Ubuntu Security Notice 6021-1 - It was discovered that Chromium did not properly manage memory in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Chromium could be made to access memory out of bounds in WebHID. A remote attacker could possibly use this issue to corrupt memory via a malicious HID device, resulting in a denial of service, or possibly execute arbitrary code.
faee70205285f8a8eea1bdb1c67f4cfd98cea70644374972723c122737ddaafdUbuntu Security Notice 6020-1 - It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service. It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs.
9f8a525bced3457cbb2ffef2d4c8ab52e3e2a9ca5102fcd46297cebb9d8ad5bdUbuntu Security Notice 6018-1 - Chen Lu, Lei Wang, and YiQi Sun discovered a privilege escalation vulnerability in apport-cli when viewing crash reports and unprivileged users are allowed to run sudo less. A local attacker on a specially configured system could use this to escalate their privilege.
a2ab38b1ea2440929f757f965c0d178ce1dba9f6d4528d4b595a40f0c633f0c7Ubuntu Security Notice 6019-1 - It was discovered that Flask-CORS did not properly escape paths before evaluating resource rules. An attacker could possibly use this to expose sensitive information.
12e1c98e648293f1b66a4d11e12c17b778a10e2da4d45986da8978a1f8da0a77Debian Linux Security Advisory 5388-1 - It was reported that HAProxy, a fast and reliable load balancing reverse proxy, does not properly initialize connection buffers when encoding the FCGI_BEGIN_REQUEST record. A remote attacker can take advantage of this flaw to cause an information leak.
b6c11ab5bb87b337ebbaed8f8330591ab80b9bb08c699ec66294fce4540dec2bDebian Linux Security Advisory 5387-1 - David Marchard discovered that Open vSwitch, a software-based Ethernet virtual switch, is susceptible to denial of service via malformed IP packets.
82a5b3a701e6d9d96e91e26773ef14cfb1515c5e42ade293fed2ce433bd1f0c0I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
f53f34fbe23a8762e3786572751b301befb28288efb6b1042d4fc64c6610784fUbuntu Security Notice 6017-1 - Hadrien Perrineau discovered that Ghostscript incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.
8a359cbdab74e99b960cd11f68d30ea4b17fdb818e2b6bac32b5fd878cb98b28Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
4da5e4e91e49992633a6024ce10afe6441255b2775a8f20f1ef188bd1129ac66Ubuntu Security Notice 6016-1 - It was discovered that thenify incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code.
cffd640c08f6a5d8c5818ed9a4d1a5454a2911c1167dac162cd1bcfe3b5e93abMicrosoft Word appears to suffer from a remote code execution vulnerability when a user load a malicious file that reaches out to an attacker-controller server to get a hostile payload.
8ab600383b2980700b22b249418126bff6776fde4672ab8d2e1bbd8b3c50a7f2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed