93dfb9bd2fceGentoo Linux Security Advisory 202402-3 - Multiple vulnerabilities have been discovered in QtGui which can lead to remote code execution. Versions greater than or equal to 5.15.9-r1 are affected.
29abf5245e675ff4a969b993e3b6f8e40d58919eb43e3ef6ff64ed7c35ecd325Gentoo Linux Security Advisory 202402-2 - A vulnerability has been discovered in SDDM which can lead to privilege escalation. Versions greater than or equal to 0.18.1-r6 are affected.
6b963f4bd06c531eca044b5135208a427fda74b10ead04703ae9d3458fab5725MISP version 2.4.171 suffers from a persistent cross site scripting vulnerability.
c46d1b01317a56d0c3ca6306f105dceaf23c7eb41b768453a59fb637c41d5e3e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed