Adobe Flash suffers from a heap corruption vulnerability in the margin handling.
19f24cf279fd2e72d032220c5d8428c8270508c3c25f9006996eac40ba0cc4adAdobe Flash suffers from an out-of-bounds read in AVC deblocking.
750594de5f9554b1eb4832b7745301c0ab665475c1dbefff2c225998feca6426It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). Andreas Gruenbacher and Jan Kara discovered that the filesystem implementation in the Linux kernel did not clear the setgid bit during a setxattr call. A local attacker could use this to possibly elevate group privileges.
bcd1da354e95152a1d55d4594bee07001348114c492bc49628b78a071250ded3Ubuntu Security Notice 3293-1 - Dmitry Vyukov discovered that KVM implementation in the Linux kernel improperly emulated the VMXON instruction. A local attacker in a guest OS could use this to cause a denial of service in the host OS. Dmitry Vyukov discovered that the generic SCSI subsystem in the Linux kernel contained a stack-based buffer overflow. A local attacker with access to an sg device could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
28157ece7b6c36fc871846f3ef26802654c9896b6d03a1845e875c1ba8ff42c5Ubuntu Security Notice 3292-2 - USN-3292-1 fixed a vulnerability in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. Jason Donenfeld discovered a heap overflow in the MACsec module in the Linux kernel. An attacker could use this to cause a denial of service or possibly execute arbitrary code.
c70c25536e78eb1d5e5730eb6cfcbdfa1a826986f0778fd2b9aafa9670420171Ubuntu Security Notice 3292-1 - Jason Donenfeld discovered a heap overflow in the MACsec module in the Linux kernel. An attacker could use this to cause a denial of service or possibly execute arbitrary code.
15becdcfe59fab923e4f0382140bc6a53bdcc9af8157e9c595c1154313cb3a28Ubuntu Security Notice 3291-1 - Dmitry Vyukov discovered that the generic SCSI subsystem in the Linux kernel contained a stack-based buffer overflow. A local attacker with access to an sg device could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a NULL pointer dereference existed in the Direct Rendering Manager driver for VMWare devices in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
05f516d2c78087b37f79d5897941e0baeb1fa7d78c58cbca2ed7c06448fd6d02Ubuntu Security Notice 3276-2 - USN-3276-1 intended to fix a vulnerability in su. The solution introduced a regression in su signal handling. This update modifies the security fix. Sebastian Krahmer discovered integer overflows in shadow utilities. A local attacker could possibly cause them to crash or potentially gain privileges via crafted input. Various other issues were also addressed.
196b09de8d68cc19eac4858a35f520d013c4a0d8bb8846854e50d6a4d29138bdUbuntu Security Notice 3290-1 - Marco Grassi discovered that the TCP implementation in the Linux kernel mishandles socket buffer truncation. A local attacker could use this to cause a denial of service.
563dfece3f8a1381536c36b79fbc4030397cf159f54546dca4e75ff220374ea6Ubuntu Security Notice 3278-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash, or execute arbitrary code. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to spoof the addressbar contents, conduct cross-site scripting attacks, cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.
5918077f633274f279ab87c4b055ad1b8af6e26633eab66e02241fb795da1fa5Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5 SP2 suffers from faulty access controls, stored cross site scripting, and information disclosure vulnerabilities
637d47762288a065abb2a7389848251703d887b374e4c7cdadcc2d3c44a2c27aSophos Web Appliance version 4.3.1.1 suffers from a session fixation vulnerability.
50104c16e61bf331cca13385710e48feaf4c03fa10d141d75f89fe85b2673a48LabF nfsAxe ftp client version 3.7 suffers from a buffer overflow vulnerability.
21172dda65256d99b65a588422dfc1ba3443d59700c3ea4bf4852e4d14c2b0edMozilla Firefox versions 50 through 55 suffer from a stack overflow denial of service vulnerability.
496d3fe6b582ccad08cca37270b28de1e1f2b55543965b032b3071d9d8886eadWordPress EELV Newsletter plugin version 4.5 suffers from cross site request forgery and cross site scripting vulnerabilities.
ed9b4741ae9c7e9e168aa3084dcca418fd46cf5c966e1c17db39872a293fafb0MikroTik RouterBoard version 6.38.5 suffers from a denial of service vulnerability.
4001fd282fffed16b5ad785b1d53ac73fab845e9ac37ffcfc5b516d70d7d657eMozilla Firefox version 52.02 and Tor Browser version 6.5.1 suffer from a denial of service vulnerability.
f0e5b537ef26ae911e34540be077e56bc1b0d16a55ab119f95a081e6a4574c9cMobaXtrem version 10.2 telnet server remote code execution exploit.
fe06162616281f95456b2b71ae5d1c133b8fb681e9885e25401031ef5bf9ee49Ubuntu Security Notice 3275-2 - USN-3275-1 fixed vulnerabilities in OpenJDK 8. This update provides the corresponding updates for OpenJDK 7. It was discovered that OpenJDK improperly re-used cached NTLM connections in some situations. A remote attacker could possibly use this to cause a Java application to perform actions with the credentials of a different user. Various other issues were also addressed.
4f21667f05e9140f4f1c8350046f6031922bc511769015c43e35d6c0ce3b2c5cRed Hat Security Advisory 2017-1232-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system.
5320ffedef283ff1f76aecce917fe67e21a02ba281439a96af56abccb5937cffRed Hat Security Advisory 2017-1233-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system.
aa5c908b13897fd2c9c4cf722fa84fe657869cd1437682227963a27f534ffa96Ubuntu Security Notice 3272-2 - USN-3272-1 fixed vulnerabilities in Ghostscript. This change introduced a regression when the DELAYBIND feature is used with the eqproc command. This update fixes the problem. It was discovered that Ghostscript improperly handled parameters to the rsdparams and eqproc commands. An attacker could use these to craft a malicious document that could disable -dSAFER protections, thereby allowing the execution of arbitrary code, or cause a denial of service. Various other issues were also addressed.
89c2956bcc647b7f0010cbff3cb81eb6291d199296a26e5a2dd4b1eacc632b49Ubuntu Security Notice 3289-1 - Li Qiang discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Jiangxin discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Li Qiang and Jiangxin discovered that QEMU incorrectly handled the Cirrus VGA device when being used with a VNC connection. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Various other issues were also addressed.
dde5185a850c3ac4a506f63cc22dbe863cf22505aee84dd81835562d4980c02aNextCloud and OwnCloud suffer from a cross site scripting vulnerability in their error pages. OwnCloud versions 9.1.5 and below are affected. NextCloud versions prior to 11.0.3, 10.0.5, and 9.0.58 are affected.
65879de6c3bc16a06a84fa76fc56c4fec014ee26d19bb377b0cde628a8e097a2HP ERK-321A is a wireless desktop set consisting of a mouse and a keyboard.
397d0a3e42b49ff649457998978949155ade071f9d5b96485fc2ed32dcb78d1b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed