CLSA-2022-1663183381 Fixed CVE-2022-2526 in systemd

CVE-2022-2526: use unref the DnsStream in callbacks correctly...

systemd security update

239-58.0.1.4 - Disable unprivileged BPF by default Orabug: 32870980 - backport upstream pstore tmpfiles patch Orabug: 31420486 - udev rules: fix memory hot add and remove Orabug: 31310273 - fix to enable systemd-pstore.service Orabug: 30951066 - journal: change support URL shown in the catalog...

systemd security update

219-78.0.9.el79.7 - Core: explicitly trigger changing udev systemdwants property Orabug: 31858125 - Disable unprivileged BPF by default Orabug: 32871008 - Resolve missing installation files for systemd-pstore Orabug 32497787 - Change to have file tmpfiles.d/systemd-pstore.conf installed on upon...

URL Redirection to Untrusted Site ('Open Redirect') in next-auth

Impact We found that this vulnerability is present when the developer is implementing an OAuth 1 provider by extension, it means Twitter, which is the only built-in provider using OAuth 1, but upgrading is still recommended. next-auth v3 users before version 3.29.3 are impacted. We recommend...

Devise Token Auth vulnerable to Cross-site Scripting

An issue was discovered in Devise Token Auth through 1.1.2. The omniauth failure endpoint is vulnerable to Reflected Cross Site Scripting XSS through the message parameter. Unauthenticated attackers can craft a URL that executes a malicious JavaScript payload in the victim's browser. This affects...

kernel: perf/smmuv3: Fix hotplug callback leak in arm_smmu_pmu_init()

A resource-handling flaw was found in the Linux kernel performance monitoring driver for ARM System Memory Management Unit version 3 in the way hotplug callbacks are registered during driver initialization. If driver registration fails, previously added CPU hotplug callbacks are not removed,...

kernel: ethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce()

A vulnerability was found in the Linux kernel's ethtool implementation in the ioctl handling of coalesce settings, where the system attempts to change coalesce settings using the ethtoolsetcoalesce function without verifying the availability of both the .getcoalesce and .setcoalesce callbacks,...

GSD-2022-1001477 PM: core: keep irq flags in device_pm_check_callbacks()

PM: core: keep irq flags in devicepmcheckcallbacks This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.19 by commit...

NextAuth.js default redirect callback vulnerable to open redirects

next-auth v3 users before version 3.29.2 are impacted. We recommend upgrading to v4 in most cases. See our migration guide.next-auth v4 users before version 4.3.2 are impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a...

CVE-2022-24858

next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks option. If you already...

Design/Logic Flaw

next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks option. If you already...

CVE-2022-24858 Default redirect callback vulnerable to open redirects

next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks option. If you already...

EDRSandblast - Tool That Weaponize A Vulnerable Signed Driver To Bypass EDR Detections And LSASS Protections

EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections Kernel callbacks and ETW TI provider and LSASS protections. Multiple userland unhooking techniques are also implemented to evade userland monitoring. As of release, combination of userland...

WordPress和WordPress plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress SpiderCalendar plugin is vulnerable to a cross-site scripting vulnerability that stems from the...

PT-2025-38019

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists between the login work function and the login thread in the iSCSI target implementation. A malicious initiator sending data immediately after a login PDU can caus...

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

It is an offensive tool for Log4j RCE CVE-2021-44228 vulnerability scanning. The primary CVE ID is CVE-2021-44228. The target product/service is Apache Log4j. The vulnerability class/vector is RCE Remote Code Execution. The probable entry points are scripts/modules such as log4j-scan.py. Notable...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

log4j log4shell CVE-2021-44228 Public IoCs list Public IoCs...

DarkLoadLibrary - LoadLibrary For Offensive Operations

LoadLibrary for offensive operations. How does is work? https://www.mdsec.co.uk/2021/06/bypassing-image-load-kernel-callbacks/ Usage DARKMODULE DarkModule = DarkLoadLibrary LOADLOCALFILE, // control flags L"TestDLL.dll", // local dll path, if loading from disk NULL, // DLL Buffer to load from if...

OESA-2021-1211 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.CVE-2020-15469...

PyBeacon - A Collection Of Scripts For Dealing With Cobalt Strike Beacons In Python

PyBeacon is a collection of scripts for dealing with Cobalt Strike's encrypted traffic. It can encrypt/decrypt beacon metadata, as well as parse symmetric encrypted taskings Scripts included There is a small library which includes encryption/decoding methods, however some example scripts are...