Ubuntu Security Notice 2640-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.
122682e2079f57b9d20ea0a53cbcf1fa27541a19754e2ff8123b4183c67919efRed Hat Security Advisory 2015-1115-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could cause a DTLS server or client using OpenSSL to crash or, potentially, execute arbitrary code. A flaw was found in the way the OpenSSL packages shipped with Red Hat Enterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes() function. This issue could possibly cause a multi-threaded application using OpenSSL to perform an out-of-bounds read and crash.
1b03a59ced9eb1deb3dcf1406ad52dd97e4fd2cb4f2722a75565166a58d99154Debian Linux Security Advisory 3289-1 - Alexander Cherepanov discovered that p7zip is susceptible to a directory traversal vulnerability. While extracting an archive, it will extract symlinks and then follow them if they are referenced in further entries. This can be exploited by a rogue archive to write files outside the current directory.
4be0daf5b3f39172c01e0cf01217ee23e5f5eceee2070d75eb05fb357f095125Ubuntu Security Notice 2646-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.
60e696bc948e127ea85fd077ad0c209bf2f09534c2c0a8621a196e2cd97921b8Ubuntu Security Notice 2645-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.
de2b82ff912d766408dc20664b6f617bc06909cc0ddd19f4b148902d938c7d78Ubuntu Security Notice 2647-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.
81f655f162aa73118e6b4213c239628a4fc5ae162d9fda3cc8ebc5d36142523cUbuntu Security Notice 2643-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.
46bd8c4289069bc8f1619e0e070000f2b1911c349d885324ec84b1829ab40f43Ubuntu Security Notice 2644-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.
941755602ec4f1f924dce22ad303c8570a47cadbfe65e3460042222d0f46dbc0Ubuntu Security Notice 2641-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.
7b9cbf736d04f0b23cbaf259f21e2c322036327619471c50a6d7479caa3b6a5eUbuntu Security Notice 2642-1 - Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.
6bfcc19b73797a1c86fc721f991369d043fb6e00cf5a2dd6631cf1ad67a4248bOpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
0038ba37f35a6367c58f17a7a7f687953ef8ce4f9684bbdec63e62515ed36a83The Wordpress Front-end Editor plugin contains an authenticated file upload vulnerability. We can upload arbitrary files to the upload folder, because the plugin also uses it's own file upload mechanism instead of the wordpress api it's possible to upload any file type.
4c662be98cc847f1fda87bc53f625fed8f4063241fb9ce7f5a4f93813b84ca2aTYPO3 Extension Akronymmanager versions 0.5.0 and below suffer from a remote SQL injection vulnerability.
aac69e36a0f488aa5dee4394cf24dc79b0f67a865c150c8fec55cebfb6a873d3Cisco AnyConnect Secure Mobility Client VPN API suffers from a stack buffer overflow vulnerability when parsing large amount of bytes to the 'strHostNameOrAddress' parameter in 'ConnectVpn' function which resides in the vpnapi.dll library, resulting in memory corruption and overflow of the stack. An attacker can gain access to the system of the affected node and execute arbitrary code.
dac7411f05283d661db0270e17445520d8333ee834fc62e65065a63168d12eafDebian Linux Security Advisory 3252-2 - Michal Zalewski discovered that SQLite3, an implementation of an SQL database engine, did not properly handle precision and width values during floating-point conversions, leading to an integer overflow and a stack-based buffer overflow. This could allow remote attackers to cause a denial of service (crash) or possibly have unspecified other impact.
7a0685c71c1b4c39a53b4d0bcb788d4af7b3ae6a988220dc6050e5abb4394346Debian Linux Security Advisory 3288-1 - Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library.
ea87615a3b06e77b337b2df1801d61b7c7d493f9c469f7515848dffd6e1847c4Debian Linux Security Advisory 3287-1 - Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets Layer toolkit.
8973598b9eab155137f8a27dab1743defaf1d92670002f5b25f202a1b6fea269Debian Linux Security Advisory 3286-1 - Multiple security issues have been found in the Xen virtualisation solution.
df4617fff922fb14aa9bb8c070aeda54fe27f17dd3749d173e00aec0f1557304Debian Linux Security Advisory 3285-1 - Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.
e33433c17499dd79c1bb1dae8bdae24e5514dc76b4688c07b38375f0c1b0cb3dWordPress Users to CSV plugin version 1.4.5 suffers from a cross site request forgery vulnerability.
c38fe2e6df77a4561880a32236ac8f8846cbae32ac709e17d717ef5696e62165FileZilla version 3.11.0.2 sftp module suffers from a denial of service vulnerability.
6f5addd9e80d5d04984d14203047dc430960e693a316f1e9d6621834ac0addfcPutty version 0.64 suffers from a denial of service vulnerability.
652c615b9065b861d6a2decdaf69220e6037de132a76a0adf1f2e4980881b8f2VBScan is a black box vBulletin vulnerability scanner written in perl.
457ed0a017cfc3244c581d64baec046689e95504aaf78b4d9cc1883734cd58ed
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed