Ubuntu Security Notice 2619-1 - A flaw was discovered in the Linux kernel's IPv4 networking when using TCP fast open to initiate a connection. An unprivileged local user could exploit this flaw to cause a denial of service (system crash).
3ef6936a70c7ad0d26493e6f0c68650c10610d099531f5352d1c0c438fb0cef7Fuse (fusermount) suffers from a local privilege escalation vulnerability. This is a proof of concept for Ubuntu.
b50e101f0fd8a29c70f51dd4db578306c1a77f5520e6a8b981293987baf4ba67The named pipe, \SUPipeServer, can be accessed by normal users to interact with the System update service. The service provides the possibility to execute arbitrary commands as SYSTEM if a valid security token is provided. This token can be generated by calling the GetSystemInfoData function in the DLL tvsutil.dll. Please, note that the System Update is stopped by default but can be started/stopped calling the Executable ConfigService.exe.
a1b4e2c233f7b4436e33e4531fa6f85ed939d5f69470091600ce9b27ca87965aAIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.
f07611383390a88b0484807dc1dc34c2502a7b89eb92b376706498b7319dbd13TCPDF library versions 5.9 and below suffer from an arbitrary file deletion vulnerability via object injection.
d85aaaf04782eae8912ed94a4cb59fce8b367a908734638e2ca9f22c8b5e762cDebian Linux Security Advisory 3270-1 - Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system.
8873a7dbfa5c7d4cef87a54d372d9f9dca054e3d4a6a2892b4b2e81cb7efebdfTor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
b88b363896454250c3f561b0b48479f18295c93596d2e81baa10c5a3ae609a76WordPress Video Gallery plugin version 2.8 fails to protect email functionality allowing it to be leveraged for spam.
b38dfee27a4c0e1d32faae66624c949bb13653c914e633032fe3b5a39ed22b21Ubuntu Security Notice 2617-2 - USN-2617-1 fixed a vulnerability in FUSE. This update provides the corresponding fix for the embedded FUSE copy in NTFS-3G. Tavis Ormandy discovered that FUSE incorrectly filtered environment variables. A local attacker could use this issue to gain administrative privileges. Various other issues were also addressed.
999753c1af436edaf4b010cca89b890cd02bd39ab54ca4d50a31b2b1039d399aDebian Linux Security Advisory 3267-1 - Several vulnerabilities were discovered in the chromium web browser.
13fb1c54b3fd812086ec0f10830e7f77c85dfe9d2207d97d1c96fa6ae51587e4Debian Linux Security Advisory 3268-1 - Tavis Ormandy discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing mount or umount with elevated privileges. A local user can take advantage of this flaw to overwrite arbitrary files and gain elevated privileges by accessing debugging features via the environment that would not normally be safe for unprivileged users.
61313a9cfb45bc2e5acc0db1d9cbaf904414c932f54e3c13ce85700ecd2a1772Core Security Technologies Advisory - Sendio ESP (E-mail Security Platform) is a network appliance which provides anti-spam and anti-virus solutions for enterprises. Two information disclosure issues were found affecting some versions of this software, and can lead to leakage of sensitive information such as user's session identifiers and/or user's email messages.
e11474848d575d94bc3dada06c86583e82c5a7ffe114e1c931a34769da9a4783WordPress WP Membership plugin version 1.2.3 suffers from a privilege escalation vulnerability.
e61bf669773c2f5f27ac77cb45ed738f2bf04021b88a306527b0fb6085f0a6e2HP Security Bulletin HPSBMU03336 - A potential security vulnerability has identified with HP Helion OpenStack. The vulnerability could be exploited resulting in Denial of Service (DoS) or execution of arbitrary code. Revision 1 of this advisory.
7704cc07176751fa9734b71a387deda7db02facc204f3c1ed040b34d5919fac8WordPress WP Membership plugin version 1.2.3 suffers from a stored cross site scripting vulnerability.
36766decc9aa89c69fc6d423d64aea2c87507fd96654d86e772666c5f5bca00aHostBox SSH is a python script will scan servers and routers for insecure SSH configurations.
b55137452b2a45adab3c782adc62d4c2c7ca8f68e4dd4c9594cfb5c4e7811d02Webgrind version 1.1 suffers from a cross site scripting vulnerability.
f01bd61532fe3b683730775cbcfec3d84aa16dcf6f66290d250b764307171fffSolarWinds Network Performance Monitor suffers from an open redirection vulnerability.
98bee185bf6b9834e8b2f02f00c6e2a8718feccef211264df1ada93450f87cb5Pluck CMS version 4.7.2 suffers from a directory traversal vulnerability.
7c7078ee34086c1d03364e33d9933840fb1aa284905363a1dd5744811240593fDebian Linux Security Advisory 3261-2 - The update for libmodule-signature-perl issued as DSA-3261-1 introduced a regression in the handling of the --skip option of cpansign. Updated packages are now available to address this regression.
9ffc4469303f301df36794486ac0079019697babb1f1ea0fe27496723ad2f9bcUbuntu Security Notice 2610-1 - Several security issues were discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass Same Origin Policy restrictions. A use-after-free was discovered in the WebAudio implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. Various other issues were also addressed.
2a50faac12225b647dab0436c87afb4bd9c0fc7f2a04a3d6ef3ceca5b75660f1Ubuntu Security Notice 2618-1 - It was discovered that python-dbusmock incorrectly handled template loading from shared directories. A local attacker could possibly use this issue to execute arbitrary code.
ae358f0ed8c43202affc6d2a54cee752c5e32f2a4e9b99adbe57dd70437963a2Debian Linux Security Advisory 3266-1 - Tavis Ormandy discovered that FUSE, a Filesystem in Userspace, does not scrub the environment before executing mount or umount with elevated privileges. A local user can take advantage of this flaw to overwrite arbitrary files and gain elevated privileges by accessing debugging features via the environment that would not normally be safe for unprivileged users.
c9b513c810f42744dffe969ba1742503b406d74fc6d9acf60cf4363bf131a9d5Jackrabbit versions 2.x suffer from a WebDAV XXE injection vulnerability. Included are details and patches.
6408e65868c52858ab9e20f4d7de9fc89e4df4439e5fa505f752b7ed50030fc8Ubuntu Security Notice 2609-1 - Sander Bos discovered that Apport incorrectly handled permissions when the system was configured to generate core dumps for setuid binaries. A local attacker could use this issue to gain elevated privileges. Philip Pettersson discovered that Apport contained race conditions resulting core dumps to be generated with incorrect permissions in arbitrary locations. A local attacker could use this issue to gain elevated privileges. Various other issues were also addressed.
1d961a91e6e6862b495af5e72c592de9ee5d3c3dd5177f97473b7c7b4a16db20
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed