Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 to fix security and stability issues.
2a732aa4a2ed6b992aaa7d7b95620a3bc6749f1b0ba8f4a80225c274701c4d46The DAX2API service installed as part of the Realtek Audio Driver on Windows 10 is vulnerable to a privilege escalation vulnerability which allows a normal user to get arbitrary system privileges.
648ba1e2f3e829a53ac3a224f73958fcb62fd2097a728a0530b0740b66b425dcThis Metasploit module exploits a stack-based buffer overflow vulnerability in the web interface of Disk Sorter Enterprise version 9.5.12, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. This Metasploit module has been tested successfully on Windows 7 SP1 x86.
866e21d79501ea487d559431b3368082a2de3dd683255e5247782c95b4d89bddThis Metasploit module exploits a command injection vulnerability in an undocumented CGI file in several versions of the WePresent WiPG-1000 devices. Version 2.0.0.7 was confirmed vulnerable, 2.2.3.0 patched this vulnerability.
fdde35982e5ae8f4f3cfc494b6eb51af6b81f5d276ee9db4ad67d0db0267baf2Red Hat Security Advisory 2017-1119-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 151. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
8033dc25cd5c092a94214c33b3def6150039e9911ab2e1d9863ae8c3e1b8755eRed Hat Security Advisory 2017-1117-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 131. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
dda9c2f8caefd595e4c56cbc4ad839f73919c439cdcce475c7dcabd9d6a1ccffRed Hat Security Advisory 2017-1118-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 141. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
01ab25f8082a2a3af9b96248e029bdfd55d2e3b74b4bfeebbb3567c2cbb08be5The gnome-keyring-daemon is vulnerable to local credential disclosure as it leaves credentials accessible in memory.
6697cd1cd04eb6ae92213c8cfaf4b457d5ddee242e09603a1e96f9336687274cStarscream library version prior to 2.0.4 suffer from an SSL pinning vulnerability due to the pinning occurring too late in the stream function.
64a188b368b05fc0c83b778a896addd96b7d6adfd09af4f4173cf80627a8b788SquirrelMail versions 1.4.22 and below suffer from a remote code execution vulnerability.
de177f6f9977394beaa2b7397b15b81799bfe18c2f8520e2c8cfe277e5f308a5Western Digital My Cloud with firmware version 2.21.126 suffers from an authentication bypass vulnerability that allows escalation to administrative privileges.
c88ab660fa85b41bb542f8f2b6aed37318c1e0f94c9900423143b3b9734eae9718 bytes small Linux/x86 egg-hunter shellcode.
27c9af624dfa4cb9351c76b4677556605b309d31b5324238fcd98d2a9cd749b6Ubuntu Security Notice 3260-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, spoof the addressbar contents or other UI elements, escape the sandbox to read local files, conduct cross-site scripting attacks, cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.
fc547869598b017a6c7221cafb999c384136ffa63756cbd165c0453cc85b6065A heap double-free vulnerability has been discovered in Oracle VirtualBox version 5.1.18 when Guest Additions (and more specifically shared folders) are enabled in the guest operating system.
f9a72132a43c0f4dc96388302410d8cba6377cc6b5879b7d58455004d04006fdWordPress AccessPress Social Icons plugin versions 1.6.6 and below suffer from multiple remote SQL injection vulnerabilities.
7ce6b848e27ebe9bc1174b66e9697d20e4f5a400b4b4af3a90f7f8e9e95aa985WebSocket.swift in Starscream versions 2.0.3 and below allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false). An attacker can achieve traffic interception from a man-in-the-middle position, first by resetting the TCP connection between the client and server, and afterwards by injecting an SSL server certificates they control.
911f854c9a36763caa18a5091f41af4eab6b024c955e6ae37364bb34cf77c512Exponent CMS versions 2.4.1 and below suffer from a remote SQL injection vulnerability.
b2b3f5f4605b3c70437a96d542184604c06c49b7675da3412cf8e8e513f44142This is a write up detailing how abusing enabled token privileges through a kernel exploit to gain elevation of privilege won't be enough anymore. From NT kernel version 10.0.15063 they are checked against the privileges present in the token of the calling process so an attacker needs to use two writes.
c9bce4e23ea1292a32341faf837c4893b70736ec88069aa0e359dff8ea63548cRed Hat Security Advisory 2017-1109-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges. It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory.
ff72b6e52ac4a8c893ad96530d2d52396b6f91f379caf508b6c3c4b3be7203b2Red Hat Security Advisory 2017-1108-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges. It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory.
3d64d2e49e80d328a85355344cd3876fce21ddd379c00c469377adfa175df6b7Ubuntu Security Notice 3263-1 - It was discovered that a heap-based buffer overflow existed in the FreeType library. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, resulting in a denial of service, or possibly execute arbitrary code.
747e1ff3f00647b55dbee7c25069f1800bd121b726e4535c919257812b4cb181Ubuntu Security Notice 3259-1 - It was discovered that the resolver in Bind made incorrect assumptions about ordering when processing responses containing a CNAME or DNAME. An attacker could use this cause a denial of service. Oleg Gorokhov discovered that in some situations, Bind did not properly handle DNS64 queries. An attacker could use this to cause a denial of service. Various other issues were also addressed.
e0a0e188df74112ab2a5202c03048a265df98295b15a73fdf2ea5b6597bc2f95Red Hat Security Advisory 2017-1106-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.1.0 ESR. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
4885801e989807b32fa2a7c6b4bab8e03699678260864bb71f3a66f21df60342Ubuntu Security Notice 3262-1 - It was discovered that curl incorrectly handled client certificates when resuming a TLS session. A remote attacker could use this to hijack a previously authenticated connection.
4d0f9cc1207ab7e0a120544717caa6484e9e7480b27c6d6a66b424de792e25bcWellsFargo.com password and security management has been identified as being in a weak state of configuration and violation of PCI DSS 3.2 Subsection 8.2.3, 8.2.4. Multiple vulnerabilities result in poor credential management and configuration, as well as flaws in triggering fraud detection. Some vulnerabilities can be paired with each other to increase the risk associated.
9897ca9c7c3fef37c751ef96b01826fa4151765a9919ef86e72d4e6962195fa6
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed