Debian Linux Security Advisory 3890-1 - Emeric Boit of ANSSI reported that SPIP, a website engine for publishing, insufficiently sanitises the value from the X-Forwarded-Host HTTP header field. An unauthenticated attacker can take advantage of this flaw to cause remote code execution.
d3b0a2661564a655646fd83de4dcfdd1f7291ccd7b17246a3ca2f3735cf09e06Ubuntu Security Notice 3338-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service or execute arbitrary code with administrative privileges. Various other issues were also addressed.
652aa8cb5ead97eef35be1bc0b0ca6db11e226fedaf3729f823ae1919d9b0983Ubuntu Security Notice 3335-2 - USN-3335-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Various other issues were also addressed.
1c33f5d44a14e69e5032c978bc430b7b99ada6ca5b272c9e9ca1f553dfe38e87Ubuntu Security Notice 3336-1 - It was discovered that NSS incorrectly handled certain empty SSLv2 messages. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service.
87a10d1a6596140376bd51b697cd26f1c93ce8377ca267a8940ec919fe60e175Ubuntu Security Notice 3337-1 - It was discovered that Valgrind incorrectly handled certain string operations. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. It was discovered that Valgrind incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause Valgrind to crash, resulting in a denial of service. Various other issues were also addressed.
e6c74709da754ef4d68aa49426add68eaab64a9d7bccbf2cec70f93a55f14b37Red Hat Security Advisory 2017-1558-01 - Red Hat Satellite provides a solution to organizations requiring absolute control over and privacy of the maintenance and package deployment of their servers. It allows organizations to utilize the benefits of Red Hat Network without having to provide public Internet access to their servers or other client systems. Security Fix: A cross-site scripting flaw was found in how the failed action entry is processed in Satellite 5. A user able to specify a failed action could exploit this flaw to perform XSS attacks against other Satellite users.
f474229ebd1019436c6d96172292348fa67e7ab7f3fa98f5e4b35c7e2f1a7cd8Red Hat Security Advisory 2017-1567-01 - Red Hat Container Development Kit is a platform for developing containerized applicationsaaait is a set of tools that enables developers to quickly and easily set up an environment for developing and testing containerized applications on the Red Hat Enterprise Linux platform. With this update, Container Development Kit has been updated to 3.0.0-2, which includes an updated Red Hat Enterprise Linux ISO that contains fixes for the following security issues. Multiple security issues have been addressed.
a44f757946233e3a364bd96604e6658ea5f5335e5e0f8ec459d87aed6e053f59Red Hat Security Advisory 2017-1561-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.2.0. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
502ad26d007c53fa4eb41c7d2c2e6e3149dbaeb0df72f833d10b786f83e62751Sitecore versions 7.1 and 7.2 suffer from a cross site scripting vulnerability.
7cb804096789262362d1b2e7085815278e8c60bda09cf8641faa39c272e28205This Microsoft bulletin summary lists many CVEs that have undergone a major revision increment.
319f129f72880daf729fa0c2761541421d1e20100a405cb2c6d871449553c09cEMC Isilon OneFS is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system. Versions affected include 7.1.x, 7.2.0 through 7.2.1.4, 8.0.0 through 8.0.0.3, and 8.0.1.0.
3bfca004cf67807c5ac9d6b5dff8c4a178b1f8699f760613c830de6d1631f379EMC Avamar suffers from authentication bypass and remote file upload vulnerabilities.
7e89b48fe4f81cba31f75621518071ad79aa069b0533deee9712baf2abee8429WordPress Download Manager plugin versions 2.9.46 and 2.9.51 suffer from a cross site scripting vulnerability.
9de753843f33ce3f2dc9d5d13e262f6df0bb99ce7db35001b0177d5ed23072d8WordPress Photo Gallery plugin versions 1.3.34 and 1.3.42 suffer from a path traversal vulnerability.
2e48b2bcd6a9011319d2820c216c197e008cdd23983c64c58a88c29df02fc36bIt appears that the VMSF_DELTA memory corruption that was reported to Sophos AV in 2012 (and fixed there) was actually inherited from upstream unrar. For unknown reasons, whoever fixed the bug did not report this to upstream unrar, and the bug seems to have persisted there to this day.
3b8acd8becd11c0b8cca739d5aa19f140cbee2a41f1ddb62a46f97e63d344ea2Bitdefender AV crashes when fed malicious RAR files from 2013.
4caf1f040e3e33d6970a65f2cf9a0e578182d36dbed0cc6388947a286ae01457The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in nt!NtQueryInformationWorkerFactory (WorkerFactoryBasicInformation).
8640de8913ad18d001d4ce85d7df076bb0c01b500bd2537ba2946961cbb49999The Microsoft Windows kernel suffers from an ATMFD.DLL out-of-bounds read vulnerability via a malformed Name INDEX in the CFF table.
a21fad8c3cb205d4714174fdb1b13075f47dfb5639a4cd14a715e1e83f945c18The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in nt!NtQueryInformationResourceManager (information class 0).
6f83a7e9f97c7308a2e6094f5d2727a7e3be211ff7552afafb0056dfae675dc4Microsoft Windows suffers from a Uniscribe font processing out-of-bounds memory read vulnerability in USP10!otlReverseChainingLookup::apply.
be7fa96c387b2997b7b82606d8a4c2cada52908fcb4a818666cf5df429c14b22Microsoft Windows suffers from a Uniscribe font processing out-of-bounds memory read vulnerability in USP10!otlValueRecord::adjustPos.
f9896fa3eb41012f8820a74bd403a8acde8a7832ac07ec863810cca161c5eecbMicrosoft Windows suffers from a Uniscribe font processing out-of-bounds memory read vulnerability in USP10!otlSinglePosLookup::getCoverageTable.
77094d2610c9aa8236ab477f043f6c4a1eb4a28b6fe581cf95b86f0738b3269dMicrosoft Windows suffers from a Uniscribe font processing out-of-bounds memory read vulnerability in USP10!NextCharInLiga.
b305f68a67213890e4773eee3eb6c9f21ac9c97da9b5ecf5ca99a0309abc8272Microsoft Windows suffers from a Uniscribe font processing out-of-bounds memory read vulnerability in USP10!CreateIndexTable.
2ea28f694f6036fc0bfdecb1286f1d6097f8970d0a0c9f6846a3fb287c9281daMicrosoft Windows suffers from a Uniscribe font processing out-of-bounds memory read vulnerability in USP10!SubstituteNtoM.
5d4367e924b041d433fd9c255f4b18605cc555ec79a4482938bdf3a51448b386
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed