This Metasploit module exploits an elevation of privilege vulnerability that exists in Windows 7 and 2008 R2 when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploits this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This Metasploit module is tested against windows 7 x86, windows 7 x64 and windows server 2008 R2 standard x64.
This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
This Microsoft bulletin summary lists a new CVE that has been added to the October advisory.
Viprinet VPN Hub Router suffers from a persistent cross site scripting vulnerability.
WiFiRanger version 7.0.8rc3 suffers from an incorrect access control that allows for ftp retrieval of an RSA identity that an attacker can use to ssh in as root.
CA Technologies Support is alerting customers to a low risk issue with CA Identity Governance. In a certain product configuration, an attacker can gain sensitive information. CA published solutions to address the vulnerability. The vulnerability occurs due to how CA Identity Governance responds to login requests. An attacker may exploit the vulnerability to enumerate account names. Affected products include CA Identity Suite Virtual Appliance 14.0, 14.1, and 14.2 and CA Identity Governance 12.6, 14.0, 14.1, and 14.2.
libSSH suffers from an authentication bypass vulnerability.
Zoho ManageEngine OpManager version 12.3 suffers from an arbitrary file upload vulnerability.
iOS and macOS suffers from a sandbox escape due to trusted length field in shared memory used by the HID event subsystem.
The Apple Intel GPU driver suffers from use-after-free and double-delete issues due to bad locking.
iOS suffers from a kernel stack memory disclosure due to failure to check copyin return value.
iOS and macOS suffer from sandbox escape vulnerabilities due to MIG failing to use correct out-of-line descriptor lengths when parsing reply messages.
iOS and macOS suffer from a sandbox escape vulnerability due to failure to comply with MIG object lifetime semantics in the iohideventsystem_client subsystem.
iOS and macOS suffers from a kernel memory corruption vulnerability due to integer overflow in IOHIDResourceQueue::enqueueReport.
iOS and macOS suffers from a sandbox escape vulnerability due to mach message sent from shared memory.
The iOS kernel suffers from a use-after-free vulnerability due to bad error handling in personas.
Red Hat Security Advisory 2018-2949-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include out-of-bounds write vulnerability.
Red Hat Security Advisory 2018-2946-01 - Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. The RHOAR Eclipse Vert.x 3.5.4 release serves as a replacement for RHOAR Eclipse Vert.x 3.5.3, and includes bug fixes and enhancements. For a detailed list of issues resolved in the community Eclipse Vert.x 3.5.4 release, see the release notes in the References section. Issues addressed include an API validation flaw and a problem where the WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake.
Red Hat Security Advisory 2018-2944-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include an out-of-bounds write vulnerability.
Red Hat Security Advisory 2018-2945-01 - Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of RHOAR Spring Boot 1.5.16 serves as a replacement for RHOAR Spring Boot 1.5.15, and includes bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section. Issues addressed include a denial of service vulnerability.
Ghostscript has an issues where callers of a procedure are not forced to be properly marked as executeonly or pseudo-operators, allowing for the ability to take complete control of it.
The Linux BPF verifier has an issue where 32-bit RSH verification does not truncate input before the ALU op.
Linux suffers from a semi-arbitrary task stack read on ARM64 (and x86) via /proc/$pid/stack.
Chrome has missing validation in the deserialization routines for both DataPipeConsumerDispatcher and DataPipeProducerDispatcher, which take from the incoming message a read_offset/write_offset respectively into shared memory. Providing an offset outside the bounds of the allocated memory will then result in an out-of-bounds read/write when the pipe is used.
OwnTicket version 1.0 suffers from a remote SQL injection vulnerability.
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed