Packet Storm

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.

Debian Linux Security Advisory 5802-1 – Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

Sysax Multi Server version 6.9.9 suffers from an SSH related denial of service vulnerability.

Sysax Multi Server version 6.9.9 suffers from a cross site scripting vulnerability.

IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities.

IBM Security Verify Access Appliance suffers from multiple insecure transit vulnerabilities, hardcoded passwords, and uninitialized variables. ibmsecurity versions prior to 2024.4.5 are affected.

ESET NOD32 Antivirus version 18.0.12.0 suffers from an unquoted service path vulnerability.

SQLite3 suffers from a stack buffer underflow condition in seriesBestIndex in the generate_series extension.

khugepaged in Linux races with rmap-based zap, races with GUP-fast, and fails to call MMU notifiers.

Red Hat Security Advisory 2024-8425-03 – Red Hat OpenShift Container Platform release 4.15.37 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.

Red Hat Security Advisory 2024-8318-03 – Logging for Red Hat OpenShift – 5.6.25.

Red Hat Security Advisory 2024-7323-03 – Logging for Red Hat OpenShift – 5.6.24.

Ping Identity PingIDM versions 7.0.0 through 7.5.0 enabled an attacker with read access to the User collection, to abuse API query filters in order to obtain managed and/or internal user’s passwords in either plaintext or encrypted variants, based on configuration. The API clearly prevents the password in either plaintext or encrypted to be retrieved by any other means, as this field is set as protected under the User object. However, by injecting a malicious query filter, using password as the field to be filtered, an attacker can perform a blind brute-force on any victim’s user password details (encrypted object or plaintext string).

ABB Cylon Aspect version 3.08.01 has a vulnerability in caldavInstall.php, caldavInstallAgendav.php, and caldavUpload.php files, where the presence of an EXPERTMODE parameter activates a badassMode feature. This mode allows an unauthenticated attacker to bypass MD5 checksum validation during file uploads. By enabling badassMode and setting the skipChecksum parameter, the system skips integrity verification, allowing attackers to upload or install altered CalDAV zip files without authentication. This vulnerability permits unauthorized file modifications, potentially exposing the system to tampering or malicious uploads.

This archive contains all of the 128 exploits added to Packet Storm in October, 2024.

Debian Linux Security Advisory 5801-1 – Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing or information disclosure.

Xlibre Xnest versions 24.1.0 and 24.2.0 suffer from a buffer overflow vulnerability that affected Xorg.

Ubuntu Security Notice 7090-1 – Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Ubuntu Security Notice 7089-1 – Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

SmartAgent version 1.1.0 suffers from an unauthenticated remote code execution vulnerability in youtubeInfo.php.

SmartAgent version 1.1.0 suffers from a server-side request forgery vulnerability.

SmartAgent version 1.1.0 suffers from multiple unauthenticated remote SQL injection vulnerabilities.

Ubuntu Security Notice 7088-1 – Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Apple Security Advisory 10-29-2024-1 – Safari 18.1 addresses an information leakage vulnerability.

Red Hat Security Advisory 2024-8729-03 – An update for firefox is now available for Red Hat Enterprise Linux 8. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities.