Ubuntu Security Notice 3582-1 - Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Laurent Guerby discovered that the mbcache feature in the ext2 and ext4 filesystems in the Linux kernel improperly handled xattr block caching. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
c5c51d5b650dde114c7cbd8f0482d085b4d9cee329060fb6a96e4903ef4497ab
Ubuntu Security Notice 3581-2 - USN-3581-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
09b282ea0a79f98a93d584876e7479d8f059a39e4d821c376c122b737b1ab335
Ubuntu Security Notice 3581-1 - Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. ChunYu Wang discovered that a use-after-free vulnerability existed in the SCTP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code, Various other issues were also addressed.
72190ac8eaccc600ec27952b41a18832d109cc859d108ebfc84e36135c4a891f
The 64-bit Windows kernel suffers from a stack memory disclosure vulnerability in win32k!fnHkINLPMSLLHOOKSTRUCT (via user-mode callback).
39ed1a553dc5ba7854bda24d96724a606df94f6824a594b2c558d95999b97f8b
The 64-bit Windows kernel suffers from a stack memory disclosure vulnerability in win32k!SfnINLPHELPINFOSTRUCT (via user-mode callback).
9db2b6a2f72313734343e3ae0ca5ed65c710e29ce3e096990cacc40fef35204e
The 64-bit Windows kernel suffers from a stack memory disclosure vulnerability in win32k!fnHkINLPMOUSEHOOKSTRUCTEX (via user-mode callback).
9dc16fe0d908112819abe13e59b6af859aefcf4bc80c0dab0b2d415048277088
The 64-bit Windows kernel suffers from a pool memory disclosure vulnerability in win32k!SfnINOUTLPWINDOWPOS (via user-mode callback).
1eed7b00222e29c978acb68fc8864908886b54f016ea6b4c09c3f1a9b30a0409
Microsoft IE11 suffers from a use-after-free vulnerability in Js::RegexHelper::RegexReplace.
734a98cbfc15f0c966a37c25c2d8f7d0f898a4d44f03218af7d92ba501bc2d76
Windows suffers from a Constrained Impersonation Capability privilege escalation vulnerability.
ed784628f28f7517017e042c1ef0ae076e0055b7540f2b38df01d9eb8b3f0cf9
The Windows Kernel suffers from double fetches in win32kfull!xxxImeWindowPosChanged and win32kfull!InternalRebuildHwndListForIMEClass.
04bd702a96710210ed2281a1b45d1698d4d195df575dc55bd9e354d475aaef45
Windows StorSvc SvcMoveFileInheritSecurity suffers from an arbitrary file security descriptor overwrite vulnerability that allows for privilege escalation.
76ff500de37c611d2bfcf33767cff37b09da85a8307edfdee626783a4fb7a6df
Asterisk Project Security Advisory - By crafting an SDP message with an invalid media format description Asterisk crashes when using the pjsip channel driver because pjproject's sdp parsing algorithm fails to catch the invalid media format description. The severity of this vulnerability is lessened since an endpoint must be authenticated prior to reaching the crash point, or it's configured with no authentication.
891c0434dd5c6146ed9c01205891569b4cbbd6cb0ddddb9c96165c020a8fe6ab
Asterisk Project Security Advisory - The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number these desired ones are still stored internally. When an RTP packet was received this registry would be consulted if the payload number was not found in the negotiated SDP. This registry was incorrectly consulted for all packets, even those which are dynamic. If the payload number resulted in a codec of a different type than the RTP stream (for example the payload number resulted in a video codec but the stream carried audio) a crash could occur if no stream of that type had been negotiated. This was due to the code incorrectly assuming that a stream of the type would always exist.
7deda55a35acebe5f67e42485b2042572f1941ee107a31867433c7a487a737c0
Trend Micro Email Encryption Gateway suffers from cleartext transmission of sensitive information, missing authentication, cross site request forgery, cross site scripting, and various other vulnerabilities.
5c0882e4ec54030fb98c7a6e8448db8a4938d363d703cac4986200aed680c428
Red Hat Security Advisory 2018-0342-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Security Fix: A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. Further classes that an attacker could use to achieve code execution through deserialisation were discovered, and added to the blacklist introduced by CVE-2017-7525.
6c43e18a6120401c278a1c45ec616eece4dffcb52a0c05c541f3dcf91ad4be85
EChat Server version 3.1 suffers from a buffer overflow vulnerability in CHAT.ghp.
74be6f47092a3059526e778c79f81553fcaa34418b20c48a8eace6c18e743119
Ubuntu Security Notice 3580-1 - Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory.
5d5bf13f4bcbf073969de1f6ab2375fb2aa4970f1b1bea71c6df9d31307cca91
Ubuntu Security Notice 3579-1 - It was discovered that =WEBSERVICE calls in a document could be used to read arbitrary files. If a user were tricked in to opening a specially crafted document, a remote attacker could exploit this to obtain sensitive information.
f3872a1250abd74adc97da1e6a1fc8ace6d7d684e70810c2736f77ead5aba063
miSafes Mi-Cam remote video monitors suffer from broken session management, insecure direct object reference, password handling issues, and various other vulnerabilities.
75ef1d97e2a643cdb4ef6b7947420b6565944cb108220c9441f7b1a25a110dff
Navarino Infinity versions prior to 2.2 suffer from session fixation and remote blind SQL injection vulnerabilities.
50cedc41f213355cd0d39ab12b744492186d722f2834bfa6a6272fcfd6ed97de
Sharutils version 4.15.2 suffers from a heap buffer overflow vulnerability.
280838c181c2bfda278d7c81a7674ed5b906ed6718f80e1236ef56c5798f9624
Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.
bd23997153c5a8c8b35da3931ff74a808561399de3f3e07058ff4d2f8617119c
Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.
6edac8a411f013408e5113b2419b3fe1fb5ea996b6c2e27cd8d8e54b0776b112
Yab Quarx versions 2.4.3 and below suffer from multiple cross site scripting vulnerabilities.
abaa566e269ce6a0c0ebc3dd4b496f8b728488c8a5ab96b45063c0739f393255
Monstra CMS versions 3.0.4 and below could suffer from a PHP7 remote code execution vulnerability if certain server conditions are met.
853acb2973915dbb0c78a76c516ac2881f35285e1e767a8b6982148964266a90