what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2017-11-29

Debian Security Advisory 4050-1
Posted Nov 29, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4050-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, information leaks, privilege escalation or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2017-14316, CVE-2017-14317, CVE-2017-14318, CVE-2017-14319, CVE-2017-15588, CVE-2017-15589, CVE-2017-15590, CVE-2017-15592, CVE-2017-15593, CVE-2017-15594, CVE-2017-15595, CVE-2017-15597
SHA-256 | a529e71e47e45bfddd90466706afd9373a145cba82a1e0b55cb9002972cff57a
Hipchat For Mac 4.x Remote Code Execution
Posted Nov 29, 2017
Authored by Matthew Hart

Hipchat for Mac desktop client versions prior to 4.30 suffer from a remote code execution vulnerability.

tags | advisory, remote, code execution
advisories | CVE-2017-14586
SHA-256 | 8d4ee003b008842df1a8bbe4503c53d309960157148ffac1215331883d3d8291
Mac OS X Root Privilege Escalation
Posted Nov 29, 2017
Site metasploit.com

This Metasploit module exploits a serious flaw in Mac OS X High Sierra. Any user can login with user "root", leaving an empty password.

tags | exploit, root
SHA-256 | dd129338b035d1f1252020b0fcad4403a67d63fb88369b316e4ae2fb47bd5adc
Kernel Live Patch Security Notice LSN-0032-2
Posted Nov 29, 2017
Authored by Benjamin M. Romer

Anthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. Bo Zhang discovered that the netlink wireless configuration interface in the Linux kernel did not properly validate attributes when handling certain requests. A local attacker with the CAP_NET_ADMIN could use this to cause a denial of service (system crash). It was discovered that the nested KVM implementation in the Linux kernel in some situations did not properly prevent second level guests from reading and writing the hardware CR8 register. A local attacker in a guest could use this to cause a denial of service (system crash). Otto Ebeling discovered that the memory manager in the Linux kernel did not properly check the effective UID in some situations. A local attacker could use this to expose sensitive information.

tags | advisory, denial of service, kernel, local
systems | linux
advisories | CVE-2017-10911, CVE-2017-12153, CVE-2017-12154, CVE-2017-14140
SHA-256 | 4ac498fe64bdf58c75838bf98a75ded8239a7ff13c95ce564a4824dd91f56222
Asterisk 13.17.2~dfsg-2 Memory Exhaustion
Posted Nov 29, 2017
Authored by Juan Sacco

Asterisk version 13.17.2~dfsg-2 suffers from a remote unauthenticated memory exhaustion vulnerability.

tags | exploit, remote, denial of service
SHA-256 | 99d7d993e299b93cfe3175432dc128f681f04cd24bad4088cf2c8831bddb04c6
Ubuntu Security Notice USN-3499-1
Posted Nov 29, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3499-1 - It was discovered that Exim incorrectly handled certain BDAT data headers. A remote attacker could possibly use this issue to cause Exim to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2017-16944
SHA-256 | 84f6e7318add2363801a7c087f557e0bfddc5858647315c8653fcfcb594b870e
Ubuntu Security Notice USN-3501-1
Posted Nov 29, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3501-1 - It was discovered that libxcursor incorrectly handled certain files. An attacker could use these issues to cause libxcursor to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-16612
SHA-256 | 8533f39168f2a2d6205e712f40adfbaf90b4d8e07d352222a21441228524870d
Ubuntu Security Notice USN-3500-1
Posted Nov 29, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3500-1 - It was discovered that libXfont incorrectly followed symlinks when opening font files. A local unprivileged user could use this issue to cause the X server to access arbitrary files, including special device files.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2017-16611
SHA-256 | b53da59663327cdf80b5b7d9f88bd1b1f437c9713750218a9ffa0d56f2f3808f
Hipchat Data Center / Hipchat Server Code Execution / SSRF
Posted Nov 29, 2017
Authored by Matthew Hart

Hipchat Data Center and Hipchat Server suffer from server-side request forgery and remote code execution vulnerabilities.

tags | advisory, remote, vulnerability, code execution
advisories | CVE-2017-14585
SHA-256 | 85ff28883c85d9d50aed28fb22e57f0ab765ebcb2f08baf9a4d008871ee54eb5
Synology StorageManager 5.2 Remote Command Execution
Posted Nov 29, 2017
Authored by securiteam

Synology StorageManager version 5.2 suffers from a remote root command execution vulnerability in smart.cgi.

tags | exploit, remote, cgi, root
SHA-256 | 8b6426fb7ecab4c3be36761c437ebb2dc9019377c22d2acbac83d341781b3249
Ubuntu Security Notice USN-3498-1
Posted Nov 29, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3498-1 - Alex Nichols discovered that curl incorrectly handled NTLM authentication credentials. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 17.04 and Ubuntu 17.10. It was discovered that curl incorrectly handled FTP wildcard matching. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-8816, CVE-2017-8817
SHA-256 | 650767a44353568490e38105acd3e0afe1602b6c2b58241f68d62f5dae049444
Ubuntu Security Notice USN-3497-1
Posted Nov 29, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3497-1 - It was discovered that the Smart Card IO subsystem in OpenJDK did not properly maintain state. An attacker could use this to specially construct an untrusted Java application or applet to gain access to a smart card, bypassing sandbox restrictions. Gaston Traberg discovered that the Serialization component of OpenJDK did not properly limit the amount of memory allocated when performing deserializations. An attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, java, denial of service
systems | linux, ubuntu
advisories | CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388
SHA-256 | 5b6e1cbb08aebbd2d544357da18dc70e489442ccb7b7c6b9b67ccfd975ff3593
Red Hat Security Advisory 2017-3278-01
Posted Nov 29, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3278-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 requests to cause the server to crash or execute arbitrary code.

tags | advisory, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2017-14746, CVE-2017-15275
SHA-256 | de1f8ce0c545dd5e721901bd69c8576b25fd91fc7c1a1fc6417acc89c997fbbd
Red Hat Security Advisory 2017-3277-01
Posted Nov 29, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3277-01 - The tcmu-runner packages provide a service that handles the complexity of the LIO kernel target's userspace passthrough interface. It presents a C plugin API for extension modules that handle SCSI requests in ways not possible or suitable to be handled by LIO's in-kernel backstores. Security Fix: A flaw was found in the implementation of CheckConfig method in handler_glfs.so of the tcmu-runner daemon. A local, non-root user with access to the D-Bus system bus could send a specially crafted string to CheckConfig method resulting in various kinds of segmentation fault.

tags | advisory, kernel, local, root
systems | linux, redhat
advisories | CVE-2017-1000198, CVE-2017-1000199, CVE-2017-1000200, CVE-2017-1000201
SHA-256 | aaf6c821ca36f84890f09f4ef1269c388be4499cfef38eeaf3932641c32909bc
QEMU 2.10 Buffer Overflow
Posted Nov 29, 2017
Authored by Eric Blake

QEMU version 2.10 suffers from an NBD server long export name stack buffer overflow vulnerability. This was introduced with commit f37708f6b8.

tags | exploit, overflow
advisories | CVE-2017-15118
SHA-256 | 277647ab6158dac34428dd403eed4332179003f05cbb61e8622a3af2e5efdef8
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close