Ubuntu Security Notice 5527-1 - It was discovered that Checkmk incorrectly handled authentication. An attacker could possibly use this issue to cause a race condition leading to information disclosure. It was discovered that Checkmk incorrectly handled certain inputs. An attacker could use these cross-site scripting issues to inject arbitrary html or javascript code to obtain sensitive information including user information, session cookies and valid credentials.
45daf753e998edd792b4728e6f35f35c6493b1e6cc974ee1082da7f33c59b2dc
HikVision Wi-Fi IP cameras come with a default SSID "davinci", with a setting of no WiFi encryption or authentication. Depending on the firmware version, there is no configuration option within the camera to turn off Wi-Fi. If a camera is deployed via wired ethernet, then the WiFi settings won't be adjusted, and a rogue AP with the SSID "davinci" can be associated to the camera to provide a new attack vector via WiFi to a wired network camera. Tested on firmware versions 5.3.0, 5.4.0, and 5.4.5 and model number DS-2CD2432F-IW.
f5308846195618c1d90deb701b32687a1044057024da5ebb8faa201a03647d06
Ubuntu Security Notice 3487-1 - It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code in the host OS. It was discovered that on the PowerPC architecture, the kernel did not properly sanitize the signal stack when handling sigreturn. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
5d3daa3acae196e215ffb752dacad9fbeacb9381db28059612dbc4bf68e35c68
Check_mk versions 1.2.8p25 and below suffer from a save_users() race condition that leads to sensitive information disclosure.
3817f4097ba3c193b240667f3e9f94890b3c36bbafc096a89f647938a535aa59
AlienVault USM version 5.4.2 suffers from a cross site request forgery vulnerability.
b5e6ee31b1a3e5fd0aa449ccfe7c7f88fc5ec5d1636f74a41f4ea05671f70da8
IBM Infosphere Information Server / Datastage versions 9.1, 11.3, and 11.5 (including Cloud version 11.5) suffer from bypass, XML external entity injection, DLL side loading, and various other vulnerabilities.
ea53053471a3eeb44443432b6095afa188583cf9617704a2e1f792491a59b12a