Twenty Year Anniversary
Showing 1 - 15 of 15 RSS Feed

Files Date: 2017-08-17

Ubuntu Security Notice USN-3395-1
Posted Aug 17, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3395-1 - It was discovered that c-ares incorrectly handled certain NAPTR responses. A remote attacker could possibly use this issue to cause applications using c-ares to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2017-1000381
MD5 | d2cce8e48df03fe7df069e3d6ead86af
Ubuntu Security Notice USN-3394-1
Posted Aug 17, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3394-1 - It was discovered that libmspack incorrectly handled certain malformed CHM files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that libmspack incorrectly handled certain malformed CAB files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-11423, CVE-2017-6419
MD5 | 4f87d43d2be9a216285585808f4b1c2e
Ubuntu Security Notice USN-3393-1
Posted Aug 17, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3393-1 - It was discovered that ClamAV incorrectly handled parsing certain e-mail messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. It was discovered that ClamAV incorrectly handled certain malformed CHM files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. In the default installation, attackers would be isolated by the ClamAV AppArmor profile. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-6418, CVE-2017-6419, CVE-2017-6420
MD5 | 838ab7426ef1a766d55b7c8f9669078f
Tenshi Log Monitoring Program 0.16
Posted Aug 17, 2017
Authored by Andrea Barisani | Site dev.inversepath.com

tenshi is a log monitoring program, designed to watch one or more log files for lines matching user defined regular expressions and report on the matches. The regular expressions are assigned to queues which have an alert interval and a list of mail recipients. Queues can be set to send a notification as soon as there is a log line assigned to it, or to send periodic reports.

Changes: PID file is now created before dropping privileges (CVE-2017-11746). Removed old redhat, solaris and suse init scripts. Rewrote and simplified the OpenRC init script. Renamed the "gentoo" init script to "openrc". Throttled monitoring loop on empty reads. Added options for listening on Redis queues (redisqueue, redisserver).
tags | tool, system logging
systems | unix
MD5 | 9512bfe87adac0c5d113661314158e23
Red Hat Security Advisory 2017-2489-01
Posted Aug 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2489-01 - Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix: A vulnerability was found in the way Mercurial handles path auditing and caches the results. An attacker could abuse a repository with a series of commits mixing symlinks and regular files/directories to trick Mercurial into writing outside of a given repository. A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Mercurial. This can be exploited to execute shell commands with the privileges of the user running the Mercurial client, for example, when performing a "checkout" or "update" action on a sub-repository within a malicious repository or a legitimate repository containing a malicious commit.

tags | advisory, shell
systems | linux, redhat
advisories | CVE-2017-1000115, CVE-2017-1000116
MD5 | d8aca43735ba972fb53be71326d4f3c6
Debian Security Advisory 3928-2
Posted Aug 17, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3928-2 - The update shipped in DSA 3928-1 failed to build on the mips, mipsel and powerpc architectures for the oldstable distribution (jessie). This has been fixed in 52.3.0esr-1~deb8u2.

tags | advisory
systems | linux, debian
advisories | CVE-2017-7753, CVE-2017-7779, CVE-2017-7784, CVE-2017-7785, CVE-2017-7786, CVE-2017-7787, CVE-2017-7791, CVE-2017-7792, CVE-2017-7798, CVE-2017-7800, CVE-2017-7801, CVE-2017-7802, CVE-2017-7803, CVE-2017-7807, CVE-2017-7809
MD5 | f8ffe2607beda5e41f6f8336af63750d
Gentoo Linux Security Advisory 201708-02
Posted Aug 17, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201708-2 - Multiple vulnerabilities have been found in TNEF, the worst of which allows remote attackers to cause a Denial of Service condition. Versions less than 1.4.15 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2017-6307, CVE-2017-6308, CVE-2017-6309, CVE-2017-6310, CVE-2017-8911
MD5 | 309c1baeaaf32d9b2c2233305fe8299b
Gentoo Linux Security Advisory 201708-01
Posted Aug 17, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201708-1 - Multiple vulnerabilities have been found in BIND, the worst of which allows remote attackers to cause a Denial of Service condition. Versions less than 9.11.1_p1 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2016-9131, CVE-2016-9147, CVE-2016-9444, CVE-2016-9778, CVE-2017-3135, CVE-2017-3136, CVE-2017-3137, CVE-2017-3138, CVE-2017-3140, CVE-2017-3141
MD5 | 2917b6b36052180ced3593bd414af9f8
Red Hat Security Advisory 2017-2486-01
Posted Aug 17, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2486-01 - Groovy is an agile and dynamic language for the Java Virtual Machine, built upon Java with features inspired by languages like Python, Ruby, and Smalltalk. It seamlessly integrates with all existing Java objects and libraries and compiles straight to Java bytecode so you can use it anywhere you can use Java. Security Fix: It was found that a flaw in Apache groovy library allows remote code execution wherever deserialization occurs in the application. It is possible for an attacker to craft a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects are subject to this vulnerability.

tags | advisory, java, remote, code execution, python, ruby
systems | linux, redhat
advisories | CVE-2016-6814
MD5 | 5b48c38a82a5183a49596ef0d8575696
Adobe Flash Invoke Accesses Trait Out-Of-Bounds
Posted Aug 17, 2017
Authored by Google Security Research, natashenka

The included proof of concept file causes the traits of an ActionScript object to be accessed out of bounds in Adobe Flash. This can probably lead to exploitable type confusion.

tags | exploit, proof of concept
advisories | CVE-2017-3106
MD5 | 89963b5c1486fe1be37d6ac1b5c9eec1
Microsoft Edge Chakra Incorrect Jit Optimization
Posted Aug 17, 2017
Authored by Google Security Research, lokihardt

Yet another finding that the fix for an incorrect jit optimization with TypedArray setter in Microsoft Edge Chakra may not be sufficient.

tags | exploit
advisories | CVE-2017-8601
MD5 | bdb1cf3e206e20716cc1331d5db8586b
Microsoft Edge Chakra EmitNew Integer Overflow
Posted Aug 17, 2017
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from an integer overflow vulnerability in EmitNew.

tags | exploit, overflow
advisories | CVE-2017-8636
MD5 | 8345cf786d59f19382f074d30d3d7a64
Microsoft Edge Chakra Parser::ParseFncFormals Uninitialized Arguments
Posted Aug 17, 2017
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from an uninitialized arguments vulnerability in Parser::ParseFncFormals with the "PNodeFlags::fpnArguments_overriddenInParam" flag.

tags | exploit
advisories | CVE-2017-8670
MD5 | a0bb4862186218d2082f06418fe41eef
Microsoft Edge Chakra Uninitialized Arguments
Posted Aug 17, 2017
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from an uninitialized arguments vulnerability.

tags | exploit
advisories | CVE-2017-8640
MD5 | 254b2f18f283725c45ea772937348381
Microsoft Edge Chakra JavascriptFunction::EntryCall Mishandled CallInfo
Posted Aug 17, 2017
Authored by Google Security Research, lokihardt

Microsoft Edge Charka does not handle CallInfo properly in JavascriptFunction::EntryCall.

tags | exploit
advisories | CVE-2017-8671
MD5 | ca7cefcfefb9812efa9d1102c48d1f49
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

April 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    5 Files
  • 2
    Apr 2nd
    17 Files
  • 3
    Apr 3rd
    11 Files
  • 4
    Apr 4th
    21 Files
  • 5
    Apr 5th
    17 Files
  • 6
    Apr 6th
    12 Files
  • 7
    Apr 7th
    1 Files
  • 8
    Apr 8th
    6 Files
  • 9
    Apr 9th
    21 Files
  • 10
    Apr 10th
    18 Files
  • 11
    Apr 11th
    42 Files
  • 12
    Apr 12th
    7 Files
  • 13
    Apr 13th
    14 Files
  • 14
    Apr 14th
    1 Files
  • 15
    Apr 15th
    1 Files
  • 16
    Apr 16th
    15 Files
  • 17
    Apr 17th
    20 Files
  • 18
    Apr 18th
    24 Files
  • 19
    Apr 19th
    20 Files
  • 20
    Apr 20th
    2 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close