Packet Storm

Red Hat Security Advisory 2024-4420-03 - An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8.10.

Red Hat Security Advisory 2024-4316-03 - Red Hat OpenShift Container Platform release 4.16.2 is now available with updates to packages and images that fix several bugs and add enhancements.

This archive contains three proof of concepts exploit for multiple Microsoft SharePoint remote code execution vulnerabilities.

Ivanti Endpoint Manager (EPM) 2022 SU5 and prior versions are susceptible to an unauthenticated SQL injection vulnerability which can be leveraged to achieve unauthenticated remote code execution.

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current 3.x.x release.

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current 2.19.x release that reaches end-of-life at the end of 2024.

Gentoo Linux Security Advisory 202407-23 - Multiple vulnerabilities have been discovered in LIVE555 Media Server, the worst of which could lead to a denial of service. Versions greater than or equal to 2021.08.24 are affected.

Ubuntu Security Notice 6886-1 - It was discovered that the Go net/http module did not properly handle the requests when request\'s headers exceed MaxHeaderBytes. An attacker could possibly use this issue to cause a panic resulting into a denial of service. This issue only affected Go 1.21 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that the Go net/http module did not properly validate the subdomain match or exact match of the initial domain. An attacker could possibly use this issue to read sensitive information. This issue only affected Go 1.21 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

Ubuntu Security Notice 6880-1 - Sam Shahsavar discovered that Apache Tomcat did not properly reject HTTP requests with an invalid Content-Length header. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks.

Ubuntu Security Notice 6885-1 - Marc Stern discovered that the Apache HTTP Server incorrectly handled serving WebSocket protocol upgrades over HTTP/2 connections. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Orange Tsai discovered that the Apache HTTP Server mod_proxy module incorrectly sent certain request URLs with incorrect encodings to backends. A remote attacker could possibly use this issue to bypass authentication.