Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.
2ca96b106cbf6af495fe558e5111838c74cab0492e9b5d376f567b430e57052fMISP (Malware Information Sharing Platform and Threat Sharing) versions 2.4.79 and below suffer from a cross site scripting vulnerability.
d5d95664a334a528dd6612f67991bd576886442c2f66af94f4b6396b958b356cUbuntu Security Notice 3406-1 - It was discovered that an out of bounds read vulnerability existed in the associative array implementation in the Linux kernel. A local attacker could use this to cause a denial of service or expose sensitive information. It was discovered that a NULL pointer dereference existed in the Direct Rendering Manager driver for VMWare devices in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
713a8ec2966db4dfb7a60eb6aba6c8abc38cb940925a7a8602735cf1998e3b56Ubuntu Security Notice 3405-2 - USN-3405-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
9fb7e5e4b1090eb89ab9343b4aac56e8f9b44171aade9cf1e7eb6e419ed30450Ubuntu Security Notice 3405-1 - It was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Huang Weller discovered that the ext4 filesystem implementation in the Linux kernel mishandled a needs-flushing-before-commit list. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
e985c878ac1f840112d8ae173a55521c302cdeedb1d58e78149cb339271b8e3aUbuntu Security Notice 3404-2 - USN-3404-1 fixed a vulnerability in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. A reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems.
2d34da306d516c16c1e2ce1d0a0fe419b9503fabe728dc169521bcf6b9b61947OpenSSL Security Advisory 20170828 - If an X.509 certificate has a malformed IPAddressFamily extension, OpenSSL could do a one-byte buffer overread. The most likely result would be an erroneous display of the certificate in text format.
bfe693c207e12bf41b62de943a276fa92f260530bb94dfc8fc7787631bc42165Ubuntu Security Notice 3404-1 - A reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems.
fa33301449a180f6590fe7f0733eaeb35c623426b0539632995cb7b32c393c21Matrimony version 2.7 suffers from a cross site request forgery vulnerability.
816a06c7d7595ef71786ff4e62fb3f1dc153c5931fd480a80b7b0ff526b4b08fWhitepaper called Offensive and Defensive PowerShell. Written in Turkish.
2890c304c4261dd5eed0bdb50c6c7a26c5b83382a7c23c2b1b6541e599fd298fEasy RM RMVB to DVD Burner version 18.11 buffer overflow exploit.
0e6caeaabff62e5b13661c152cc35327130cb5693f71488479e4f3a2ad4a8b9ePosty version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
6aac32b2b95d9b88395dda6d01793a7227412fd7fa133fa0f854618d81b1a38eEasy WMV/ASF/ASX to DVD Burner version 2.3.11 buffer overflow exploit.
e32cd0f9d448918e1a94e76e77bfb0ff63cbbf3418eb1d6d9c56182c8950bec5VX Search Enterprise version 10.0.14 remote buffer overflow exploit.
13eec855947676a3ba5f8e915538709a850cca19ce222df2d53ae8307fc7f669Apple iOS versions prior to 10.3.1 kernel exploit that demonstrates a sandbox escape.
103a1cd8dfe8bcd292b357f7210598a04715f7f0c33d9dfc09c87d9f23994fcfEasy DVD Creator version 2.5.11 buffer overflow exploit.
9397771736d3c2841192ff4302787d171ff5e46f90fdba2eee026273ffdcf605Gentoo Linux Security Advisory 201708-10 - Multiple integer overflow flaws have been discovered in jbig2dec, possibly resulting in execution of arbitrary code or Denial of Service. Versions less than 0.13-r4 are affected.
e800564a9d543207a426b461e655f3bbd79afb05e0188afad6b3e1e318f2fa3dGentoo Linux Security Advisory 201708-9 - Multiple vulnerabilities have been found in AutoTrace, the worst of which could cause a Denial of Service condition. Versions less than or equal to 0.31.1-r8 are affected.
7cfe73403f43378408fb5b3769e1d307d509e53b27c65a073dcd33b95ed6497dDiskBoss Enterprise version 8.3.12 suffers from a buffer overflow vulnerability.
acb4fa7dcfe7eccbd292c4cc9ee7681e572e6a9ac6b1bd1ae8607a988cb20793VX Search Enterprise version 10.0.14 suffers from a buffer overflow vulnerability.
c82987e9cdbc390a6c4a1d521c941484c1f2effdb79fad3fbe918e9fcc39392aDisk Savvy Enterprise version 9.9.14 buffer overflow exploit.
5c8b5ab18d37e5da0ee71bf65a0be4813f665141aeb5c9f7d9bed9c4c0fe4018Sync Breeze Enterprise version 9.9.16 buffer overflow exploit.
78be6594ce68f662d2e0391314041a518191c4a1db137c1574eb5370a76b9fc7Disk Pulse Enterprise version 9.9.16 buffer overflow exploit.
2c0cdf484d240ee492e1397fc67db40c22dd6fb44c1f20ddf77b518a562af77fMy Video Converter version 1.5.24 suffers from a buffer overflow vulnerability.
83b8c48ebbb41478a0b7f7b81d2f6a4f476813780f241c54e01f7f51a375d35bThe openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.
9ce1fd262b4dec479c30e0663a3e5159358a36ffc8178481d6b0a7d77ceea512
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed