what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 14,903 RSS Feed

Local Files

needrestart Local Privilege Escalation
Posted Nov 22, 2024
Authored by Qualys Security Advisory

Qualys discovered that needrestart suffers from multiple local privilege escalation vulnerabilities that allow for root access from an unprivileged user.

tags | exploit, local, root, vulnerability
advisories | CVE-2024-10224, CVE-2024-11003, CVE-2024-48990, CVE-2024-48991, CVE-2024-48992
SHA-256 | 5e1a7285b40cf60a49ec4d0075d1398f00688905145e895ec8cd09d0cc0d9564
Debian Security Advisory 5815-1
Posted Nov 20, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5815-1 - The Qualys Threat Research Unit discovered several local privilege escalation vulnerabilities in needrestart, a utility to check which daemons need to be restarted after library upgrades. A local attacker can execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable (CVE-2024-48990) or running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable (CVE-2024-48992). Additionally a local attacker can trick needrestart into running a fake Python interpreter (CVE-2024-48991) or cause needrestart to call the Perl module Module::ScanDeps with attacker-controlled files (CVE-2024-11003).

tags | advisory, arbitrary, local, root, perl, vulnerability, python, ruby
systems | linux, debian
advisories | CVE-2024-11003, CVE-2024-48990, CVE-2024-48991, CVE-2024-48992
SHA-256 | 5e41b21d2bd83511831c10a278bb8fee7846b092ba4f682ead33f207de7216f3
Ubuntu Security Notice USN-7119-1
Posted Nov 20, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7119-1 - Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-47188, CVE-2022-36402, CVE-2022-48863, CVE-2023-52531, CVE-2023-52614, CVE-2023-52918, CVE-2024-26607, CVE-2024-26640, CVE-2024-26641, CVE-2024-26668, CVE-2024-26669, CVE-2024-26677, CVE-2024-26885, CVE-2024-26960
SHA-256 | 0ac8232eca124498c64e1f39ff4a55d32797211ade5b92cbb09450e9c8fd78da
Ubuntu Security Notice USN-7089-7
Posted Nov 20, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7089-7 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-52887, CVE-2023-52888, CVE-2024-25741, CVE-2024-39487, CVE-2024-41007, CVE-2024-41012, CVE-2024-41015, CVE-2024-41020, CVE-2024-41022, CVE-2024-41023, CVE-2024-41025, CVE-2024-41030, CVE-2024-41032, CVE-2024-41034
SHA-256 | 3bb4b0009eaad71618f34ff6c752f1f9e4ea79487c66b03cb45903424dfb4988
Ubuntu Security Notice USN-7117-1
Posted Nov 20, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7117-1 - Qualys discovered that needrestart passed unsanitized data to a library which expects safe input. A local attacker could possibly use this issue to execute arbitrary code as root. Qualys discovered that the library libmodule-scandeps-perl incorrectly parsed perl code. This could allow a local attacker to execute arbitrary shell commands.

tags | advisory, arbitrary, shell, local, root, perl
systems | linux, ubuntu
advisories | CVE-2024-10224, CVE-2024-11003, CVE-2024-48990, CVE-2024-48991, CVE-2024-48992
SHA-256 | 243f9908492121d33be291aab7ae169001482e1d128c0417a2f83b5ed1d56c6e
Ubuntu Security Notice USN-7116-1
Posted Nov 19, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7116-1 - It was discovered that Python incorrectly handled quoting path names when using the venv module. A local attacker able to control virtual environments could possibly use this issue to execute arbitrary code when the virtual environment is activated.

tags | advisory, arbitrary, local, python
systems | linux, ubuntu
advisories | CVE-2024-9287
SHA-256 | 446a88199d9186d03c7cdc7b5e4b83cd8d96c3cfc050d5bbded309e03b02cb0c
Ubuntu Security Notice USN-7089-6
Posted Nov 15, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7089-6 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-52887, CVE-2024-25741, CVE-2024-39487, CVE-2024-41015, CVE-2024-41017, CVE-2024-41019, CVE-2024-41020, CVE-2024-41021, CVE-2024-41023, CVE-2024-41025, CVE-2024-41028, CVE-2024-41030, CVE-2024-41031, CVE-2024-41032
SHA-256 | 515b12c4124017f9c9b2a16d46a9bd62684fd3cd10bf1db6c2b42939bd7a194a
Ubuntu Security Notice USN-7088-5
Posted Nov 15, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7088-5 - Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-47212, CVE-2022-36402, CVE-2023-52614, CVE-2023-52918, CVE-2024-26668, CVE-2024-26669, CVE-2024-26885, CVE-2024-26891, CVE-2024-27051, CVE-2024-35848, CVE-2024-36484, CVE-2024-38602, CVE-2024-38611, CVE-2024-41012
SHA-256 | c4e7f1b5ea3bf3722a4cbe7f2f32f3a71766382741673a08f931c00204a0c5a6
Ubuntu Security Notice USN-7089-5
Posted Nov 15, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7089-5 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-52887, CVE-2023-52888, CVE-2024-25741, CVE-2024-39486, CVE-2024-39487, CVE-2024-41007, CVE-2024-41010, CVE-2024-41015, CVE-2024-41018, CVE-2024-41019, CVE-2024-41020, CVE-2024-41021, CVE-2024-41025, CVE-2024-41028
SHA-256 | 38c2b5bbf914d159a695ab1789496137c8c27f28f851de9815a9296aa57c2bde
Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download
Posted Nov 14, 2024
Authored by Andreas Kolbeck, Steffen Robertz | Site sec-consult.com

Siemens Energy Omnivise T3000 version 8.2 SP3 suffers from local privilege escalation, cleartext storage of passwords in configuration and log files, file system access allowing for arbitrary file download, and IP whitelist bypass.

tags | exploit, arbitrary, local
advisories | CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879
SHA-256 | f3ace4f4cb5b84a560a9593357976ec236f7e116327a16dffefa142cb8440217
HASOMED Elefant / Elefant Software Updater Data Exposure / Privilege Escalation
Posted Nov 11, 2024
Authored by Daniel Hirschberger, Florian Stuhlmann | Site sec-consult.com

HASOMED Elefant versions prior to 24.04.00 and Elefant Software Updater versions prior to 1.4.2.1811 suffer from having an unprotected exposed firebird database, unprotected FHIR API, multiple local privilege escalation, and hardcoded service password vulnerabilities.

tags | exploit, local, vulnerability
advisories | CVE-2024-50588, CVE-2024-50589, CVE-2024-50590, CVE-2024-50591, CVE-2024-50592, CVE-2024-50593
SHA-256 | 08569aaf8d9ee2326579f45288b32f5dc1f2f9623687358b993634b1d5424d28
Ubuntu Security Notice USN-7088-4
Posted Nov 7, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7088-4 - Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-47212, CVE-2022-36402, CVE-2023-52531, CVE-2023-52918, CVE-2024-26668, CVE-2024-26669, CVE-2024-26891, CVE-2024-27051, CVE-2024-38602, CVE-2024-40929, CVE-2024-41011, CVE-2024-41012, CVE-2024-41015, CVE-2024-41022
SHA-256 | d8177c3b5ff3c3d3fda97932c7f3da74d07c7efb90a9240a35307b994d06b627
Ubuntu Security Notice USN-7095-1
Posted Nov 7, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7095-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-52887, CVE-2023-52888, CVE-2024-25741, CVE-2024-39487, CVE-2024-41010, CVE-2024-41012, CVE-2024-41015, CVE-2024-41017, CVE-2024-41018, CVE-2024-41020, CVE-2024-41022, CVE-2024-41023, CVE-2024-41025, CVE-2024-41030
SHA-256 | a4c004e708b8e009bd474230b3de263f849417dad8771ca66e1ac6f371604336
Ubuntu Security Notice USN-7089-3
Posted Nov 7, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7089-3 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-52887, CVE-2023-52888, CVE-2024-25741, CVE-2024-39487, CVE-2024-41010, CVE-2024-41015, CVE-2024-41020, CVE-2024-41021, CVE-2024-41025, CVE-2024-41027, CVE-2024-41028, CVE-2024-41030, CVE-2024-41034, CVE-2024-41037
SHA-256 | 10729d56a83995eb3098226ea10515d8f81f274ad50de359cbac115b9ca988c3
Gentoo Linux Security Advisory 202411-03
Posted Nov 6, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202411-3 - A vulnerability has been discovered in Ubiquiti UniFi, which can lead to local privilege escalation. Versions greater than or equal to 8.5.6 are affected.

tags | advisory, local
systems | linux, gentoo
advisories | CVE-2024-42028
SHA-256 | d56c39f89a71ea1dec14a5c05c8223e6616375383cb115eb91d3c75cb96595c7
Ubuntu Security Notice USN-7088-3
Posted Nov 6, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7088-3 - Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-47212, CVE-2022-36402, CVE-2023-52531, CVE-2023-52614, CVE-2023-52918, CVE-2024-26640, CVE-2024-26641, CVE-2024-26668, CVE-2024-26891, CVE-2024-38602, CVE-2024-38611, CVE-2024-40929, CVE-2024-41012, CVE-2024-41015
SHA-256 | 07a058d393aeb3ca0e8521b79d58db34aa38d2a713a564c2cb964636e33b13cc
Ubuntu Security Notice USN-7089-2
Posted Nov 5, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7089-2 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-52887, CVE-2024-25741, CVE-2024-39486, CVE-2024-39487, CVE-2024-41012, CVE-2024-41015, CVE-2024-41017, CVE-2024-41019, CVE-2024-41020, CVE-2024-41025, CVE-2024-41027, CVE-2024-41029, CVE-2024-41030, CVE-2024-41031
SHA-256 | 817e5bf8246382082ac9d9cd3facb86957ad9411468075631d38d06ead217a6d
Ubuntu Security Notice USN-7088-2
Posted Nov 5, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7088-2 - Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-47212, CVE-2022-36402, CVE-2023-52614, CVE-2023-52918, CVE-2024-26607, CVE-2024-26641, CVE-2024-26668, CVE-2024-26891, CVE-2024-36484, CVE-2024-38602, CVE-2024-38611, CVE-2024-41012, CVE-2024-41017, CVE-2024-41020
SHA-256 | 313e20a45455cc6eb16fd12695e979b334e4b0d1bcb777bf49b1e6a869f75909
TOR Virtual Network Tunneling Tool 0.4.8.13
Posted Nov 4, 2024
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.

Changes: This is minor release fixing an important client circuit building (Conflux related) bug which lead to performance degradation and extra load on the network. Some minor memory leaks fixes as well as an important minor feature for pluggable transports.
tags | tool, remote, local, peer2peer
systems | unix
SHA-256 | 9baf26c387a2820b3942da572146e6eb77c2bc66862af6297cd02a074e6fba28
IBM Security Verify Access 32 Vulnerabilities
Posted Nov 4, 2024
Authored by Pierre Kim | Site pierrekim.github.io

IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution
advisories | CVE-2022-2068, CVE-2023-30997, CVE-2023-30998, CVE-2023-31001, CVE-2023-31004, CVE-2023-31005, CVE-2023-31006, CVE-2023-32328, CVE-2023-32329, CVE-2023-32330, CVE-2023-38267, CVE-2023-38368, CVE-2023-38369, CVE-2023-38370
SHA-256 | bbe5e2c1ca7d3b42c24076cc8aa46544dec9bd260d2ef8b56f24a6ec52ecd952
Ubuntu Security Notice USN-7090-1
Posted Nov 1, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7090-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-52887, CVE-2023-52888, CVE-2024-25741, CVE-2024-39487, CVE-2024-41015, CVE-2024-41019, CVE-2024-41020, CVE-2024-41021, CVE-2024-41023, CVE-2024-41025, CVE-2024-41030, CVE-2024-41033, CVE-2024-41034, CVE-2024-41035
SHA-256 | 6a9d3a1e4a4fbe85e4992cff08c3e238393e2444832e21faf50c67f89ed19bf6
Ubuntu Security Notice USN-7089-1
Posted Nov 1, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7089-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-52887, CVE-2023-52888, CVE-2024-25741, CVE-2024-39487, CVE-2024-41007, CVE-2024-41015, CVE-2024-41018, CVE-2024-41019, CVE-2024-41020, CVE-2024-41022, CVE-2024-41025, CVE-2024-41028, CVE-2024-41030, CVE-2024-41032
SHA-256 | ddf1e0bbd10d1ef692ad8303eb3ecdabeb9f0701fc3cf00afbec1c110f39b6a2
Ubuntu Security Notice USN-7088-1
Posted Nov 1, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7088-1 - Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-47212, CVE-2022-36402, CVE-2023-52918, CVE-2024-26607, CVE-2024-26641, CVE-2024-26668, CVE-2024-26669, CVE-2024-26891, CVE-2024-27051, CVE-2024-36484, CVE-2024-38602, CVE-2024-41012, CVE-2024-41015, CVE-2024-41017
SHA-256 | 45049820bd4e0d7ebd34214af28ac0de01bc1555af2b52dcd9fceee216485cbb
Vendure Arbitrary File Read / Denial Of Service
Posted Oct 24, 2024
Authored by EQSTLab, Rajesh Sharma | Site github.com

Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data such as configuration files, environment variables, and other critical data stored on the server. In the same code path is an additional vector for crashing the server via a malformed URI. Patches are available in versions 3.0.5 and 2.3.3. Some workarounds are also available. One may use object storage rather than the local file system, e.g. MinIO or S3, or define middleware which detects and blocks requests with urls containing /../.

tags | exploit, arbitrary, local
advisories | CVE-2024-48914
SHA-256 | 44947878b2d27713e2c8036a90034febca1e8b498dc37d99f640f1008b48d55c
Ubuntu Security Notice USN-7042-3
Posted Oct 22, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7042-3 - USN-7042-2 released an improved fix for cups-browsed. This update provides the corresponding update for Ubuntu 24.10. Simone Margaritelli discovered that cups-browsed could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute arbitrary code when a printer is used. This update disables support for the legacy CUPS printer discovery protocol.

tags | advisory, remote, arbitrary, local, protocol
systems | linux, ubuntu
advisories | CVE-2024-47176
SHA-256 | bcfb45a99344cfbb1e508b8fa8b50297a7f22efed18b112b2d79da6dc19b12cd
Page 1 of 597
Back12345Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close