Ubuntu Security Notice 3261-1 - Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. Li Qiang discovered that QEMU incorrectly handled the 6300esb watchdog. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Various other issues were also addressed.
59e4c93cf0110c0dfbf04c8437a5671ce02bce5e5d84b925280c13d41fc38a3bThe FTP/SSH form functionality of WordPress was found to be vulnerable to cross site request forgery. WordPress versions 4.5.3 through 4.7.4 are affected.
b97c1f2af9252a37cfcaefbd0f9425ff1c4e40ba1332f9a406279cdaac8df4dbSafari suffers from an out-of-bounds memcpy in Array.concat that can lead to memory corruption.
6db1ba6357b6b2691d74c0fe51123d940627a490bc8ab5b483b0f2bce87edc4dOracle PeopleSoft ToolsRelease version 8.55.03, ToolsReleaseDB version 8.55, and HCM version 9.2 suffer from a server-side request forgery vulnerability.
81aa80e8e24be6f11845f3fa0201b4cd2ffe96706536ef956f09b8e1e3273132Oracle E-Business Suite version 12.2.3 suffers from a remote SQL injection vulnerability.
fdf11a3dbf17bfa298933d15dd12fc9860d85cbb06c02b150b5ba4663131b3faOracle PeopleSoft HCM version 9.2 on PeopleTools version 8.55 suffers from an XML external entity injection vulnerability.
6363b44c5b3ced6660487c0a4fe15d05600db5204a0187bd979e6984d878d6d5Microsoft Windows IFEO Winlogin SYSTEM backdooring exploit.
1fc463280ed7deb7ca3c298d64a41c7d6fa69fba4c36a4d6a020e8902bc1b58fFinal call for the third annual Hack In The Box (HITB) GSEC conference in Singapore. HITB GSEC is a 2-day deep knowledge security conference where attendees get to vote on the final agenda of talks and and to meet with the speakers they voted for.
85d61afc8c13b8580a663c330c843f7ac599313b9049451e804b39ca62cf0a0aOctober CMS version 1.0.412 suffers from access bypass, cross site scripting, code execution, and remote shell upload vulnerabilities.
f133ae1a00c61dc5828a8d5a4a01eaa1cff8d008fd292fc06836a939242285deRed Hat Security Advisory 2017-1105-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.
750af2cfd7077f5aa560bd12ea85be9ce9139025ffa43ec631dfd047484d2561Debian Linux Security Advisory 3831-1 - Multiple security issues have been found in the Mozilla Firefox web overflows and other implementation errors may lead to the execution of arbitrary code, information disclosure or denial of service.
9f8afcaa8534d688f0dd1dd3c0d064eef7b1fcae026986da712b8b6b03fe1800Red Hat Security Advisory 2017-1104-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.1.0 ESR. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
9350a027ac8628e3af82814a68c801c0d7e4f4e003b6f5c9e5bdf5490ce62adcRed Hat Security Advisory 2017-1103-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library.
8879a424bb1c3928b3b4f7e204a7098732401cbad6c42ca0fc9c718c5bf6c221Red Hat Security Advisory 2017-1102-01 - The nss-util packages provide utilities for use with the Network Security Services libraries. Security Fix: An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library.
c7f230b0e58e5d451f7aa479cc74be262fbf2586e9cbac99fa85bbfd783237d0Red Hat Security Advisory 2017-1101-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library.
204e849c347141be42c022cef5fff520849da9d78fcb1d02c4964d1fc214cbdbRed Hat Security Advisory 2017-1100-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. The following packages have been upgraded to a newer upstream version: nss, nss-util. Multiple security issues have been addressed.
16fa2b2d78a669af78b0ace268f81e3cdcfdd64198ae4f91dbb9192f2b5545a1PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
99b70cdb729b092207b71d1d88efce8610c32e7c46bc6d523820f386ee2b5ed3The process hardening implemented by the VirtualBox driver can be circumvented to load arbitrary code inside a VirtualBox process giving access to the VBoxDrv driver which can allow routes to elevation of privilege from a normal user. Version 5.0.32 is affected.
354c5c8d7eae3710b64e963597225ed3690fa9c1db8f9c46391d756eae87a99dTrend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a session generation authentication bypass vulnerability.
f3d0c6f0cf0554ddc299fbc8d195e141b856a55387d41d3608fe3e2b833dc7a6Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a dlp_policy_upload.cgi information disclosure vulnerability.
2b95ab05b45548336e8b0ff756872ed3b5e7c96533959277415f4b7a3ac66de3Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a logoff.cgi directory traversal authentication bypass vulnerability.
2d89facad03b2aadfc7a64dbc4b3ae3e700fb5257315bc07a0d5dac0b54f2211Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from an admin_sys_time.cgi remote code execution vulnerability.
831459424e49dfb11a51e3fc6d29ef5bb3f90982635cee4c7c276df9a15321c3Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a admin_sys_time.cgi remote code execution vulnerability.
02dd6778183ba369304416f10ca5430a4f57946435559276f6499b1f6ba9bc19Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a detected_potential_files.cgi remote code execution vulnerability.
af18e899701b6b216c1194a67c18ea309e695c0a68e877ab7bcce01d4ace48beTrend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a dlp_policy_upload.cgi remote code execution vulnerability.
31f371707b0de38f8698c711e7a95e5c8a9212e4a92c83d9717a9243315dde36
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed