This Microsoft bulletin summary lists a CVE that has undergone a major revision increment.
2e3040700072408f7b3e65366db82fb095611d37a4356fc577ee4baae450cfbaThis advisory discusses a Microsoft Windows kernel pool memory disclosure into NTFS metadata ($LogFile) in Ntfs!LfsRestartLogFile.
79957168f93861bbb46f21290a78b65b360080d54ec073682cd4e16fbff74b4bThe Microsoft Windows kernel pool suffers from a nt!RtlpCopyLegacyContextX86 related memory disclosure vulnerability.
9b0a218fd882e743c80327592b205f6e39c6228c5a3712d6268189b601f7b6ccDebian Linux Security Advisory 3999-1 - Mathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered multiple vulnerabilities in the WPA protocol, used for authentication in wireless networks. Those vulnerabilities applies to both the access point (implemented in hostapd) and the station (implemented in wpa_supplicant).
bbccd2dbf27455717295f61b841a4fcef26948a1a53f5e1bcd8dac20bc273919Gentoo Linux Security Advisory 201710-16 - A vulnerability found in Shadow may allow remote attackers to cause a Denial of Service condition or produce other unspecified behaviors. Versions less than 4.5 are affected.
2561b8b5111e5c41d59c002a90f8845ee3941649bcfa081a3ec3b3616b119217Gentoo Linux Security Advisory 201710-15 - A null pointer dereference in GnuTLS might allow attackers to cause a Denial of Service condition. Versions less than 3.5.13 are affected.
dc316e44c0b32de61fc10a02b2052b8f20b1341351d338cc9fd277321c0d3a54Micro Focus Security Bulletin MFSBGN03786 1 - A potential security vulnerability has been identified in the HPE Connected Backup agent. This vulnerability could be exploited locally to allow escalation of privilege. Revision 1 of this advisory.
645e93f923e00d0379ce02cc0a2311eae2738cd3a0bb7fd0a6743ee9451e3085Gentoo Linux Security Advisory 201710-14 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which may allow remote attackers to execute arbitrary code. Versions less than 2.16.6:4 are affected.
43af8a0df16e4463cc90e2e2043b2cd7b5b2bdc65c3a1be2521e687ee036d9baGentoo Linux Security Advisory 201710-13 - Multiple vulnerabilities have been found in Graphite, the worst of which could lead to the remote execution of arbitrary code. Versions less than 1.3.10 are affected.
1fc515997811b48f7dcb764101edd9caa941f703833a6e6b6e19790194606b3cGentoo Linux Security Advisory 201710-12 - Multiple vulnerabilities have been found in Puppet Agent, the worst of which could result in the execution of arbitrary code. Versions less than 1.7.1 are affected.
98ba217a20c5de0270877d47a6ee84b96fc1c1aa0a4a90589175211bd14fafb9Gentoo Linux Security Advisory 201710-11 - Multiple vulnerabilities have been found in GNU Libtasn1, the worst of which may allow remote attackers to execute arbitrary code. Versions less than 4.12-r1 are affected.
92685fe57fb041330c8430e99dbda671722ae6b1569e6f5a603ccc70b49f2c7dGentoo Linux Security Advisory 201710-10 - Multiple vulnerabilities have been found in elfutils, the worst of which may allow remote attackers to cause a Denial of Service condition. Versions less than 0.169-r1 are affected.
70260518685556fb869ffc6423adb02280c238fa013e7c02fbd51c084cc9df76Red Hat Security Advisory 2017-2889-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.4.6 serves as a replacement for Red Hat JBoss BPM Suite 6.4.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Multiple security issues have been addressed.
c7939695f10427358e0414e6351cb34199efeae8c63812b03e4d3398c8445f7eRed Hat Security Advisory 2017-2888-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.4.6 serves as a replacement for Red Hat JBoss BRMS 6.4.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application.
3868ecc1e90ce4272d7616c38753626b0c309d2d00f48fc2957ac96090c42f3bUbuntu Security Notice 3454-1 - It was discovered that libffi incorrectly enforced an executable stack. An attacker could possibly use this issue, in combination with another vulnerability, to facilitate executing arbitrary code.
9c72c1d14fa10516f5f75ad3bfcbe7d7d72f85da27d6cda0bc94aadd14534cd2Ubuntu Security Notice 3453-1 - Michal Srb discovered that the X.Org X server incorrectly handled shared memory segments. An attacker able to connect to an X server, either locally or remotely, could use this issue to crash the server, or possibly replace shared memory segments of other X clients in the same session. Michal Srb discovered that the X.Org X server incorrectly handled XKB buffers. An attacker able to connect to an X server, either locally or remotely, could use this issue to crash the server, or possibly execute arbitrary code. Various other issues were also addressed.
b2bc0f9775721eb3fa681f9707487f1f1193a79c9e6a1a262256218faff14edbRed Hat Security Advisory 2017-2886-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: rh-mysql57-mysql. Security Fix: An integer overflow flaw leading to a buffer overflow was found in the way MySQL parsed connection handshake packets. An unauthenticated remote attacker with access to the MySQL port could use this flaw to crash the mysqld daemon.
ab4e92004548788c79614f7c05b6d2c3c3448effbadd3ccabd3acbab1019e604Red Hat Security Advisory 2017-2885-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.4.0. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
5f20f5f2c4f99fbad3690c5cf29d0ddabb96dc263218b04ecf736509078ebd75Red Hat Security Advisory 2017-2882-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash.
b294ae7843b44eeda61772103e1aa5e29e1103d47f3fd1e06ae69f27761915deUbuntu Security Notice 3452-1 - It was discovered that Ceph incorrectly handled the handle_command function. A remote authenticated user could use this issue to cause Ceph to crash, resulting in a denial of service. Rahul Aggarwal discovered that Ceph incorrectly handled the authenticated-read ACL. A remote attacker could possibly use this issue to list bucket contents via a URL. Diluga Salome discovered that Ceph incorrectly handled certain POST objects with null conditions. A remote attacker could possibly use this issue to cuase Ceph to crash, resulting in a denial of service. Various other issues were also addressed.
d0c4dbab4d999caaccd4e408ea4c5e060bec46f1b4a9923abaf76b2c18d3879dUbuntu Security Notice 3451-1 - It was discovered that OpenStack Swift incorrectly handled tempurls. A remote authenticated user in possession of a tempurl key authorized for PUT could retrieve other objects in the same Swift account. Romain Le Disez and Arjan Persson discovered that OpenStack Swift incorrectly closed client connections. A remote attacker could possibly use this issue to consume resources, resulting in a denial of service. Various other issues were also addressed.
70e90fd9f9d13513b72ce23eb9a5afc5589f7b785f6e14f8d84470b767224214Ubuntu Security Notice 3450-1 - Bhargava Shastry discovered that Open vSwitch incorrectly handled certain OFP messages. A remote attacker could possibly use this issue to cause Open vSwitch to crash, resulting in a denial of service. It was discovered that Open vSwitch incorrectly handled certain OpenFlow role messages. A remote attacker could possibly use this issue to cause Open vSwitch to crash, resulting in a denial of service. It was discovered that Open vSwitch incorrectly handled certain malformed packets. A remote attacker could possibly use this issue to cause Open vSwitch to crash, resulting in a denial of service. This issue only affected Ubuntu 17.04. Various other issues were also addressed.
7451dfdaef4bf81cb411c0d38bdcc733cd605995d8a39176c7e352bf54a51ee0Ubuntu Security Notice 3449-1 - George Shuklin discovered that OpenStack Nova incorrectly handled the migration process. A remote authenticated user could use this issue to consume resources, resulting in a denial of service. George Shuklin and Tushar Patil discovered that OpenStack Nova incorrectly handled deleting instances. A remote authenticated user could use this issue to consume disk resources, resulting in a denial of service. Various other issues were also addressed.
a1c121127571465465556c60817389564c88cc2b4526a38cad3b673cd9b43192Ubuntu Security Notice 3448-1 - Boris Bobrov discovered that OpenStack Keystone incorrectly handled federation mapping when there are rules in which group-based assignments are not used. A remote authenticated user may receive all the roles assigned to a project regardless of the federation mapping, contrary to expectations.
c17d9dfabe42e69aeb2a88ad9d00135975ba69cdd7efa593c4a28685c4d015ddUbuntu Security Notice 3447-1 - Beth Lancaster and Brandon Sawyers discovered that OpenStack Horizon was incorrect protected against cross-site scripting attacks. A remote authenticated user could use this issue to inject web script or HTML in a dashboard form.
53a3044240cbe88ed44bc7604ffffe0d572d14209249f0931744fb0afe88c512
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed