Ubuntu Security Notice 3309-2 - Jakub Jirasek discovered that GnuTLS incorrectly handled certain assignments files. If a user were tricked into processing a specially crafted assignments file, a remote attacker could possibly execute arbitrary code.
d2c0c5302f6559086320ecc7ba3af4421baf11d0f0d29206837bd55883c8d012Ubuntu Security Notice 3354-1 - Felix Wilhelm discovered a path traversal vulnerability in Apport when handling the ExecutablePath field in crash files. An attacker could trick a user into opening a specially crafted crash file and execute arbitrary code with the user's privileges.
d23b12ba59af204c5cc0a7994cb118dba5276e4918828e26d2221716a8af6b73Ubuntu Security Notice 3274-2 - USN-3274-1 fixed a vulnerability in icu. This update provides the corresponding update for Ubuntu 12.04 ESM. A It was discovered that ICU incorrectly handled certain memory A operations when processing data. If an application using ICU processed A crafted data, a remote attacker could possibly cause it to crash or A potentially execute arbitrary code with the privileges of the user A invoking the program. Various other issues were also addressed.
65f5689b27b022b9425e92be5d0bd4dabc33446115be4104267678813d89a296Red Hat Security Advisory 2017-1766-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.
088afa5793e91c519ee5f828bba7a17dd003285a0359e717afe5c0c14d329a65Red Hat Security Advisory 2017-1759-01 - FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Security Fix: An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to crash the FreeRADIUS server or to execute arbitrary code in the context of the FreeRADIUS server process by sending a specially crafted request packet.
c15bef609eb1ab913d68d88b4c2dc9457c9749eb8feb7d799a533157a6978ec0Ubuntu Security Notice 3347-2 - USN-3347-1 fixed a vulnerability in Libgcrypt. This update provides the corresponding update for Ubuntu 12.04 ESM. A Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot A Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and A Yuval Yarom discovered that Libgcrypt was susceptible to an attack via A side channels. A local attacker could use this attack to recover RSA A private keys. Various other issues were also addressed.
cef9c437283906f956e60f6df98ddc0f810f887f63be10ecd8f7232cf64dd7e6Andrey Konovalov discovered a use-after-free vulnerability in the DCCP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges. Various other vulnerabilities were addressed.
91cb2bc988d62a783323447ecb77bf0d50a13e5d484b3ad48a99a46f99980cdfUbuntu Security Notice 3353-2 - USN-3353-1 fixed a vulnerability in Heimdal. This update provides the corresponding update for Samba. Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that Samba clients incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network servers or perform other attacks.
a459fdb8a6a1a92ac53e727a0c759b4b6fb90e95c344e1abc3d9aad978ed05baUbuntu Security Notice 3353-1 - Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that Heimdal clients incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network services or perform other attacks.
e52276393cab19ea039b4059f324c242fe0308ee69241319d25ff56c997063faDebian Linux Security Advisory 3908-1 - An integer overflow has been found in the HTTP range module of Nginx, a high-performance web and reverse proxy server, which may result in information disclosure.
cd5d2384bd7687090fd755285606347e1b18cee5c52c2981199d70b0f3637271Ubuntu Security Notice 3352-1 - It was discovered that an integer overflow existed in the range filter feature of nginx. A remote attacker could use this to expose sensitive information.
600f498d7b4084bab728c07868e8b5a07ccd3733023e2b76c91ac8906d9da164Ubuntu Security Notice 3351-1 - Felix Wilhelm discovered that Evince did not safely invoke tar when handling tar comic book files. An attacker could use this to construct a malicious cbt comic book format file that, when opened in Evince, executes arbitrary code. Please note that this update disables support for cbt files in Evince.
3fe5d19b26214d0b95ad2ff9a1f3a7333b9d4af545c0497976e300077f278004Microsoft Windows has a bad fix for the COM session moniker that can allow for elevation of privilege.
0513905439fcd24b1c37ca2f061101e2c62f7d370913d6c5f709593e098f6c5dApache OpenMeetings version 1.0.0 suffers from a denial of service vulnerability.
3aae98e6bf155757ab232e563a55638fd1a73dd88ec8210e426dc12163b6fdbcApache OpenMeetings version 1.0.0 handles user passwords in an insecure manner.
60e6d3ec3efb88c77b2ea7435546183db3b87cdf8ba86b197bd1c15707ddb3a7Apache httpd version 2.4.26 suffers from a read-after-free vulnerability in mod_http2.c.
5788d2bb13675315c4d85719f45460fa96c989f620a7e188f93cc79661354490Apache Open Meetings version 3.2.0 suffers from a cross site scripting vulnerability.
6dc5b8c878736706ddaf3f7fb4778d305e9c05aa6e7469a8eb53fa8b005f1b45All Apache versions through 2.2.33 and 2.4.26 suffer from an uninitialized memory reflection vulnerability in mod_auth_digest.
92719f7ec400c3d1e5ecae67472b60a11b11baa975d0c4396f6d491b24397cccRSA Authentication Manager versions 8.2 SP1 and below suffer from a stored cross site scripting vulnerability.
c31fde5fadca0381720b8ef7d955adfdba08221f05e84439d1f2f7ad01e81ef2Apache OpenMeetings version 3.1.0 has an issue where uploaded XML documents were not correctly validated.
0c40e026169192c4b71818a5573b88f036713a82c8d066a6f1c4209bbd9f92d7Multiple RSA Identity Governance and Lifecycle products suffer from remote file upload and cross site scripting vulnerabilities. Affected products include RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels, RSA Via Lifecycle and Governance version 7.0, all patch levels, and RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels.
0f5caa47804fc3e1dd9e10da53b7e9e83f7a1100ba47b413651bbc81681d7173RSA Authentication Manager 8.2 SP1 Patch 2 contains a fix for a brute force PIN-guessing vulnerability. This Self-Service Console vulnerability could potentially be exploited by malicious users and would impact a victim's ability to access protected resources. It requires that the victim's Self-Service Console credentials were compromised.
77aa2d399d4cb516fc5ff38029d6ead28e25e859e723af948bdbc87aeb25d0feEMC ViPR SRM, EMC Storage M and R, EMC VNX M and R, EMC M and R for SAS Solution Packs contain undocumented accounts with default passwords for Webservice Gateway and RMI JMX components. A remote attacker with the knowledge of the default password may potentially use these accounts to run arbitrary web service and remote procedure calls on the affected system.
e6415f53d783cf4db0e45411c0e289224a93bbb7336828a9a2b204e38467e23eRed Hat Security Advisory 2017-1739-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. Security Fix: A cross-site scripting flaw was discovered in the OpenStack dashboard which allowed remote authenticated administrators to conduct XSS attacks using a crafted federation mapping rule. For this flaw to be exploited, federation mapping must be enabled in the dashboard.
e18207687de7f35cadfe4c6e890cdbe4b2626ac0b5f418ff6563f33d68af607fiSmartAlarm CubeOne fails to validate the server-side SSL certificate.
6f8db5b3ece4e1e602b85d195adbc5b0e5b4dbdf942a6229d0ec3960d6e2bdde
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed