This Microsoft bulletin summary lists one CVE that has undergone a major revision increment.
4cbecc3b371bb2b240a1f9e9e854d7d6db8573966abb362e844dc3831e64d410A race condition was found in the Linux kernel versions 3.14-rc1 through 4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. The next slab data or the slab's free list pointer can be corrupted with attacker-controlled data as a result of the race.
6f2a5e363da711fc3b5559695e8bd8e9b01036beec7e3b2a4461d9671ad35ee8Format Factory version 4.1.0 suffers from a dll hijacking vulnerability.
2d1800a0e90ff56cad942b1f9a13414fe92b2d764e031062a609c34df017a09dThis archive contains all of the 169 exploits added to Packet Storm in July, 2017.
642e411a9b77097a1e4a56ebbebd1af9ef8cfdc4d1b659e7fb945bd5e9f1db4dFan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.
baef07895fca02ffacf267d405d435978b2686188ef7bf692a74c663aba84c69Axis 2100 Network Camera version 2.43 suffers from a cross site scripting vulnerability.
6571f063cbf73cf8a5e656fbd96dcc33bef106f5cb93d24594de81a58522eba7VirtualBox suffers from a privilege escalation vulnerability due to a windows process DLL UNC path signature bypass vulnerability.
273b4703bba1f2751b803a7300555124011a381efa41bae0c6a888f85c22ee46VirtualBox suffers from a privilege escalation vulnerability due to a windows process DLL signature bypass vulnerability.
d852ff2dd26763d2539d35a70ce29aef1654433bdc68febb62624f44d534e1faDNSTracer version 1.9 suffers from a buffer overflow vulnerability.
eea6885b51f5c8d197d1438db663aa9b3dd4e3e416005e13ded1fe808cc5c6fbPremium Servers List Tracker version 1.0 suffers from a remote SQL injection vulnerability.
6c372da1751d5013bbc8dcb8fc8a74bbaa29656b0f631a1dc262b08014b20935EDUMOD Pro version 1.3 suffers from a remote SQL injection vulnerability.
9afb321553273243eecfd018bd62817f6e9252eb840764d81dac58f5e7d3df8cMuviko version 1.0 suffers from a remote SQL injection vulnerability.
e946d425368b5eb497f899510936497761aba3dd551e5950ff8b6f039881aff6Ubuntu Security Notice 3378-2 - USN-3378-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.
abe4766276a137076dece92efb55e96aa808116441c78db8a7b24f99519e0fa9Ubuntu Security Notice 3378-1 - Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the Linux kernel did not properly restrict RLIMIT_STACK size. A local attacker could use this in conjunction with another vulnerability to possibly execute arbitrary code. Various other issues were also addressed.
82fe655fdd3467cbdcaee0e489dd0aeaa8a64e7c143f2b57f5e7a9bc84d84d8cUbuntu Security Notice 3377-2 - USN-3377-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.
b71610e325c47fd90e3cd3d9299fdf122d5a4541c010aa3e6a4e285a36db1520Ubuntu Security Notice 3377-1 - Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the Linux kernel did not properly restrict RLIMIT_STACK size. A local attacker could use this in conjunction with another vulnerability to possibly execute arbitrary code. Various other issues were also addressed.
4b6c6fe505cf49adca37983f3faff4290a45654c3ad3dc8c4b7f3a78b31f6644Red Hat Security Advisory 2017-2418-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. The following packages have been upgraded to a later upstream version: openvswitch. Security Fix: An unsigned int wrap around leading to a buffer over-read was found when parsing OFPT_QUEUE_GET_CONFIG_REPLY messages in Open vSwitch. An attacker could use this flaw to cause a remote DoS.
04c0282bd699921ce6f99f15ece93968c25688bd5cf3953e1434b312c7dfc1eb
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed