TECO TP3-PCLINK version 2.1 has a vulnerability that is caused due to a boundary error in the processing of a project file, which can be exploited to cause a buffer overflow when a user opens e.g. a specially crafted .TPC file. Successful exploitation could allow execution of arbitrary code on the affected machine.
4778282fac2ab5abb25a2673b573310bfa0f672266d7d8e650fd6ed1fd4de623When Kaspersky https inspection is enabled, temporary certificates are created in %PROGRAMDATA% for validation. The naming pattern for files is {CN}.cer and CN can be modified to perform path traversals.
ce9f7093bf60e3752e2176561753c43ff890d74e6e48bcae0af1b4f25757ad05A number of Windows kernel crashes in the win32k.sys driver exist while processing a specific corrupted TTF font file. This finding documents an overflow with a malformed TrueType program.
aa2c793abdcbae42410e9648120375bbbf61f199aadac00919c7cae1a9e4ac95Red Hat Security Advisory 2015-2065-01 - The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance or potentially execute arbitrary code on the host.
de0087d5a5cfeeba9f78eba8af0424b13cc04b6e7c045f4320f4621d4e647a83Ubuntu Security Notice 2812-1 - Florian Weimer discovered that libxml2 incorrectly handled certain XML data. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. Michal Zalewski discovered that libxml2 incorrectly handled certain XML data. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. Various other issues were also addressed.
0b86195a4b80085fc469924f41acb3926e9c8feb49034bd78a19922cf368ba60Ubuntu Security Notice 2811-1 - It was discovered that the strongSwan eap-mschapv2 plugin incorrectly handled state. A remote attacker could use this issue to bypass authentication.
cedd835165495eb42046d51aaed53a6e2ccfee791e9984ef39a9b1329c72cf1dA use-after-free condition has been encountered in FreeType while fuzzing Type42 fonts. Version 2.5.3 is affected.
f0ddade4f563e81601505e4c49d519629a1f9cb5f6e95c61b4ed5f44b810a101Fuzzing the ZIP file format found multiple memory corruption issues, some of which are obviously exploitable for remote code execution as NT AUTHORITY\SYSTEM on any system with Kaspersky Antivirus.
fc8862117299fd338cb8bbf77d3ccb922e26861f2ef48f8fe569ea1fedea5e5bKaspersky Antivirus suffers from multiple memory corruption issues.
40d39044a86196b76ab3036cb625cd7d59575c7d6b723cfe1570dbcc20ce34ffFreeType version 2.5.3 suffers from an out-of-bounds read vulnerability.
19a465fb149c153359231377528dcfd4a781be9ac202c0ef5348e78ab49ed1e7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed