ZineBasic version 1.1 suffers from a file disclosure vulnerability.
06b86484883fae23c8361309d9226646bad9cb8fbabb56cbe1ca5a708ff912f7SMB implementations in EMC Celerra, VNX1, VNX2 and VNXe are affected by an NTLM authentication weak nonce vulnerability that could potentially be exploited by malicious users to compromise the affected system. EMC VNX2 File OE versions prior to 8.1.9.155, EMC VNX1 File OE versions prior to 7.1.80.3, and all supported versions of EMC VNXe and EMC Celerra are affected.
08ed8e4a761485bceed652d21bc81e6e6db8c003e56286859791cdecfbecddebUbuntu Security Notice 3084-4 - Pengfei Wang discovered a race condition in the audit subsystem in the Linux kernel. A local attacker could use this to corrupt audit logs or disrupt system-call auditing. It was discovered that the powerpc and powerpc64 hypervisor-mode KVM implementation in the Linux kernel for did not properly maintain state about transactional memory. An unprivileged attacker in a guest could cause a denial of service in the host OS. Various other issues were also addressed.
3c2fbb7ec5c9ed6f368b4db7d0df2b27e18e1ee5e86cfdd96175561cf787c59cUbuntu Security Notice 3084-3 - Pengfei Wang discovered a race condition in the audit subsystem in the Linux kernel. A local attacker could use this to corrupt audit logs or disrupt system-call auditing. It was discovered that the powerpc and powerpc64 hypervisor-mode KVM implementation in the Linux kernel for did not properly maintain state about transactional memory. An unprivileged attacker in a guest could cause a denial of service in the host OS. Various other issues were also addressed.
b1527fd478908508ae69451d220c65cad25079f213acdfc0704d763143b2bf13Ubuntu Security Notice 3084-2 - USN-3084-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Pengfei Wang discovered a race condition in the audit subsystem in the Linux kernel. A local attacker could use this to corrupt audit logs or disrupt system-call auditing. Various other issues were also addressed.
d6dd8214eb90ce6f3ecb544516d1c2c9da3a9a47fcaecf9f470de1dad4cd6f92Ubuntu Security Notice 3084-1 - Pengfei Wang discovered a race condition in the audit subsystem in the Linux kernel. A local attacker could use this to corrupt audit logs or disrupt system-call auditing. It was discovered that the powerpc and powerpc64 hypervisor-mode KVM implementation in the Linux kernel for did not properly maintain state about transactional memory. An unprivileged attacker in a guest could cause a denial of service in the host OS. Various other issues were also addressed.
041db440f69287cf86d0d560304f9cc2ad2db1bde818b1fd1fe14913043891c1Ubuntu Security Notice 3083-1 - Dmitry Vyukov discovered that the IPv6 implementation in the Linux kernel did not properly handle options data, including a use-after-free. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed when handling heartbeat- timeout events in the SCTP implementation of the Linux kernel. A remote attacker could use this to cause a denial of service. Various other issues were also addressed.
52eab0418053602603e73f209e3485a85f8d0aa24f7c884e3f1b8270ed05f0b4Ubuntu Security Notice 3082-1 - Chiachih Wu, Yuan-Tsung Lo, and Xuxian Jiang discovered that the legacy ABI for ARM had incomplete access checks for epoll_wait and semtimedop. A local attacker could use this to possibly execute arbitrary code.
78480af0d32b0fa86f7245b2313c33bd6ea5a6d3271d63257a89bde3551eeab7Ubuntu Security Notice 3083-2 - USN-3083-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Dmitry Vyukov discovered that the IPv6 implementation in the Linux kernel did not properly handle options data, including a use-after-free. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
652cd80153f903b94a35a79406720a21993e90e76a9a9d24eecb192b752aa471Ubuntu Security Notice 3082-2 - Chiachih Wu, Yuan-Tsung Lo, and Xuxian Jiang discovered that the legacy ABI for ARM had incomplete access checks for epoll_wait and semtimedop. A local attacker could use this to possibly execute arbitrary code.
f1feea8469491b747927e478e26065a5bed1b7be3659ba44a7b964e4ea9682daUbuntu Security Notice 3081-1 - Dawid Golunski discovered that the Tomcat init script incorrectly handled creating log files. A remote attacker could possibly use this issue to obtain root privileges. This update also reverts a change in behavior introduced in USN-3024-1 by setting mapperContextRootRedirectEnabled to True by default.
675f6057a1c1f0a39c448e746d1b909c252d28c8cb0a684b52fd7a96408910f7WordPress Neosense theme version 1.7 suffers from a remote shell upload vulnerability.
483336d59b67f8d8d195f34a5ff3040d94a360e52713228620ce4ef924c1d190EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 7.3 contain fixes for multiple vulnerabilities. These vulnerabilities may expose the Avamar clients and servers to potentially be compromised by malicious users. They include improper authentication, improper encryption, privilege escalation, and command injection vulnerabilities.
5a4bc9d5cbfb3e7fe1be98e04086dfe29c1b721203749f2c75bd95a4099bc49eShoreTel Connect ONSITE versions 20.xx.xxxx.x and 21.xx.xxxx.x up to 21.79.4311.0 suffer from an unauthenticated remote blind SQL injection vulnerability.
5fe02891997443ded0a53a2ce816960a4a202cd2c141c914b517d4e640ef0545EKG Gadu versions 1 through 1.9~pre+r2855-3+b1 suffer from a local buffer overflow vulnerability.
aff59676a07ff154fa771cc294cbe56e8183978dc06b3dd5415de1f85a85f11eMetInfo version 3.0 suffers from a remote SQL injection vulnerability.
80cb6eb5667364f3286bbb37f303a6416c133be7473e6f3e36d2d33b71b91b40CodeCanyon iBilling version 2.4 suffers from a cross site scripting vulnerability.
d41d9e15c4377e6843aa40aa225587fee960487ca541dcbc3aa1522e730879d7ECShop version 2.7.2 suffers from an open redirection vulnerability.
e2a2b9bda2e63613dc12ca1dac19cb1a78d027e42940469e7b036872f2a9c921Coupon CMS version 5.00 suffers from an open redirection vulnerability.
5599af4764b8c21fc79507d31150a23d50bc62d02d88da4c361685c6f38e5470VMWare Workstation vprintproxy.exe suffers from multiple memory corruption and other crashes in the handling of JPEG2000 images.
edd5397d8b520f00253f4f9311dff71b9765d0e2c44fa145e57518fe92c73758VMWare Workstation vprintproxy.exe suffers from a double-free in the handling of EMF (EMR_SMALLTEXTOUT record).
e6eac7c024a8a3b3788360713d4b8f38aa43580e461b5cbd18a110c2d2f297c5VMWare Workstation vprintproxy.exe suffers from a heap buffer overflow vulnerability in the handling of TrueType NAME tables.
1d5414c24aa6efa04b7bd1a2dd19dca752085107658d72d462362ffb0de5ecebComActivity version 2.14.35 suffers from a cross site scripting vulnerability.
811f05821587559d1d5b5dfda3115d93ba677e4524b0e3cfec7d39332bac3a40
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed