Ubuntu Security Notice 3496-1 - It was discovered that Python incorrectly handled decoding certain strings. An attacker could possibly use this issue to execute arbitrary code.
80fb3c8c7fa006d1e08575782e3dce959bd30004b0f4f8b9f5c5278cc9fbc1e9
TempestSDR is an open source tool that allows you to use any SDR that has a supporting ExtIO (such as RTL-SDR, Airspy, SDRplay, HackRF) to receive the unintentional signal radiation from a screen, and turn that signal back into a live image. This is a pre-compiled version of the project that is built to work on Windows with ExtIO interfaces.
8ba8910a4bf58caeac2cb02e3f6edbd07a32333f3304c30c83828aab87b3c55f
This project is a software toolkit for remotely eavesdropping video monitors using a Software Defined Radio (SDR) receiver. It exploits compromising emanations from cables carrying video signals. Raster video is usually transmitted one line of pixels at a time, encoded as a varying current. This generates an electromagnetic wave that can be picked up by an SDR receiver. The software maps the received field strength of a pixel to a gray-scale shade in real-time. This forms a false colour estimate of the original video signal. The toolkit uses unmodified off-the-shelf hardware which lowers the costs and increases mobility compared to existing solutions. It allows for additional post-processing which improves the signal-to-noise ratio. The attacker does not need to have prior knowledge about the target video display. All parameters such as resolution and refresh rate are estimated with the aid of the software. The software consists of a library written in C, a collection of plug-ins for various Software Define Radio (SDR) front-ends and a Java based Graphical User Interface (GUI). It is a multi-platform application, with all native libraries pre-compiled and packed into a single Java jar file. This forked variant of the original contains an updated Makefile to support Windows with ExtIO interfaces.
913741b472128ad1b2ac7ab93cbf5301bd4d26b65a78782bde70fd5f962156a4
HikVision Wi-Fi IP cameras come with a default SSID "davinci", with a setting of no WiFi encryption or authentication. Depending on the firmware version, there is no configuration option within the camera to turn off Wi-Fi. If a camera is deployed via wired ethernet, then the WiFi settings won't be adjusted, and a rogue AP with the SSID "davinci" can be associated to the camera to provide a new attack vector via WiFi to a wired network camera. Tested on firmware versions 5.3.0, 5.4.0, and 5.4.5 and model number DS-2CD2432F-IW.
f5308846195618c1d90deb701b32687a1044057024da5ebb8faa201a03647d06
There is a directory traversal issue in attachment downloads in Gmail. For non-gmail accounts, there is no path sanitization on the attachment filename in the email, so when attachments are downloaded, a file with any name and any contents can be written to anywhere on the filesystem that the Gmail app can access.
acde40f4552aa5149be44a28077696e55fd9ef012ef17e6a02fc5ba02d2dce2c
Exim version 4.89 suffers from a denial of service vulnerability while parsing the BDAT data header.
06400f3e55ff24c12a728e79c0653462e865d8c5b296a559adff089a0a57f067
Diving Log version 6.0 suffers from an XML external entity injection vulnerability.
d0450eb5a8f82ef2929848b75adb39ccab2685f6239626955cde5507f931229d
A security vulnerability in RSA Authentication Agent API/SDK for C versions 8.5 and 8.6 could potentially lead to authentication bypass in certain limited implementations.
96e44facec66d245517ed5775e0250836be88213983c6ab0a939fbec80c2e1da
A security vulnerability in RSA Authentication Agent for Web for Apache Web Server could potentially lead to authentication bypass. Versions 8.0 and 8.0.1 prior to build 618 are affected.
e809201aa940c6a9c8357406fa7d2d471668ca0e033a43147728363b0bbfc35d
This is the Iceman fork of the Chameleon Mini source code for the firmware. The Chameleon Mini is a versatile contactless smartcard emulator compliant to NFC. A popular hardware revision is the Chameleon Mini rev E - rebooted.
6d43a0f372b8297935c834c2db448e3fc735feda1b2cbedd7cff95edcbe021bb
Ubuntu Security Notice 3477-2 - USN-3477-1 fixed vulnerabilities in Firefox. The update caused search suggestions to not be displayed when performing Google searches from the search bar. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information, bypass same-origin restrictions, bypass CSP protections, bypass mixed content blocking, spoof the addressbar, or execute arbitrary code. It was discovered that javascript: URLs pasted in to the addressbar would be executed instead of being blocked in some circumstances. If a user were tricked in to copying a specially crafted URL in to the addressbar, an attacker could potentially exploit this to conduct cross-site scripting attacks. It was discovered that exported bookmarks do not strip script elements from user-supplied tags. If a user were tricked in to adding specially crafted tags to bookmarks, exporting them and then opening the resulting HTML file, an attacker could potentially exploit this to conduct cross-site scripting attacks. Various other issues were also addressed.
9d86fd5032018e790c3b211d4a6351a163087b4a1457ea87bb4f30d6d755a7b4
Ubuntu Security Notice 3495-1 - It was discovered that OptiPNG incorrectly handled memory. A remote attacker could use this issue with a specially crafted image file to cause OptiPNG to crash, resulting in a denial of service, or possibly execute arbitrary code.
9a2b0afb95212034eda457751a8409bd3790121144231c5a778b06133163530a
iptables-bash_completion provides programmable completion for the iptables and ip6tables programs from netfilter.org. Following the logic of iptables, options are shown only if they are valid at the current context. Additionally to the completion on options, matches and targets, it supports dynamic retrieval of data from the system i.e: chain-, set-names, interfaces, hostnames, etc. Environment variables allow to fine grade completion options. IP and MAC addresses can be fed by file.
582595982431a35d6b5544384918bf51a031a9c773ee746826bacc9afd647b34
Ubuntu Security Notice 3494-1 - It was discovered that XML::LibXML incorrectly handled memory when processing a replaceChild call. A remote attacker could possibly use this issue to execute arbitrary code.
72b732fd3f05827c401246f726f4d428a69a60db0e46fbefe772bb646b472cba
Ubuntu Security Notice 3493-1 - It was discovered that Exim incorrectly handled memory in the ESMTP CHUNKING extension. A remote attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service.
b682ce23a365c9f0c1a12f999ea8890678e6432dec8406a563bfa963c428342c
Ubuntu Security Notice 3476-2 - USN-3476-1 fixed two vulnerabilities in postgresql-common. This update provides the corresponding update for Ubuntu 12.04 ESM. Dawid Golunski discovered that the postgresql-common pg_ctlcluster script incorrectly handled symlinks. A local attacker could possibly use this issue to escalate privileges. Various other issues were also addressed.
334649fe863d6da15bfb22775417958a6004976a01d7fb36d76466fbe9a48233
CMS Made Simple version 2.1.6 suffers from cross site scripting and server-side template injection vulnerabilities.
6b78c3370b093a9afe1f6852a2f1df3a510d50c437d422d4e858dd8f8493fba3
ZTE ZXDSL 831 suffers from an insecure direct object reference vulnerability.
56ed9803c128c1aed4f617858b3568c7769896b1c746cd91482983cbe371b484
Red Hat Security Advisory 2017-3265-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: rh-mysql56-mysql. Security Fix: This update fixes several vulnerabilities in the MySQL database server.
ef0733358f7868bd51e823af67579e4d81acf87a3799ba07337735c84fab869a
Red Hat Security Advisory 2017-3264-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP5. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
b9201431909936ea9fd97a7fcd50d51c4350b43fe1f82c552c0ae26c8fd37e75
Red Hat Security Advisory 2017-3263-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application.
c5eab8bf1e060a52f1aeaf4d8be2f3887a32098d9807d9da833a0c80320d986c
Red Hat Security Advisory 2017-3260-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 requests to cause the server to crash or execute arbitrary code.
72bff5eeaf95fdb4b4ac2ebcf68af55321ee8f64acf7739996295673df7acc07
Red Hat Security Advisory 2017-3261-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 requests to cause the server to crash or execute arbitrary code.
fed469e8e8d4a4134ed22714125824df53afefc6638baa14aa62045722f9a4bd
Linux mincore() discloses uninitialized kernel heap pages. When __walk_page_range() is used on a VM_HUGETLB VMA, callbacks from the mm_walk structure are only invoked for present pages. However, do_mincore() assumes that it will always get callbacks for all pages in the range passed to walk_page_range(), and when this assumption is violated, sys_mincore() copies uninitialized memory from the page allocator to userspace.
61d7e638f72f1ff725aa52efa074d8cca09a3c845e1725489d85845af7ce7c09
On Windows 10 32-bit version 1709, a kernel stack memory disclosure was discovered in win32kfull!GreUpdateSpriteInternal.
311cb2fdcf45820b4bf355d49b361e30e088454da5c387727d873126a4419ea2