Win32.STOP.Ransomware (smokeloader) malware suffers from both local and remote code execution vulnerabilities. The remote code execution can be achieved by leveraging a man-in-the-middle attack.
9740a4e0b25da98023aa4b00d3dc186e1ae19f18ff322ffbd1efa8acd634f49aThis is a custom firmware written for the Proxmark3 device. It extends the currently available firmware. This release is nicknamed "Zenith".
f22b0bbebc02dcb6a99ac3ba69f3035afdd6f068fcdb759ca5eac85fee0a77ceTask Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.
19d5f8c5ea06895a1df525a3f2aa900e859bf45ece3512286a979c45e7883470Debian Linux Security Advisory 5644-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service, the execution of arbitrary code or leaks of encrypted email subjects.
52c9ec4f8c2d47616afc49e17f3a3b204457658b0cbdb5e77c7a81280f8c2fceDebian Linux Security Advisory 5643-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure, bypass of content security policies or spoofing.
a448517a42a8f898647c5aa7c7b1e0258fff75928a056aa5b3eb6c5fe41ab76bUbuntu Security Notice 6708-1 - It was discovered that Graphviz incorrectly handled certain config6a files. An attacker could possibly use this issue to cause a denial of service.
87c56dd2a6e4a9f5eb5b6002def5a0ee55ce8cfd12daff0edd58f64d95d3c0e5Ubuntu Security Notice 6709-1 - It was discovered that checking excessively long DH keys or parameters may be very slow. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. After the fix for CVE-2023-3446 Bernd Edlinger discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service.
a3c85443f6ce0636dc4acc75b294ee38bc75374485acad341a73a787d547a0cbUbuntu Security Notice 6700-2 - It was discovered that the Layer 2 Tunneling Protocol implementation in the Linux kernel contained a race condition when releasing PPPoL2TP sockets in certain conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle block device modification while it is mounted. A privileged attacker could use this to cause a denial of service or possibly expose sensitive information.
4c2466c5a1092f0062ced6462c5b58b113956d4b9c6caa9042e032feef05a6f5Ubuntu Security Notice 6704-2 - It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service. Quentin Minster discovered that the KSMBD implementation in the Linux kernel did not properly handle session setup requests. A remote attacker could possibly use this to cause a denial of service.
f06bcd3c690a7a1a9aa03506a63b723e669f5ad31c8c9917af3280e58f9883e5Red Hat Security Advisory 2024-1473-03 - An update for libreoffice is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
d3e0c922c524bbf1d29c4d55dda3a429b8c2019757212b8b0de9e7d5deb1f340Red Hat Security Advisory 2024-1472-03 - An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a memory leak vulnerability.
5f645f06f6c84589dda4aabe3ce13b56b1e7f110aa5cfb218ca59eaa261e5d5cRed Hat Security Advisory 2024-1468-03 - An update for go-toolset-1.19-golang is now available for Red Hat Developer Tools. Issues addressed include a memory leak vulnerability.
04acb2d2456fffc7f4ec7acde25b31ce6e592eb03027eb856ee8eb1ed609286aThis whitepaper shows that the security threat from DMPs is significantly worse than previously thought and demonstrates the first end-to-end attacks on security-critical software using the Apple m-series DMP. Undergirding the author's attacks is a new understanding of how DMPs behave which shows, among other things, that the Apple DMP will activate on behalf of any victim program and attempt to leak any cached data that resembles a pointer.
a26af7248f3a7458c6db704eb23699f3163f79dcf78ceedd895d0097eb93941b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed