Ubuntu Security Notice 2851-1 - Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service (crash the host) or potentially execute arbitrary code on the host. Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform sanity checks on the device's state. An attacker could exploit this flaw to cause a denial of service (NULL dereference) on the host. Various other issues were also addressed.
c3bc75f25e193f65a56c6bde3e9a18bb5184bd7f7287a3922a66b78bdb330a5cUbuntu Security Notice 2849-1 - Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service (crash the host) or potentially execute arbitrary code on the host. Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform sanity checks on the device's state. An attacker could exploit this flaw to cause a denial of service (NULL dereference) on the host. Various other issues were also addressed.
a1a98844b4c2a11b68747717adfe49c0ebd896f8f591949ca53e7b528714ec65Ubuntu Security Notice 2850-1 - Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service (crash the host) or potentially execute arbitrary code on the host. Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform sanity checks on the device's state. An attacker could exploit this flaw to cause a denial of service (NULL dereference) on the host. Various other issues were also addressed.
8801a20dfe670ed0777b0812cfbdf2656a6759e6e01895b49721cb6f391a893fUbuntu Security Notice 2848-1 - Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service (crash the host) or potentially execute arbitrary code on the host. Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform sanity checks on the device's state. An attacker could exploit this flaw to cause a denial of service (NULL dereference) on the host. Various other issues were also addressed.
fc0f72b1e064467de2364cecc6ee0a59b06910e328536901a7907d726cba38d5Ubuntu Security Notice 2847-1 - Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service (crash the host) or potentially execute arbitrary code on the host. Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform sanity checks on the device's state. An attacker could exploit this flaw to cause a denial of service (NULL dereference) on the host. Various other issues were also addressed.
a7cf252d76724c2696c8b0cb0001b4c7e59cffd0126ac0be2507a723b3d60e50Ubuntu Security Notice 2846-1 - Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service (crash the host) or potentially execute arbitrary code on the host. Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform sanity checks on the device's state. An attacker could exploit this flaw to cause a denial of service (NULL dereference) on the host. Various other issues were also addressed.
5e59637211ac669a6fd9f9623acc33991625d2d3212f5382f6bfe4f00e418b6aExam Board version 3.0.0 suffers from a remote blind SQL injection vulnerability.
1db258453831fc96399f2c5fc0a1addbb932de51306522eab2efa0edf75429b7WordPress WooCommerce plugin version 2.4.12 suffers from a php code injection vulnerability.
6382627c73de7e379972bca836000d6bf7d3c8fe5f12fdb6bc269b7bd852ffb7AContent version 1.3 suffers from a remote arbitrary file upload vulnerability.
93b90a1d0f454436f8260fffbeeb911529b7af85b34f09eb37a506a1cb624866The Dell Pre-Boot Authentication Driver (PBADRV.sys) contains a vulnerability that can be leveraged to enable an attacker to write arbitrary code. The 'OutputAddress' from the IOCTL call is not validated before it attempts to write to memory. The content of the write is a four-byte hex value that is always greater than that of the kernel base address. Using multiple writes, it may be possible to overwrite the first entry of HalDispatchTable in a way that the entry would point to a user-land address. An attacker need only allocate shellcode at said address and call the ntdll!NtQueryIntervalProfile() function.
4c39d7663202b0e6a4d111b2cedc2d39282bb058581eda40719607e5ea6add5aSeagate GoFlex Satellite Mobile Wireless Storage devices contain a hardcoded backdoor account. An attacker could use this account to remotely tamper with the underlying operating system when Telnet is enabled.
5c61cfee09fbb37a6bafacad5f5ac3b5b476c894b553933c75614523958a3ff4Red Hat Security Advisory 2015-2670-01 - Apache Commons Collections is a library built upon Java JDK classes by providing new interfaces, implementations and utilities. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
eb6b898028084584c67bd48cffa7bd9d30bffcbbb214bc9cad86b6cca532b017There is a use-after-free vulnerability in Sound.setTransform. If a transform value is set to an object with valueOf defined, it can free the transform before the values are set.
c1ceaaaa99b552103d65a27ff421a1450a5ae32dd9aa482a6a5ee0d3f1498394Slackware Security Advisory - New grub packages are available for Slackware 14.1 and -current to fix a security issue.
83725abaa7311856eae58ea3aa43594cf6d9d290076e54a04c4289a9b9b15519Slackware Security Advisory - New libpng packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
463a099c97a10c82afc5272db79e75f365c7be110e4bba31d43d7cfcc2e05c11Debian Linux Security Advisory 3426-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, information leak or data loss.
eefa8528c8f76d273a5ac0c5e68a8ee3b0c177db643785311de84b9e1b210774Ubuntu Security Notice 2845-1 - Dolev Farhi discovered an information disclosure issue in SoS. If the /etc/fstab file contained passwords, the passwords were included in the SoS report. This issue only affected Ubuntu 14.04 LTS. Mateusz Guzik discovered that SoS incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files or gain access to temporary file contents containing sensitive system information. Various other issues were also addressed.
35969627a5eb4d0bc47c9ea660f4346a68543a1d58dbd5d4042313fd0105be85Avira Registry Cleaner suffers from a local DLL hijacking vulnerability.
25dbcc7db394b17559de2ca3d0756be3cb74f12b5d2bde975cdaeb1e15c10f9dEasy File Sharing FTP server version 3.6 suffers from a stack buffer overflow vulnerability.
9657a4303ce0c7f923db80806a251e3b34247c64f4f4fdbcee53929e89b64309PFSense versions 2.2.5 and below suffer from a directory traversal vulnerability.
e9d17907677434b8805f6d8cf50f4060c63207d28f4c41bf95d1debf8bf21932Samsung's SoftAP WPA2-PSK password generation is weak and can be cracked in a few hours.
d07302b705ff9d90ee5c3f1bd5da6e5f61c13558040cb8ca8a031f9fbc137494Pinger suffers from a remote code execution vulnerability.
0457b78a351ec4c29e621f12c3e59e1830fe8ae097569311e0d9adbb738d66e0There is a use-after-free in MovieClip.attachBitmap. If the depth parameter is an object with valueOf defined, this method can free the MovieClip, which is then used.
1a53857646bf613431067a57c39e68fce010b87e4dc0cc01d200ff2bfadd9bebThere is a use-after-free in MovieClip.startDrag. If a parameter an object with valueOf defined, this method can free the MovieClip, which is then used.
e479fa941ff211a21353dd962d4b4fe88a594a11c11379dd4a855f8d02e16580There is a use-after-free in MovieClip.duplicateMovieClip. If the depth or movie name parameter provided is an object with toString or valueOf defined, this method can free the MovieClip, which is then used.
e936ec48ce119179fb911647dd9431f43776db694735d18ab919a4433fa1ad4c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed