Micro Focus Security Bulletin MFSBGN03798 1 - A potential security vulnerability has been identified in Micro Focus Universal CMDB. The vulnerability could be remotely exploited to allow Arbitrary Code Execution. Revision 1 of this advisory.
ef656714eb766f4da9920fcb4a9bd2827d80e3782688917d45e50599af3aa1fc
Debian Linux Security Advisory 4120-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
a3ad2e617997e88d89ce295b5ac578ee9ff2374ed457833cbc29838bab220a36
Ubuntu Security Notice 3578-1 - It was discovered that WavPack incorrectly handled certain DSDIFF files. An attacker could possibly use this to execute arbitrary code or cause a denial of service. It was discovered that WavPack incorrectly handled certain CAF files. An attacker could possibly use this to cause a denial of service.
fb13b38146725c5c5fd257cc3e8744b5c27c09e4a580a2bb1eb8ac425bf50e20
Debian Linux Security Advisory 4121-1 - This update doesn't fix a vulnerability in GCC itself, but instead provides support for building retpoline-enabled Linux kernel updates.
3bbb62982b5848237a966c9a6da4fbdf339539dd7c8d552a64ee86eac064387a
Ubuntu Security Notice 3582-2 - USN-3582-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
daa9be69cc0ac61cf74de6fe2e6ae8532732593d73b9cc8f758d6d65ec8f7b0f
Ubuntu Security Notice 3582-1 - Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Laurent Guerby discovered that the mbcache feature in the ext2 and ext4 filesystems in the Linux kernel improperly handled xattr block caching. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
c5c51d5b650dde114c7cbd8f0482d085b4d9cee329060fb6a96e4903ef4497ab
Ubuntu Security Notice 3581-2 - USN-3581-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
09b282ea0a79f98a93d584876e7479d8f059a39e4d821c376c122b737b1ab335
Ubuntu Security Notice 3581-1 - Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. ChunYu Wang discovered that a use-after-free vulnerability existed in the SCTP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code, Various other issues were also addressed.
72190ac8eaccc600ec27952b41a18832d109cc859d108ebfc84e36135c4a891f
The 64-bit Windows kernel suffers from a stack memory disclosure vulnerability in win32k!fnHkINLPMSLLHOOKSTRUCT (via user-mode callback).
39ed1a553dc5ba7854bda24d96724a606df94f6824a594b2c558d95999b97f8b
The 64-bit Windows kernel suffers from a stack memory disclosure vulnerability in win32k!SfnINLPHELPINFOSTRUCT (via user-mode callback).
9db2b6a2f72313734343e3ae0ca5ed65c710e29ce3e096990cacc40fef35204e
The 64-bit Windows kernel suffers from a stack memory disclosure vulnerability in win32k!fnHkINLPMOUSEHOOKSTRUCTEX (via user-mode callback).
9dc16fe0d908112819abe13e59b6af859aefcf4bc80c0dab0b2d415048277088
The 64-bit Windows kernel suffers from a pool memory disclosure vulnerability in win32k!SfnINOUTLPWINDOWPOS (via user-mode callback).
1eed7b00222e29c978acb68fc8864908886b54f016ea6b4c09c3f1a9b30a0409
Microsoft IE11 suffers from a use-after-free vulnerability in Js::RegexHelper::RegexReplace.
734a98cbfc15f0c966a37c25c2d8f7d0f898a4d44f03218af7d92ba501bc2d76
Windows suffers from a Constrained Impersonation Capability privilege escalation vulnerability.
ed784628f28f7517017e042c1ef0ae076e0055b7540f2b38df01d9eb8b3f0cf9
The Windows Kernel suffers from double fetches in win32kfull!xxxImeWindowPosChanged and win32kfull!InternalRebuildHwndListForIMEClass.
04bd702a96710210ed2281a1b45d1698d4d195df575dc55bd9e354d475aaef45
Windows StorSvc SvcMoveFileInheritSecurity suffers from an arbitrary file security descriptor overwrite vulnerability that allows for privilege escalation.
76ff500de37c611d2bfcf33767cff37b09da85a8307edfdee626783a4fb7a6df