Ubuntu Security Notice 3582-1 - Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Laurent Guerby discovered that the mbcache feature in the ext2 and ext4 filesystems in the Linux kernel improperly handled xattr block caching. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
c5c51d5b650dde114c7cbd8f0482d085b4d9cee329060fb6a96e4903ef4497abUbuntu Security Notice 3581-2 - USN-3581-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
09b282ea0a79f98a93d584876e7479d8f059a39e4d821c376c122b737b1ab335Ubuntu Security Notice 3581-1 - Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. ChunYu Wang discovered that a use-after-free vulnerability existed in the SCTP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code, Various other issues were also addressed.
72190ac8eaccc600ec27952b41a18832d109cc859d108ebfc84e36135c4a891fThe 64-bit Windows kernel suffers from a stack memory disclosure vulnerability in win32k!fnHkINLPMSLLHOOKSTRUCT (via user-mode callback).
39ed1a553dc5ba7854bda24d96724a606df94f6824a594b2c558d95999b97f8bThe 64-bit Windows kernel suffers from a stack memory disclosure vulnerability in win32k!SfnINLPHELPINFOSTRUCT (via user-mode callback).
9db2b6a2f72313734343e3ae0ca5ed65c710e29ce3e096990cacc40fef35204eThe 64-bit Windows kernel suffers from a stack memory disclosure vulnerability in win32k!fnHkINLPMOUSEHOOKSTRUCTEX (via user-mode callback).
9dc16fe0d908112819abe13e59b6af859aefcf4bc80c0dab0b2d415048277088The 64-bit Windows kernel suffers from a pool memory disclosure vulnerability in win32k!SfnINOUTLPWINDOWPOS (via user-mode callback).
1eed7b00222e29c978acb68fc8864908886b54f016ea6b4c09c3f1a9b30a0409Microsoft IE11 suffers from a use-after-free vulnerability in Js::RegexHelper::RegexReplace.
734a98cbfc15f0c966a37c25c2d8f7d0f898a4d44f03218af7d92ba501bc2d76Windows suffers from a Constrained Impersonation Capability privilege escalation vulnerability.
ed784628f28f7517017e042c1ef0ae076e0055b7540f2b38df01d9eb8b3f0cf9The Windows Kernel suffers from double fetches in win32kfull!xxxImeWindowPosChanged and win32kfull!InternalRebuildHwndListForIMEClass.
04bd702a96710210ed2281a1b45d1698d4d195df575dc55bd9e354d475aaef45Windows StorSvc SvcMoveFileInheritSecurity suffers from an arbitrary file security descriptor overwrite vulnerability that allows for privilege escalation.
76ff500de37c611d2bfcf33767cff37b09da85a8307edfdee626783a4fb7a6dfAsterisk Project Security Advisory - By crafting an SDP message with an invalid media format description Asterisk crashes when using the pjsip channel driver because pjproject's sdp parsing algorithm fails to catch the invalid media format description. The severity of this vulnerability is lessened since an endpoint must be authenticated prior to reaching the crash point, or it's configured with no authentication.
891c0434dd5c6146ed9c01205891569b4cbbd6cb0ddddb9c96165c020a8fe6abAsterisk Project Security Advisory - The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number these desired ones are still stored internally. When an RTP packet was received this registry would be consulted if the payload number was not found in the negotiated SDP. This registry was incorrectly consulted for all packets, even those which are dynamic. If the payload number resulted in a codec of a different type than the RTP stream (for example the payload number resulted in a video codec but the stream carried audio) a crash could occur if no stream of that type had been negotiated. This was due to the code incorrectly assuming that a stream of the type would always exist.
7deda55a35acebe5f67e42485b2042572f1941ee107a31867433c7a487a737c0Trend Micro Email Encryption Gateway suffers from cleartext transmission of sensitive information, missing authentication, cross site request forgery, cross site scripting, and various other vulnerabilities.
5c0882e4ec54030fb98c7a6e8448db8a4938d363d703cac4986200aed680c428Red Hat Security Advisory 2018-0342-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Security Fix: A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. Further classes that an attacker could use to achieve code execution through deserialisation were discovered, and added to the blacklist introduced by CVE-2017-7525.
6c43e18a6120401c278a1c45ec616eece4dffcb52a0c05c541f3dcf91ad4be85EChat Server version 3.1 suffers from a buffer overflow vulnerability in CHAT.ghp.
74be6f47092a3059526e778c79f81553fcaa34418b20c48a8eace6c18e743119Ubuntu Security Notice 3580-1 - Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory.
5d5bf13f4bcbf073969de1f6ab2375fb2aa4970f1b1bea71c6df9d31307cca91Ubuntu Security Notice 3579-1 - It was discovered that =WEBSERVICE calls in a document could be used to read arbitrary files. If a user were tricked in to opening a specially crafted document, a remote attacker could exploit this to obtain sensitive information.
f3872a1250abd74adc97da1e6a1fc8ace6d7d684e70810c2736f77ead5aba063miSafes Mi-Cam remote video monitors suffer from broken session management, insecure direct object reference, password handling issues, and various other vulnerabilities.
75ef1d97e2a643cdb4ef6b7947420b6565944cb108220c9441f7b1a25a110dffNavarino Infinity versions prior to 2.2 suffer from session fixation and remote blind SQL injection vulnerabilities.
50cedc41f213355cd0d39ab12b744492186d722f2834bfa6a6272fcfd6ed97deSharutils version 4.15.2 suffers from a heap buffer overflow vulnerability.
280838c181c2bfda278d7c81a7674ed5b906ed6718f80e1236ef56c5798f9624Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.
bd23997153c5a8c8b35da3931ff74a808561399de3f3e07058ff4d2f8617119cHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.
6edac8a411f013408e5113b2419b3fe1fb5ea996b6c2e27cd8d8e54b0776b112Yab Quarx versions 2.4.3 and below suffer from multiple cross site scripting vulnerabilities.
abaa566e269ce6a0c0ebc3dd4b496f8b728488c8a5ab96b45063c0739f393255Monstra CMS versions 3.0.4 and below could suffer from a PHP7 remote code execution vulnerability if certain server conditions are met.
853acb2973915dbb0c78a76c516ac2881f35285e1e767a8b6982148964266a90
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed