usersctp is SCTP library used by a variety of software including WebRTC. There is a vulnerability in the sctp_load_addresses_from_init function of usersctp that can lead to a number of out-of-bound reads. The input to sctp_load_addresses_from_init is verified by calling sctp_arethere_unrecognized_parameters, however there is a difference in how these functions handle parameter bounds. The function sctp_arethere_unrecognized_parameters does not process a parameter that is partially outside of the limit of the chunk, meanwhile, sctp_load_addresses_from_init will continue processing until a parameter that is entirely outside of the chunk occurs. This means that the last parameter of a chunk is not always verified, which can lead to parameters with very short plen values being processed by sctp_load_addresses_from_init. This can lead to out-of-bounds reads whenever the plen is subtracted from the header len.
97c80f0acd4440a67c9cef234fa02985f9feafd4eb0418feb0ed3a434ae21930macOS and iOS suffers from an out-of-bounds timestamp write in IOAccelCommandQueue2::processSegmentKernelCommand().
44d1c9f9c03139e137baf5a1b9455bae2035ef2354655800e429870317e03d58macOS and iOS suffer from an ImageIO out-of-bounds read when processing PVR images.
f6b6615ff3c10615db4544403efd534d79c5bca32c67cc20611c861580487992macOS and iOS have an ImageIO heap corruption issue when processing malformed PVR images.
546388d4bf46530e3c77204e301afd8ecd6eddfbb73e6073087f364fa8d6d25bsystemd has an issue in systemd-machined where it decrements the reference count when references are still held.
61c6cbf275014763c6c3968d740672023ca6b09cb865c03cf57eb22ce22304c9The XNU function IOUserClient::_sendAsyncResult64() discloses the address of the ipc_port to which the notification is sent in the Mach message enqueued on the notification port.
1cba10482a4515fe180660f8993986da772e8592cc84ee4824062959ab67fb0emacOS and iOS suffer from a race condition in XNU's mk_timer_create_trap() that can lead to type confusion.
d1bfcbb0f7141fd12ac902ba274b00d9b3331a6891c61615250c4fbba3b53358libx264 suffers from an out-of-bounds write when converting to H264.
111be6fbb98fc110e6e2b2c9221c300e8a2b5fde3c040bd6803fb5b1d6f39185ImageIO on macOS suffers from an issue where a heap out-of-bounds write occurs when processing JPEG images.
0fded68d208fd526884efcafbf5ad255a269c1c26776d09f5cb316dd3ee8dc96macOS and iOS suffer from an issue where kern_stack_snapshot_internal() shares non-zeroed kernel pages with userspace.
52d0584bd42acc20df7ff47526fc6df9ba5e929c135b31cd786f0169c97c85f9macOS and iOS suffer from an out-of-bounds read when processing DDS images with ImageIO.
2a3ee9088ec7bc67462b2f166cd760628181995daea86c0601cdd51c7b7d773fThis Metasploit module leverages the prnmngr.vbs script to add and delete printers. Multiple runs of this module may be required given successful exploitation is time-sensitive.
7c9e552f55f234acffef8a364bb1a7d1ff7a39989cb75b1ba2f3f44e92de5981This Metasploit module exploits an ssdpcgi remote command execution vulnerability in D-Link devices.
ed07a259961db246757dad8786ea4ac6379a39234cdb6aa11f129b8ba5516a52This Metasploit module exploits a command injection in the MAIL FROM field during SMTP interaction with OpenSMTPD to execute code as the root user.
57c3324e249d1cbd264a76ba4f846f6f97ae95eb20be6fe751558e8ce2444825BSides Brussels is a security conference in Brussels, Belgium, with talks, workshops and villages. The goal is to strengthen the exchange of knowledge, cooperation, communication, and integration between the different actors active in the IT security industry. We are pleased to announce that the first edition of BSides Brussels will be held on May 28th, 2020.
70ec5121b12f3f6e3c4d81c8f93e5158f7bd1db2576a92cb2d7bb02056a7432bUbuntu Security Notice 4250-2 - It was discovered that an unspecified vulnerability existed in the C API component of MariaDB. An attacker could use this to cause a denial of service for MariaDB clients. MariaDB has been updated to 10.3.22 in Ubuntu 19.10 and 10.1.44 in Ubuntu 18.04 LTS. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
6b8e440ea922453b860f4f7db416d460177e61cdc056ccfbbe9693cb05a3d49eUbuntu Security Notice 4273-1 - It was discovered that ReportLab incorrectly handled certain XML documents. If a user or automated system were tricked into processing a specially crafted document, a remote attacker could possibly use this issue to execute arbitrary code.
bad180856bc63db5dab197afb4d12b2798eb8c1c0257675a444f65500cfada1fUbuntu Security Notice 4272-1 - It was discovered that Pillow incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. It was discovered that Pillow incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code. It was discovered that Pillow incorrectly handled certain TIFF images. An attacker could possibly use this issue to cause a crash. This issue only affected Ubuntu 19.10. Various other issues were also addressed.
a2d877c631b714e8902eee8ea0e5823efaabf23295ff8d2d0460d5627d440e10UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.
b012e3d07e094998633ba0c8a49ccb1df49e21683c68b0cbebe876474934512c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed