CVE-2023-52516

In the Linux kernel, the following vulnerability has been resolved: dma-debug: don't call dmaentryalloccheckleak under freeentrieslock dmaentryalloccheckleak calls into printk - serial console output qcom geni and grabs port-lock under freeentrieslock spin lock, which is a reverse locking...

DEBIAN-CVE-2023-52516

In the Linux kernel, the following vulnerability has been resolved: dma-debug: don't call dmaentryalloccheckleak under freeentrieslock dmaentryalloccheckleak calls into printk - serial console output qcom geni and grabs port-lock under freeentrieslock spin lock, which is a reverse locking...

CVE-2023-52516

In the Linux kernel, the following vulnerability has been resolved: dma-debug: don't call dmaentryalloccheckleak under freeentrieslock dmaentryalloccheckleak calls into printk - serial console output qcom geni and grabs port-lock under freeentrieslock spin lock, which is a reverse locking...

CVE-2023-52516 dma-debug: don't call __dma_entry_alloc_check_leak() under free_entries_lock

In the Linux kernel, the following vulnerability has been resolved: dma-debug: don't call dmaentryalloccheckleak under freeentrieslock dmaentryalloccheckleak calls into printk - serial console output qcom geni and grabs port-lock under freeentrieslock spin lock, which is a reverse locking...

CVE-2023-52516 dma-debug: don't call __dma_entry_alloc_check_leak() under free_entries_lock

In the Linux kernel, the following vulnerability has been resolved: dma-debug: don't call dmaentryalloccheckleak under freeentrieslock dmaentryalloccheckleak calls into printk - serial console output qcom geni and grabs port-lock under freeentrieslock spin lock, which is a reverse locking...

CVE-2023-52516

In the Linux kernel, the following vulnerability has been resolved: dma-debug: don't call dmaentryalloccheckleak under freeentrieslock dmaentryalloccheckleak calls into printk - serial console output qcom geni and grabs port-lock under freeentrieslock spin lock, which is a reverse locking...

BoidCMS 2.0.0 Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'BoidCMS Command Injection', 'Description' = %q This module leverages CVE-2023-38836, an improper sanitization bug in BoidCMS version 2.0.0 and...

HTTP/2 Cleartext Upgrade Support Detected

The HTTP/2 protocol is usually negotiated over the TLS application layer protocol negotiation extension TLS-ALPN. A persistent HTTP/2 connection can also be made from a HTTP/1.1 request using the Upgrade header with the h2c value to specify a cleartext communication. The scanner detected that the...

OESA-2024-1198 containers-common security update

This package contains common configuration files and documentation for container tools ecosystem, such as Podman, Buildah and Skopeo. Security Fixes: Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP wi...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-aiohttp, python-time-machine (SUSE-SU-2024:0577-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0577-1 advisory. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parse...

USN-6642-1 bind9 vulnerabilities

Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered that Bind incorrectly handled parsing large DNS messages. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. CVE-2023-4408 Elias Heftrig, Haya Schulmann,...

CVE-2023-5517

...

Updated bind packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Parsing large DNS messages may cause excessive CPU load. CVE-2023-4408 Querying RFC 1918 reverse zones may cause an assertion failure when "nxdomain-redirect" is enabled. CVE-2023-5517 Enabling both DNS64 and serve-stale may cause an assertion...

SMB Fetch, Windows x64 Reverse HTTP Stager (winhttp)

Fetch and execute an x64 payload from an SMB server. Tunnel communication over HTTP Windows x64 winhttp Module Options msf use payload/cmd/windows/smb/x64/vncinject/reversewinhttp msf payloadreversewinhttp show actions ...actions... msf payloadreversewinhttp set ACTION msf payloadreversewinhttp...

SMB Fetch, Windows Meterpreter Shell, Reverse TCP Inline x64

Fetch and execute an x64 payload from an SMB server. Connect back to attacker and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/smb/x64/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf...

SMB Fetch, Reverse TCP Stager with UUID Support (Windows x64)

Fetch and execute an x64 payload from an SMB server. Connect back to the attacker with UUID Support Windows x64 Module Options msf use payload/cmd/windows/smb/x64/peinject/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf...

SMB Fetch, Windows x64 Command Shell, Reverse TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x64 payload from an SMB server. Spawn a piped command shell Windows x64 staged. Connect back to the attacker Module Options msf use payload/cmd/windows/smb/x64/shell/reversetcprc4 msf payloadreversetcprc4 show actions ...actions... msf payloadreversetcprc4 set ACTION msf...

SMB Fetch, Reverse TCP Stager with UUID Support (Windows x64)

Fetch and execute an x64 payload from an SMB server. Connect back to the attacker with UUID Support Windows x64 Module Options msf use payload/cmd/windows/smb/x64/meterpreter/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf...

SMB Fetch, Reverse TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x64 payload from an SMB server. Connect back to the attacker Module Options msf use payload/cmd/windows/smb/x64/meterpreter/reversetcprc4 msf payloadreversetcprc4 show actions ...actions... msf payloadreversetcprc4 set ACTION msf payloadreversetcprc4 show options ...show and...

SMB Fetch, Windows shellcode stage, Reverse TCP Stager with UUID Support (Windows x64)

Fetch and execute an x64 payload from an SMB server. Custom shellcode stage. Connect back to the attacker with UUID Support Windows x64 Module Options msf use payload/cmd/windows/smb/x64/custom/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTIO...