Untangle NGFW versions 12.1.0 Beta and below execEvil() authentication root command injection exploit.
6b6b9f55e4e0320da456dbd48649b468e11cad30e125d2f8cbdbf12e0f473a27Ubuntu Security Notice 3017-1 - Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.
79f36f91ab71a9288eb4ac5bd94a84055fe207a3b8ffde26e2b998bac448de0bUbuntu Security Notice 3017-2 - Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.
9a2ae0d9a1ce7f3c114d1711ce02b4e07a2fdfe9dd0b82dad517fe7ff5247145Red Hat Security Advisory 2016-1341-01 - The kernel-rt package contain the Linux kernel, the core of any Linux operating system. This update provides a build of the kernel-rt package for Red Hat Enterprise MRG 2.5 that is layered on Red Hat Enterprise Linux 6, and provides a number of bug fixes.
d575326270c1ed2341561383bf71c876563587ce203f19a644eee79474e53727Ubuntu Security Notice 3016-3 - Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.
4a46c330fbc5d59fcecbb0755e870ff87b7bc2891a32e3f9e0bc14cf19ac7aa1Gentoo Linux Security Advisory 201606-17 - Multiple vulnerabilities have been found in hostapd and wpa_supplicant, allowing remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 2.5 are affected.
5d7af6d69f7d7ea29cb1b7d706cf8f37dc0cd7148f64745c77580d11fd656ddeRiverbed SteelCentral NetProfiler and NetExpress versions 10.8.7 and below suffer from command injection, privilege escalation, local file inclusion, account hijacking, and remote SQL injection vulnerabilities.
00ab1d582827932b2ba3b410528854489b8967d3984a75bb1c14cd8cdf9bae86Ubuntu Security Notice 3016-2 - Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.
3b960ba01dd7b794aef265df87941a0121a7b266f1c50456a9f279d9ccd0c927Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the lastest versions of Encripto's Maligno and Pcapteller.
864bbff45b523909afdd66be5c8db8e1600deb37c0595b635a7b5803b4788e83Ubuntu Security Notice 3016-1 - Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. Various other issues were also addressed.
b7b6569c094d6e250336c05cb6c8a2054aae6090826ed99ebac47b7a65fba9bdiBilling version 3.7.0 suffers from multiple stored and reflective cross site scripting vulnerabilities.
90c8a074050732437227d5b545e662c2703b13765c44c9ecfda872f7e4a5d9d0The CloudGate M2M gateway from Option suffers from an insecure direct object reference that allows for authorization bypass as well as cross site scripting vulnerabilities.
1004def6073bda6407b393c2311d74ac79b0df7f786b39ba8e7a5bac5dd631c3Multiple Panda Security products are vulnerable to local privilege escalation. As the USERS group has write permissions over the folder where the PSEvents.exe process is located, it is possible to execute malicious code as Local System.
f2c3335b56476d81d249fe69f248bb45a5f8e46e582bf79a99ae8afe17b0dee0Gentoo Linux Security Advisory 201606-16 - A buffer overflow in PLIB might allow remote attackers to execute arbitrary code. Versions less than 1.8.5-r1 are affected.
1c00e066fb23540a9ad5a677e16190d40daf940bd0c13db2d78f895381422e5dGentoo Linux Security Advisory 201606-15 - Multiple vulnerabilities have been found in FreeXL, allowing remote attackers to executive arbitrary code or cause Denial of Service. Versions less than 1.0.1 are affected.
66447f4605cfc40f3673194b46cfdc8235c53aa2e27abc0a1bc15530254a1485Gentoo Linux Security Advisory 201606-14 - Multiple vulnerabilities have been found in ImageMagick including overflows and possible Denials of Service. Versions less than 6.9.0.3 are affected.
70b73520d788fbcf5fd3bcbbb0cfc03ecd29886963a4711f6ca6c91671edb703
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed