nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.
d5696dfaabde7f3cff0a0b7283cc85addc4642fd500fafaca647e8710e713d54Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.
cc64852e1e0c5bb30ecd052e4a12d5136125a8ce5c3be2efb6fb061c8677e327This Metasploit module exploits a command injection vulnerability in the /admin/monitoringplugins.php page of Nagios XI versions prior to 5.8.0 when uploading plugins. Successful exploitation allows an authenticated admin user to achieve remote code execution as the apache user by uploading a malicious plugin. Valid credentials for a Nagios XI admin user are required. This module has been successfully tested against Nagios versions XI 5.3.0 and 5.7.5, both running on CentOS 7.
1c6d22c62a86e7b5f3dedccebd30589cc4a30d490a6e2f222d47174bbda1bf57Backdoor.Win32.Zombam.h malware suffers from a buffer overflow vulnerability.
892b70638400e26e267979e0f292cfd7f54058b251f75cfd7f94fce12762ffddRed Hat Security Advisory 2021-1213-01 - The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. Issues addressed include an out of bounds read vulnerability.
284ff076eab057d3e4bac9fa40530e3047879e2080a548821f6bfdc381353930Red Hat Security Advisory 2021-1214-01 - The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. Issues addressed include an out of bounds read vulnerability.
0e0621b3f308786d9649dfae3f567c97cfba95f2ee28620e9b89b63f499ba287Red Hat Security Advisory 2021-1206-01 - The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space.
cfc2ddbf194ca98e9bd00034d5a3de9b781c3c4eaf8683beb24a941d9f66d122Ubuntu Security Notice 4913-1 - It was discovered that Underscore incorrectly handled certain inputs. An attacker could possibly use this issue to inject arbitrary code.
4c6a55e29d78dc7260498c3c8540897fb4dd35dc278829d4769947644f086890Red Hat Security Advisory 2021-1202-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 12 serves as a replacement for Red Hat JBoss Web Server 3.1.11, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass and null pointer vulnerabilities.
d298b486b2c549a8e088e04b05a72ab4f8bb78532a52abbdf79f9a27372b8ca5Red Hat Security Advisory 2021-1203-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 12 serves as a replacement for Red Hat JBoss Web Server 3.1.11, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass and null pointer vulnerabilities.
843c4e4bd39cfea0d38677d1be1f38188426a895786673ecc360bd6def6bd3f1Ubuntu Security Notice 4914-1 - It was discovered that NetworkManager incorrectly handled certain profiles. A local attacker could possibly use this issue to cause NetworkManager to crash, resulting in a denial of service.
3a10fafa334d7b4791e94ae359e5388456be8b53c9a477b36b4803dc880c6e2bRed Hat Security Advisory 2021-1201-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.9.1.
820794c43836fe077b75190ec69858bae073323c74eae7a8f16a6336ebcd5e5eRed Hat Security Advisory 2021-1200-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 6 and includes bug fixes and enhancements. Issues addressed include bypass and null pointer vulnerabilities.
2fbf4efc02ab16310a58ac2156fe73aef5b981f4c04d48622018df68de38a4eeRed Hat Security Advisory 2021-1199-01 - This release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 6 and includes bug fixes and enhancements. Issues addressed include bypass and null pointer vulnerabilities.
0e48ef5d1c90b0c3e3347e7e3394fcbbb4a23a89d852a417dd2fa1fbe1b32b7dhtmly version 2.8.0 suffers from a persistent cross site scripting vulnerability.
85e18bc2df9abe646cb059b1f16a9324d21a860943c8bb6dfbcd261cfcf66ba6Horde Groupware Webmail version 5.2.22 suffers from a persistent cross site scripting vulnerability.
ac0067ca0ac896cea878797665b7d40d5e0749684dd8782ac6396bcae1757783Tileserver-gl version 3.0.0 suffers from a cross site scripting vulnerability.
452bc88cc7f504133815bce695ed6927383939d2e4ba2b9e34a545b4a73b91ecIn this paper, the authors show that under realistic assumptions, it is indeed possible to bypass TRR directly from JavaScript, allowing attackers to exploit the resurfaced Rowhammer bug inside the browser. In addition, their analysis reveals new requirements for practical TRR evasion. For instance, they discovered that activating many rows in rapid succession as shown in TRRespass may not always be sufficient to produce bit flips. The scheduling of DRAM accesses also plays an important role.
47dfe422ce30e7bc84f40aade82f759d07d143dca97cf56e443b984812de680aThis is a script to trigger (Rowhammer) bit flips on TRR-enabled DDR4 SDRAM through Firefox. It will only work with THP enabled and after having set the target-specific parameters.
e3ccd1bd7189438873b030cfa940e70537dc6e478a0165bb9aa82486581a9aa0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed