Ubuntu Security Notice 3208-2 - USN-3208-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the generic SCSI block layer in the Linux kernel did not properly restrict write operations in certain situations. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. Various other issues were also addressed.
1d3dac77e17589a335d73b1696ce93581c43caf1d8c627cd121b232338ea070cUbuntu Security Notice 3207-2 - USN-3207-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. It was discovered that a use-after-free vulnerability existed in the block device layer of the Linux kernel. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. Various other issues were also addressed.
da2d54a183091695057210caf21913be9b3b7213195d0df2dcfb4bcd1c217b32Ubuntu Security Notice 3207-1 - It was discovered that a use-after-free vulnerability existed in the block device layer of the Linux kernel. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. Dmitry Vyukov discovered a use-after-free vulnerability in the sys_ioprio_get function in the Linux kernel. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. Various other issues were also addressed.
8c63b74c2660cad561d31b5daa2b648f239ed45fba675efdbab4f5568685b605Ubuntu Security Notice 3206-1 - It was discovered that a use-after-free vulnerability existed in the block device layer of the Linux kernel. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. Dmitry Vyukov discovered a use-after-free vulnerability in the sys_ioprio_get function in the Linux kernel. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. Various other issues were also addressed.
c2b81ff2da57e7cc88a256cf883b5dac0b8c916a800f4bd5c43b16498f58613cHPE Security Bulletin HPESBHF03709 1 - Potential security vulnerabilities with OpenSSL have been addressed for HPE Network products including Comware 5, Comware 7, IMC, and VCX. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or disclosure of sensitive information. Revision 1 of this advisory.
414ea6f3c5b3e7999c29f72f9d98f7564c65daca2564e45323cbaa2b1fe411c3Teradici Management Console version 2.2.0 suffers from privilege escalation and remote shell upload vulnerabilities.
6bf7b459a6a46c6222547edf5ffc0a9e578ffbaf805f0d0ae35d7ddf0e03c525Joomla Store for K2 component version 3.8.2 suffers from a remote SQL injection vulnerability.
0ebd473321d82286f04ec08d239a89957e7fcb61616fcf16232ba3c972fb4797Joomla MultiTier component version 3.1 suffers from a remote SQL injection vulnerability.
8de5f5c7e20171d897b57eaf9d15743057715a429c8292c060ee3292bb2a4a3dJoomla UserExtranet component version 1.3.1 suffers from a remote SQL injection vulnerability.
aafe883611e9d42b48cd2269c217e4f600e6c4bd488441ba8a743887ae65c08dThis tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.
480c266def8a9a078b22185e4cb7c7f511128a75eee5c956d914e734bc254941Joomla MediaLibrary Basic component version 3.5 suffers from a remote SQL injection vulnerability.
9b69ec3e4752bb0f21b383c1a694eb6bfe8932bfe8667b995bf7aa10959ab7b6Joomla Magic Deals Web component version 1.2.0 suffers from a remote SQL injection vulnerability.
64e1c8458215e867a9991eea2dd205eed7c5734f1954e7a45b5dbb20d57bc0f8Shutter version 0.93.1 suffers from a code execution vulnerability.
e3d568c9eb4e4e0e09acacfb2606ced6700290ae300de48aff549213f20b4370Joomla RealEstateManager component version 3.9 suffers from a remote SQL injection vulnerability.
c4934dede8c39bcd7bbf3e83a2f99a0a6ecbd8e789248e0107eff26cc8b29274Joomla VehicleManager component version 3.9 suffers from a remote SQL injection vulnerability.
cd32d802dbb3add563f3a3ecce97a267df7cc7df415cdf586e4d846656a427dbDIGISOL DG-HR1400 wireless router suffers from a cross site request forgery vulnerability.
99b0bcc098c8f9cc5cb9af3cf6d1ccd41f42458bafb1d68e6455336f95c1505dJoomla Directorix Directory Manager component version 1.1.1 suffers from a remote SQL injection vulnerability.
fab2f05ae7c00b165265e21057327300ff2a67821d0f2aa461b65ad26fccb2adJoomla J-CruiseReservation Standard component version 3.0 suffers from a remote SQL injection vulnerability.
1e69bf370306f6ced290b30308c972f36084d7796974ff6ea313c1e5fc06a5d6SySS GmbH found out that the radio communication protocol used by the ABUS Secvest wireless alarm system (FUAA50000) and its remote control (FUBE50013) is not protected against replay attacks. Therefore, an attacker can record the radio signal of a wireless remote control, for example using a software-defined radio, when the alarm system is disarmed by its owner, and play it back at a later time in order to disable the alarm system at will.
8a8d17e3da23eea63578ceb1aa4e218702f1cf2045f0bebd979c6137285f27e3Joomla AppointmentBookingPro component version 4.0.1 suffers from a remote SQL injection vulnerability.
14d56e2c02dfaffa9e4dfcb2957e30b0f58a6b538d61be88ebcbf6c9f594ccf9Joomla J-MultipleHotelReservation Standard component version 6.0.2 suffers from a remote SQL injection vulnerability.
d492b1c4311d271498e1fd4131259e62a57e2b85e45e8c3a97bbf74be54bc6c2Joomla BookLibrary component version 3.6.1 suffers from a remote SQL injection vulnerability.
e203bb585ecc31b9bea7862404a5cfd993d1bc546c5ac5c46736c4590d873bd2Album Lock version 4.0 suffers from a directory traversal vulnerability.
18c5ec4e4b75762ed5734f07628b3b64f91ed3cb6d4bc191aac12e6f9824bb61Joomla Eventix Events Calendar component version 1.0 suffers from a remote SQL injection vulnerability.
40cba0d07fc796622e947e4970c3e4a79c5507e59f8026c46a277fd60063541bJoomla J-BusinessDirectory component version 4.6.8 suffers from a remote SQL injection vulnerability.
4363cd77823171f14e01cc29d3b336b9ca9726ba05bfd8090e5dfc98722177cf
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed