Android suffers from a KASLR bypass in pm_qos.
e57d39b01d246ceb8c13456e2e06c50b7a9d4704cb145b0737118ed637b996fdMac OS / iOS kernels suffers from a use-after-free due to a lack of locking in host_self_trap.
71fb8aae34cb7c0d37a7f49a309f5a2dae66cfa5cdb219509169904461df04bcCisco WebEx version 1.0.5 suffers from a new arbitrary command execution vulnerability via a module whitelist bypass.
cca3ecf12e0dac1eb99404188e20bcca27a53567815273560c040946b9001609OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0HTTP_Upload version 1.0.0b3 fails to appropriately take into consideration more than file extensions when mitigating malicious file uploads, allowing for remote code execution.
e323fe2a36bdc1ea0a49a45f10d4a5a86e92e82480c26d9d199a73052395b5c5Debian Linux Security Advisory 3771-1 - Multiple security issues have been found in the Mozilla Firefox web errors may lead to the execution of arbitrary code, information disclosure or privilege escalation.
d99c14028fa61a63d267e44f38d8b8fc49fc7b2804ca31dec588fe86f9a620d1Cisco Security Advisory - A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments to a port receiving content in Passthrough content mode. An exploit could allow the attacker to overflow a buffer. If successful, the attacker could execute arbitrary code or cause a DoS condition on the affected system. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
b25ac4e0a30adf1e190b4cdde7f8af8749cd2dec6e09663e29c25b6921ea28a5Cisco Security Advisory - A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient size validation of user-supplied data. An attacker could exploit this vulnerability by sending crafted H.224 data in Real-Time Transport Protocol (RTP) packets in an H.323 call. An exploit could allow the attacker to overflow a buffer in a cache that belongs to the received packet parser, which will result in a crash of the application, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
e38280c54046f87c9130ec4824a4152f839104804c03a19b62b8d53b7ab0c984Cisco Security Advisory - A vulnerability in the data plane IP fragment handler of the Adaptive Security Appliance (ASA) CX Context-Aware Security module could allow an unauthenticated, remote attacker to cause the CX module to be unable to process further traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of IP fragments. An attacker could exploit this vulnerability by sending fragmented IP traffic across the CX module. An exploit could allow the attacker to exhaust free packet buffers in shared memory (SHM), causing the CX module to be unable to process further traffic, resulting in a DoS condition. Cisco has not released and will not release software updates that address this vulnerability. There are no workarounds that address this vulnerability.
360234b583a96365ec769e58bf559cda974f2537dd62ac3a8ca202d463fbc744Red Hat Security Advisory 2017-0196-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function.
a44d2b242c7a37d563d6dc8f852849a2a378aba0acb3a1df5113f7c57b6564faRed Hat Security Advisory 2017-0195-01 - Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a newer upstream version: ansible. Multiple security issues have been addressed.
bac2055a8a470e01e78a097989076d4fa34d7e209af203d4a6ff20e24979a08eMac OS and iOS kernels suffer from a memory corruption vulnerability due to a userspace pointer being used as a length.
0e21ab8bef04b55df21495e7a540f3e13300a9331dbcf4776f45dad00c8a3317Android suffers from an RKP related memory corruption vulnerability in rkp_mark_adbd.
649722c7f67880c4ce089b2ce89d2f853771bbc7a6392616688f551b5c4956c1Mac OS / iOS kernels suffer from a use-after-free due to a failure to take reference in IOService::matchPassive.
57adee4dbe381b4218e166f2027051025367d86e1a973643acee3ccb7042ec38The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
3078b4b7a9bb956e0a44e4ad72a286d5a8e2de11f5e58b9ba548208a568fd11fOpenSSL Security Advisory 20170126 - If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. Other issues were also addressed.
457838ec233230687d717bc896db28bd57340df047d0575d696435c9376532d2
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed