Ubuntu Security Notice 2619-1 - A flaw was discovered in the Linux kernel's IPv4 networking when using TCP fast open to initiate a connection. An unprivileged local user could exploit this flaw to cause a denial of service (system crash).
3ef6936a70c7ad0d26493e6f0c68650c10610d099531f5352d1c0c438fb0cef7
Fuse (fusermount) suffers from a local privilege escalation vulnerability. This is a proof of concept for Ubuntu.
b50e101f0fd8a29c70f51dd4db578306c1a77f5520e6a8b981293987baf4ba67
The named pipe, \SUPipeServer, can be accessed by normal users to interact with the System update service. The service provides the possibility to execute arbitrary commands as SYSTEM if a valid security token is provided. This token can be generated by calling the GetSystemInfoData function in the DLL tvsutil.dll. Please, note that the System Update is stopped by default but can be started/stopped calling the Executable ConfigService.exe.
a1b4e2c233f7b4436e33e4531fa6f85ed939d5f69470091600ce9b27ca87965a
AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.
f07611383390a88b0484807dc1dc34c2502a7b89eb92b376706498b7319dbd13
TCPDF library versions 5.9 and below suffer from an arbitrary file deletion vulnerability via object injection.
d85aaaf04782eae8912ed94a4cb59fce8b367a908734638e2ca9f22c8b5e762c
Debian Linux Security Advisory 3270-1 - Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system.
8873a7dbfa5c7d4cef87a54d372d9f9dca054e3d4a6a2892b4b2e81cb7efebdf
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
b88b363896454250c3f561b0b48479f18295c93596d2e81baa10c5a3ae609a76
WordPress Video Gallery plugin version 2.8 fails to protect email functionality allowing it to be leveraged for spam.
b38dfee27a4c0e1d32faae66624c949bb13653c914e633032fe3b5a39ed22b21
Ubuntu Security Notice 2617-2 - USN-2617-1 fixed a vulnerability in FUSE. This update provides the corresponding fix for the embedded FUSE copy in NTFS-3G. Tavis Ormandy discovered that FUSE incorrectly filtered environment variables. A local attacker could use this issue to gain administrative privileges. Various other issues were also addressed.
999753c1af436edaf4b010cca89b890cd02bd39ab54ca4d50a31b2b1039d399a
Debian Linux Security Advisory 3267-1 - Several vulnerabilities were discovered in the chromium web browser.
13fb1c54b3fd812086ec0f10830e7f77c85dfe9d2207d97d1c96fa6ae51587e4
Debian Linux Security Advisory 3268-1 - Tavis Ormandy discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing mount or umount with elevated privileges. A local user can take advantage of this flaw to overwrite arbitrary files and gain elevated privileges by accessing debugging features via the environment that would not normally be safe for unprivileged users.
61313a9cfb45bc2e5acc0db1d9cbaf904414c932f54e3c13ce85700ecd2a1772
Core Security Technologies Advisory - Sendio ESP (E-mail Security Platform) is a network appliance which provides anti-spam and anti-virus solutions for enterprises. Two information disclosure issues were found affecting some versions of this software, and can lead to leakage of sensitive information such as user's session identifiers and/or user's email messages.
e11474848d575d94bc3dada06c86583e82c5a7ffe114e1c931a34769da9a4783
WordPress WP Membership plugin version 1.2.3 suffers from a privilege escalation vulnerability.
e61bf669773c2f5f27ac77cb45ed738f2bf04021b88a306527b0fb6085f0a6e2
HP Security Bulletin HPSBMU03336 - A potential security vulnerability has identified with HP Helion OpenStack. The vulnerability could be exploited resulting in Denial of Service (DoS) or execution of arbitrary code. Revision 1 of this advisory.
7704cc07176751fa9734b71a387deda7db02facc204f3c1ed040b34d5919fac8
WordPress WP Membership plugin version 1.2.3 suffers from a stored cross site scripting vulnerability.
36766decc9aa89c69fc6d423d64aea2c87507fd96654d86e772666c5f5bca00a
HostBox SSH is a python script will scan servers and routers for insecure SSH configurations.
b55137452b2a45adab3c782adc62d4c2c7ca8f68e4dd4c9594cfb5c4e7811d02
Webgrind version 1.1 suffers from a cross site scripting vulnerability.
f01bd61532fe3b683730775cbcfec3d84aa16dcf6f66290d250b764307171fff
SolarWinds Network Performance Monitor suffers from an open redirection vulnerability.
98bee185bf6b9834e8b2f02f00c6e2a8718feccef211264df1ada93450f87cb5
Pluck CMS version 4.7.2 suffers from a directory traversal vulnerability.
7c7078ee34086c1d03364e33d9933840fb1aa284905363a1dd5744811240593f
Debian Linux Security Advisory 3261-2 - The update for libmodule-signature-perl issued as DSA-3261-1 introduced a regression in the handling of the --skip option of cpansign. Updated packages are now available to address this regression.
9ffc4469303f301df36794486ac0079019697babb1f1ea0fe27496723ad2f9bc
Ubuntu Security Notice 2610-1 - Several security issues were discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass Same Origin Policy restrictions. A use-after-free was discovered in the WebAudio implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. Various other issues were also addressed.
2a50faac12225b647dab0436c87afb4bd9c0fc7f2a04a3d6ef3ceca5b75660f1
Ubuntu Security Notice 2618-1 - It was discovered that python-dbusmock incorrectly handled template loading from shared directories. A local attacker could possibly use this issue to execute arbitrary code.
ae358f0ed8c43202affc6d2a54cee752c5e32f2a4e9b99adbe57dd70437963a2
Debian Linux Security Advisory 3266-1 - Tavis Ormandy discovered that FUSE, a Filesystem in Userspace, does not scrub the environment before executing mount or umount with elevated privileges. A local user can take advantage of this flaw to overwrite arbitrary files and gain elevated privileges by accessing debugging features via the environment that would not normally be safe for unprivileged users.
c9b513c810f42744dffe969ba1742503b406d74fc6d9acf60cf4363bf131a9d5
Jackrabbit versions 2.x suffer from a WebDAV XXE injection vulnerability. Included are details and patches.
6408e65868c52858ab9e20f4d7de9fc89e4df4439e5fa505f752b7ed50030fc8
Ubuntu Security Notice 2609-1 - Sander Bos discovered that Apport incorrectly handled permissions when the system was configured to generate core dumps for setuid binaries. A local attacker could use this issue to gain elevated privileges. Philip Pettersson discovered that Apport contained race conditions resulting core dumps to be generated with incorrect permissions in arbitrary locations. A local attacker could use this issue to gain elevated privileges. Various other issues were also addressed.
1d961a91e6e6862b495af5e72c592de9ee5d3c3dd5177f97473b7c7b4a16db20