RSA OneStep is potentially affected by a path traversal vulnerability. Attackers could potentially exploit this vulnerability to access unauthorized information by supplying specially crafted strings in input parameters of the application. Versions 6.9 prior to build 559 are affected.
d03b4b51818c3702e50eb4646e8c602ca6e5e245e452febf9a09050e7347f504FreeBSD Security Advisory - In rpcbind(8), netbuf structures are copied directly, which would result in two netbuf structures that reference to one shared address buffer. When one of the two netbuf structures is freed, access to the other netbuf structure would result in an undefined result that may crash the rpcbind(8) daemon. A remote attacker who can send specifically crafted packets to the rpcbind(8) daemon can cause it to crash, resulting in a denial of service condition.
3878ab5590562a5fd5ca50aa28fff88a0aafae68e4b7788d01ccb77fe3e7103dKaseya Virtual System Administrator suffers from multiple code execution vulnerabilities and a privilege escalation vulnerability. VSA versions 7.0.0.0 through 7.0.0.32, 8.0.0.0 through 8.0.0.22, 9.0.0.0 through 9.0.0.18, and 9.1.0.0 through 9.1.0.8 are affected.
1c99f00ec0d2ed27ea5157a13205f5e690ec57a19a7df31ce5375b1b3e123c64Mitsubishi Melsec FX3G-24M suffers from a denial of service vulnerability.
11305edb69fbaa63801ee810fdf8c773dad4fb7309cec538b632d1ce094cd87eRSA Web Threat Detection versions prior to 5.1 SP1 suffer from information disclosure and privilege escalation vulnerabilities.
2024bffad25c1834ef402bcbdfd21f38a0a47c4ad346146576728f0000db62fcWestern Digital My Cloud with firmware versions 04.01.03-421 and 04.01.04-422 suffer from a command injection vulnerability.
5d13f0de1e0b2a53135158203c1905e87a858a9bdaaed71017ec7b5b3450f136Red Hat Security Advisory 2015-1841-01 - Chromium is an open-source web browser, powered by WebKit. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to bypass cross origin restrictions, and access or modify data from an unrelated web site. All Chromium users should upgrade to these updated packages, which contain Chromium version 45.0.2454.101, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.
456b42479e1bee74eee40f4fe565aa49f0e5a59ac2e3de9a9a161243c0c64bbeRed Hat Security Advisory 2015-1840-01 - OpenLDAP is an open source suite of Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and documentation for OpenLDAP. A flaw was found in the way the OpenLDAP server daemon parsed certain Basic Encoding Rules data. A remote attacker could use this flaw to crash slapd via a specially crafted packet. All openldap users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
2b8db859613f053e6c09246eb10db2943893cddb4c9cda9cb50ffde1360f2a63Ubuntu Security Notice 2752-1 - Benjamin Randazzo discovered an information leak in the md (multiple device) driver when the bitmap_info.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel. Lureau discovered that the vhost driver did not properly release the userspace provided log file descriptor. A privileged attacker could use this to cause a denial of service (resource exhaustion). Various other issues were also addressed.
43c8af60617a3cb82c13b8eea007dc203afb51c8b9ee1c3bc727f761b34d969cUbuntu Security Notice 2751-1 - Benjamin Randazzo discovered an information leak in the md (multiple device) driver when the bitmap_info.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel. Lureau discovered that the vhost driver did not properly release the userspace provided log file descriptor. A privileged attacker could use this to cause a denial of service (resource exhaustion). Various other issues were also addressed.
405924714667abca6dd52a948eb668373582fe5cba40c4a1e880bf55c253e392Ubuntu Security Notice 2749-1 - Benjamin Randazzo discovered an information leak in the md (multiple device) driver when the bitmap_info.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel. Lureau discovered that the vhost driver did not properly release the userspace provided log file descriptor. A privileged attacker could use this to cause a denial of service (resource exhaustion). Various other issues were also addressed.
1ad33970177e89c201e06657bf2522131da69327d6e514c9f7cc7029cbe0d992Ubuntu Security Notice 2750-1 - It was discovered that an integer overflow error existed in the SCSI generic (sg) driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service (system crash) or potentially escalate their privileges.
84ba5906bcfde9a5c24394d70086061660eaebde607ead784b3440ce4c078184Ubuntu Security Notice 2753-1 - Roman Fiedler discovered a directory traversal flaw in lxc-start. A local attacker with access to an LXC container could exploit this flaw to run programs inside the container that are not confined by AppArmor or expose unintended files in the host to the container.
bf728d8d9557ae32a0f457e004e3e1252ff88f1b5ac7dfef985bd1728212d762The JSON parser in freeswitch versions prior to 1.6.2 and 1.4.23 suffer from a heap overflow vulnerability.
de3aaff5638707412bde78c6ccb88f499aec5c4ddc637410c1b6a1234caa7426WordPress mTheme-Unus theme versions prior to 2.3 suffer from a local file inclusion vulnerability.
12285bc1e496cd6d4315b9ec60b09a7ec673603539932383c3d6766aa6187a63
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed