Packet Storm

A vb2_mmap race with vb2_core_reqbufs leads to a use-after-free vulnerability in the Linux videobuf2 system.

In this paper, the author subjects the vulnerable web application vulnweb.com, developed by Acunetix, to security tests. Acunetix is a web application where we can perform legal penetration tests. The author discusses how to infiltrate the target system by acting as a real hacker through this application. Written in Turkish.

Ubuntu Security Notice 5793-1 - It was discovered that the io_uring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice 5792-1 - Mingwei Zhang discovered that the KVM implementation for AMD processors in the Linux kernel did not properly handle cache coherency with Secure Encrypted Virtualization. A local attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Eatself version 1.1.5 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Excel Net Computer Institute version 4.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Red Hat Security Advisory 2022-9111-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.54. Issues addressed include a code execution vulnerability.

Control Web Panel 7 versions prior to 0.9.8.1147 suffer from an unauthenticated remote code execution vulnerability.

Ubuntu Security Notice 5791-1 - It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering.

Ubuntu Security Notice 5790-1 - It was discovered that the BPF verifier in the Linux kernel did not properly handle internal data structures. A local attacker could use this to expose sensitive information. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.