MyTy versions 5.0.4 through 5.1.6 suffer from a remote blind SQL injection vulnerability.
df077096933740cbc5dda72b5207f5cb81f1182b1fba66ba91e1268b7238d580WordPress Breezing Forms plugin version 1.2.7.42 suffers from a cross site scripting vulnerability.
41763619e792391172d71411d172e2e161c1572a77a982484ca87352f8c27522WordPress Yoast SEO plugin versions prior to 5.8.0 suffer from a cross site scripting vulnerability.
2ce84b33f1dfc3f237bbabbd7b58e9c615a29cdae1fb79c8b4400bdef60d4dc2Anthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. Bo Zhang discovered that the netlink wireless configuration interface in the Linux kernel did not properly validate attributes when handling certain requests. A local attacker with the CAP_NET_ADMIN could use this to cause a denial of service (system crash). It was discovered that the nested KVM implementation in the Linux kernel in some situations did not properly prevent second level guests from reading and writing the hardware CR8 register. A local attacker in a guest could use this to cause a denial of service (system crash). Otto Ebeling discovered that the memory manager in the Linux kernel did not properly check the effective UID in some situations. A local attacker could use this to expose sensitive information.
edb82348b5a039b33b9384fa15982bf40763c4759bd961c0919c901dad68ef13Ubuntu Security Notice 3489-2 - USN-3489-1 fixed a vulnerability in Berkeley DB. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Berkeley DB incorrectly handled certain configuration files. An attacker could possibly use this issue to read sensitive information. Various other issues were also addressed.
cf9464bf3efc784c1fec1c648463a44848eb3b857e1ea8ff5529884f9e98beb9Ubuntu Security Notice 3489-1 - It was discovered that Berkeley DB incorrectly handled certain configuration files. An attacker could possibly use this issue to read sensitive information.
c058b86e4fa38c149597b03c35bf49b0812a8cb982d4031022685421b541718dUbuntu Security Notice 3485-3 - It was discovered that a race condition existed in the ALSA subsystem of the Linux kernel when creating and deleting a port via ioctl. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Eric Biggers discovered that the key management subsystem in the Linux kernel did not properly restrict adding a key that already exists but is uninstantiated. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
7da5419563f06df09537b920b44d8c50ddccc6b040d38e604644a47cae423f6bUbuntu Security Notice 3488-1 - It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code in the host OS.
c1e35746dc389da33be23fd550b5d2ea09da8fe25a1c9386e6e169074670c3b4Ubuntu Security Notice 3487-1 - It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code in the host OS. It was discovered that on the PowerPC architecture, the kernel did not properly sanitize the signal stack when handling sigreturn. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
5d3daa3acae196e215ffb752dacad9fbeacb9381db28059612dbc4bf68e35c68Debian Linux Security Advisory 4045-1 - Several vulnerabilities have been found in VLC, the VideoLAN project's media player. Processing malformed media files could lead to denial of service and potentially the execution of arbitrary code.
26d19241f11b5068b8bae2d8844addaf42b84f20f7570c9617fb8cf074430223Debian Linux Security Advisory 4044-1 - A vulnerability has been discovered in swauth, an authentication system for Swift, a distributed virtual object store used in Openstack.
bcb4d94a51fa447308953d3da1424571e6afb8a4b0b4b3bff7a8fe9b213ba72eUbuntu Security Notice 3484-3 - It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code in the host OS.
810ee0b10f8a7c0a7b23d2c5be0e7c77a26446b1bdce742149f776bda2214a0bHPE Security Bulletin HPESBHF03798 1 - A vulnerability in HPE certain Gen10 Servers, DL20 Gen9, ML30 Gen9 and certain Apollo servers with Intel Server Platform Service (SPS) v4.0 are vulnerable to local Denial of Service and execution of arbitrary code. **Note:** Intel has identified security vulnerabilities which could potentially place impacted platforms at risk. An issue impacts Intel Server Platform Service (SPS) v4.0 used in certain HPE servers. The SPS/ME firmware used in Intels architecture can be compromised with physical access such that non-authenticated code may be executed in the SPS environment outside of the visibility of the user and operating system administrator. Intel has released new revisions of the Intel Server Platform Service (SPS) firmware to address this vulnerability. Revision 1 of this advisory.
9adf13f4521f8cbcfe8d21fbee0081a44a17eddb70e3e2f4994aa384e9adba78Secunia Research has discovered a vulnerability in Oracle Outside In, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the vstif6.dll, which can be exploited to cause an out-of-bounds write memory access. The vulnerability is confirmed in version 8.5.3.
0bb128f0ffb554a5ec684f320f0107962750c13a805e277aeb88e4558151e774Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
38f7cf697ca5101a3413425d16fa5fe912cf9e1f061103f0b7138fd96d40b92eFaraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
24253d9cafafa96ad86f65701c10afb41ec515d3e8136d465b38dc04fdfb2363There is a Microsoft Windows kernel stack memory disclosure vulnerability in win32k!xxxSendMenuSelect via fnHkINLPMSG user-mode callback.
29ecb93fa8a796617a90f59536bcfb9ac394c28a5e7d91ca72284eb636894416It was discovered that the nt!NtQueryDirectoryFile system call discloses portions of uninitialized pool memory to user-mode clients on Windows 10, due to uninitialized fields in the output structure being copied to the application.
26b521138b8cf592b692e063a57e00a17c82cb345e491baf906a7173cc27e0ceIt is possible to add a cached signing level to an unsigned file by exploiting a TOCTOU in CI leading to circumvention of Device Guard policies and possibly PPL signing levels.
10740234534d576953b78d366019b0eaed2b7e2f77b447ea307edd5c886a5515The Microsoft Windows Kernel suffers from multiple stack and pool memory disclosures into NTFS file system metadata.
9bb7494ef313febec2f8ee393749b8c35f9776237506d2a47110240296b5f9a0EMC ScaleIO versions 2.0.1.3, 2.0.1.2, 2.0.1.1, and 2.0.1 suffer from information disclosure, denial of service, and buffer overflow vulnerabilities.
be050ea74ac79527efbffae6b80e7c3d92d2412e2430c1bda95de7bb39910b78RSA Authentication Manager versions 8.2 SP1 P5 and below suffer from a stored cross site scripting vulnerability.
58d2e95c51a90da59323f5fa851a0ada801c5abcbbd070c9a5b6cf35aceee55dWordPress Emag Marketplace Connector plugin version 1.0 suffers from a cross site scripting vulnerability.
5c2ed09784b0611ab8f180cde78430c53f7a6a7b35ad7af2805e86fb40925f3bWordPress Advanced Post Type Ratings plugin version 1.1 suffers from a cross site scripting vulnerability.
f007dd5ad24b38f1874e624e486c48bf1b5ab7db53fc6fb5ea34e51cbfc86e0fUbuntu Security Notice 3486-2 - USN-3486-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM. Volker Lendecke discovered that Samba incorrectly cleared memory when returning data to a client. A remote attacker could possibly use this issue to obtain sensitive information. Various other issues were also addressed.
f8ab6fcd5389ee55153023608bb2f0fda540959c098b863139a4d29f84f470f3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed