Dell Customer Connect (DCCService.exe) version 1.3.28.0 suffers from a local privilege escalation vulnerability.
01adb10edf42c5c531eefc99d7226ee312a57ead81179ddea9469321e3875f5eOpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leveraging the availability of the dm_bp_transition docbase method with a user-created dm_procedure object, as demonstrated by use of a backspace character in an injected string. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2513. This code is a proof of concept exploit.
075e41464f5a5b594ef398cfbdc839e338020d08e61a4d818296c681db42b4d7Ubuntu Security Notice 3266-2 - USN-3266-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. Alexander Popov discovered that a race condition existed in the Stream Control Transmission Protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service.
38bf0e1ebe7b487031f7f129018d145bb062758b3fcb637423c23f99910dc876Ubuntu Security Notice 3265-1 - It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service. Andrey Konovalov discovered an out-of-bounds access in the IPv6 Generic Routing Encapsulation tunneling implementation in the Linux kernel. An attacker could use this to possibly expose sensitive information. Various other issues were also addressed.
458544e325eb238c58004371dbe9356a95171c61c3dbdaeb26265ab61d0a46c5Ubuntu Security Notice 3265-2 - USN-3265-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
0c9967de91275097ac2b964a5f5f15ab25ba17e3a65406a24207ac40379c8d83Ubuntu Security Notice 3266-1 - Alexander Popov discovered that a race condition existed in the Stream Control Transmission Protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service.
388005729548db4ef2fb458e260c25a00a658e1fc5e6cc30a86ff9544d66f5cdUbuntu Security Notice 3264-2 - USN-3264-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Alexander Popov discovered that a race condition existed in the Stream Control Transmission Protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
08bd22ddd449f23f83690f03bef696d4220beacfda3e370c51c533548712002aUbuntu Security Notice 3267-1 - Jann Horn discovered that Samba incorrectly handled symlinks. An authenticated remote attacker could use this issue to access files on the server outside of the exported directories.
380cf9bf4beda1eda84eea11a36b4452ad006b1cfa8e93c8e4f2d3defff5110cUbuntu Security Notice 3268-1 - Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. It was discovered that QEMU incorrectly handled the JAZZ RC4030 device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Jann Horn discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to access files on the host file system outside of the shared directory and possibly escalate their privileges. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Various other issues were also addressed.
55219cd93a67e26cc2c98285217c82a6a4c4a415f32a2bc50c406be0dfd12705Ubuntu Security Notice 3264-1 - Alexander Popov discovered that a race condition existed in the Stream Control Transmission Protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service.
5617bdc6e6c1ccc15c09b9257b1ec4cce82e101317b00bd377fd23662ed06fa8Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
df5e943771e59fc2289df3af757bd1a57e0e1c52504d2a66c7b611ab1f057e98Debian Linux Security Advisory 3833-1 - Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library.
8d692af2b943bea43208aef15f7da5e70206cdcf1a91c28cbe75076b9a37add4Red Hat Security Advisory 2017-1126-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system.
34d392e00adb86300a44fe21a8d79fc93f1e9dbf79ba5dc3b3e00240e2bbc6beRed Hat Security Advisory 2017-1125-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system.
7112adc140cf091a6d4e364b6e09c73a98b1eea23f7cd1fef5eb48900766f898Red Hat Security Advisory 2017-1124-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 58.0.3029.81. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.
e325fa775ede1fe0fa9d26ba89abf5e87c0e726c82d6a6adb5a3e13ea26b42d1OXATIS 2017 suffers from a cross site scripting vulnerability.
b4ff5aa49a3b93d6b92ea4d397b075e42df21186055dbc33740a7c44b12f9701
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed