Ubuntu Security Notice 3290-1 - Marco Grassi discovered that the TCP implementation in the Linux kernel mishandles socket buffer truncation. A local attacker could use this to cause a denial of service.
563dfece3f8a1381536c36b79fbc4030397cf159f54546dca4e75ff220374ea6Ubuntu Security Notice 3278-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash, or execute arbitrary code. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to spoof the addressbar contents, conduct cross-site scripting attacks, cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.
5918077f633274f279ab87c4b055ad1b8af6e26633eab66e02241fb795da1fa5Mozilla Firefox version 52.02 and Tor Browser version 6.5.1 suffer from a denial of service vulnerability.
f0e5b537ef26ae911e34540be077e56bc1b0d16a55ab119f95a081e6a4574c9cUbuntu Security Notice 3275-2 - USN-3275-1 fixed vulnerabilities in OpenJDK 8. This update provides the corresponding updates for OpenJDK 7. It was discovered that OpenJDK improperly re-used cached NTLM connections in some situations. A remote attacker could possibly use this to cause a Java application to perform actions with the credentials of a different user. Various other issues were also addressed.
4f21667f05e9140f4f1c8350046f6031922bc511769015c43e35d6c0ce3b2c5cRed Hat Security Advisory 2017-1232-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system.
5320ffedef283ff1f76aecce917fe67e21a02ba281439a96af56abccb5937cffRed Hat Security Advisory 2017-1233-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system.
aa5c908b13897fd2c9c4cf722fa84fe657869cd1437682227963a27f534ffa96Ubuntu Security Notice 3272-2 - USN-3272-1 fixed vulnerabilities in Ghostscript. This change introduced a regression when the DELAYBIND feature is used with the eqproc command. This update fixes the problem. It was discovered that Ghostscript improperly handled parameters to the rsdparams and eqproc commands. An attacker could use these to craft a malicious document that could disable -dSAFER protections, thereby allowing the execution of arbitrary code, or cause a denial of service. Various other issues were also addressed.
89c2956bcc647b7f0010cbff3cb81eb6291d199296a26e5a2dd4b1eacc632b49Ubuntu Security Notice 3289-1 - Li Qiang discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Jiangxin discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Li Qiang and Jiangxin discovered that QEMU incorrectly handled the Cirrus VGA device when being used with a VNC connection. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Various other issues were also addressed.
dde5185a850c3ac4a506f63cc22dbe863cf22505aee84dd81835562d4980c02aHP ERK-321A is a wireless desktop set consisting of a mouse and a keyboard.
397d0a3e42b49ff649457998978949155ade071f9d5b96485fc2ed32dcb78d1bApple Security Advisory 2017-05-15-7 - Safari 10.1.1 is now available and addresses denial of service, spoofing, code execution, and various other vulnerabilities.
f184953a7037280d7e4e373cfd587685f3e1437bdc9f7b89a0745d9c829ee388Apple Security Advisory 2017-05-15-6 - iTunes 12.6.1 is now available and addresses memory corruption issues.
15175fee8a41ad4cab3937c3fca580d717aedde85bec2691e3a21ba00c8dd8efUbuntu Security Notice 3288-1 - It was discovered that libytnef incorrectly handled malformed TNEF streams. If a user were tricked into opening a specially crafted TNEF attachment, an attacker could cause a denial of service or possibly execute arbitrary code.
0bd4647cbf3608a8faab43b87222895eed8cee87221307f7e8b473c98e823c9fApple Security Advisory 2017-05-15-5 - iCloud for Windows 6.2.1 is now available and addresses memory corruption issues.
1050246e681450942693f3382f1b2ecf40b18c05b1a5676f21f38239abba21f6Apple Security Advisory 2017-05-15-4 - watchOS 3.2.1 is now available and addresses memory corruption, code execution, and various other vulnerabilities.
cf0bfa4226002838972ba9c0e3f6481f00d38377970bfca121c3f6a42cc11d2aApple Security Advisory 2017-05-15-3 - tvOS 10.2.1 is now available and addresses memory corruption, code execution, and various other vulnerabilities.
779674addaa1654d40d2e4065c9f2ddff94260c3da33d4a8ac031a2f79f2f303Apple Security Advisory 2017-05-15-2 - iOS 10.3.2 is now available and addresses memory corruption, code execution, and various other vulnerabilities.
f5820ea52b00fc116734e8b0de08fa5acad42cef92c5e3010010e8bff44f5ceaSecunia Research has discovered a vulnerability in FLAC, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the "read_metadata_vorbiscomment_()" function (stream_decoder.c), which can be exploited to cause a memory leak via a specially crafted FLAC file. The vulnerability is confirmed in version 1.3.2. Other versions may also be affected.
d03ed41c1a85fa12e6800c764a04ca3563c34ca3fa216a796399c5524c580f65LibRaw version 0.18.1 suffers from a parse_tiff_ifd() memory corruption vulnerability.
8f498d873a6b8b8c276e753027950cf8851c888b2c1ac2b4664ef5afe3b545a7Ubuntu Security Notice 3286-1 - Sebastian Krahmer discovered that the KDE-Libs Kauth component incorrectly checked services invoking D-Bus. A local attacker could use this issue to gain root privileges.
03634ccbfa798acc61ee8d677328fe1fb99e3ebe3ef1b6c3b445f79614923931Debian Linux Security Advisory 3853-1 - It was discovered that bitlbee, an IRC to other chat networks gateway, contained issues that allowed a remote attacker to cause a denial of service (via application crash), or potentially execute arbitrary commands.
0ae2e756d359a8f85cd211d2cdafd6d770efd1a4c760cdf700690643e939498bUbuntu Security Notice 3287-1 - Timo Schmid discovered that the Git restricted shell incorrectly filtered allowed commands. A remote attacker could possibly use this issue to run an interactive pager and access sensitive information.
cdf148f00c10d4f5548f08bb4b5ceaa61ba376f7096316241c0b5a359617d8ceApple Security Advisory 2017-05-15-1 - macOS 10.12.5 is now available and addresses certificate validation, privilege escalation, and various other vulnerabilities.
c8e7fabadfea08c552a96a322996223bd75739ad1b76b9e5498a79914d41c38aHPE Security Bulletin HPESBHF03745 1 - Potential security vulnerabilities have been identified in HPE Intelligent Management Center (iMC) PLAT. The vulnerabilities could be exploited remotely to allow execution of code. Revision 1 of this advisory.
0646540abc5b9cb35be636b8edae10d681619ef40750475d661504a25f0e469aVarious Mimosa products suffer from denial of service, information leakage, code execution, and file disclosure vulnerabilities.
7a6b33948781fb136bf41b92bc58cc0a1e46942a8f3b19bcf9a9eab576873d05Red Hat Security Advisory 2017-1230-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially crafted PostScript document could execute code in the context of the ghostscript process, bypassing the -dSAFER protection.
b65e6e58ed27babdee15105ea19a10437baad7a98432bf586ba47d5a3562cd81
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed