When receiving XML encoded AMF messages containing DTD entities, the default XML parser configurations allows expanding of entities to local resources. A request that included a specially crafted request parameter could be used to access content that would otherwise be protected.
69d5afa3639558f66a8f98807a33cbb05547e69350539f5291a75ad6c03267b4Ubuntu Security Notice 5776-1 - It was discovered that containerd incorrectly handled memory when receiving certain faulty Exec or ExecSync commands. A remote attacker could possibly use this issue to cause a denial of service or crash containerd. It was discovered that containerd incorrectly set up inheritable file capabilities. An attacker could possibly use this issue to escalate privileges inside a container. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
a5c37b7f401bff2eeb24eea7d980ad8afb19a337b55dbc18b318e7e8ecd8d937Ubuntu Security Notice 5079-4 - USN-5079-2 fixed vulnerabilities in curl. One of the fixes introduced a regression. This update fixes the problem. Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS even when the option to require a successful upgrade to TLS was specified. Various other issues were also addressed.
f4f6d97f9e479e48e18c50f65141b5cecaeca83955ce66cc82980e7fcf775b8eUbuntu Security Notice 5079-3 - USN-5079-1 fixed vulnerabilities in curl. One of the fixes introduced a regression on Ubuntu 18.04 LTS. This update fixes the problem. It was discovered that curl incorrect handled memory when sending data to an MQTT server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS even when the option to require a successful upgrade to TLS was specified. Patrick Monnerat discovered that curl incorrectly handled responses received before STARTTLS. A remote attacker could possibly use this issue to inject responses and intercept communications. Various other issues were also addressed.
0ed5cbb6171e4f59bf66a7fec9639c782a0a1b53c8e5cbbf6e468d1dda90bf96Ubuntu Security Notice 5079-2 - USN-5079-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS even when the option to require a successful upgrade to TLS was specified. Patrick Monnerat discovered that curl incorrectly handled responses received before STARTTLS. A remote attacker could possibly use this issue to inject responses and intercept communications. Various other issues were also addressed.
60550d5e74772413dfb06a565ea32040a3d6110b2dd1c2e451288a6afe7cc288Ubuntu Security Notice 5079-1 - It was discovered that curl incorrect handled memory when sending data to an MQTT server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS even when the option to require a successful upgrade to TLS was specified. Various other issues were also addressed.
33a734d871c8bed97d25050dd5bf6ab7df0fb69274d554d1083bd6cb8dc39da0Asterisk versions 17.5.1 and 17.6.0 were found vulnerability to a denial of service condition where Asterisk segfaults when receiving an INVITE flood over TCP.
16f54da5d3c7145bd5aa998e183688a666211433fed046580666ec3e14e0913eThe IDAL HTTP server is vulnerable to a stack-based buffer overflow when receiving a large host header in a HTTP request. The host header value overflows a buffer and overwrites the Structured Exception Handler (SEH) address with a larger buffer. An unauthenticated attacker can send a Host header value of 2047 bytes or more to overflow the host headers and overwrite the SEH address which can then be leveraged to execute attacker controlled code on the server.
2421624e7ad840181ca84c4621cdcea0f08c090f97ea23834ea7b42bf7a3e813Ubuntu Security Notice 3993-2 - USN-3993-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that curl incorrectly handled memory when receiving data from a TFTP server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
fc1e90e6b6f384b445a2dd01f2878f8c9d5c81c233eef28840bdc119fb3c14f5Ubuntu Security Notice 3993-1 - Wenchao Li discovered that curl incorrectly handled memory in the curl_url_set function. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.04. It was discovered that curl incorrectly handled memory when receiving data from a TFTP server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
0b745cdea1e32adf422a20edd455b2e23f046fdb5325d7492534a73649ba4733Red Hat Security Advisory 2018-0275-01 - The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.19. Security Fix: It was found that when Artemis and HornetQ are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError.
0b6591294016cd36d2f3ab83651a5348da0cd13f5c4199ff79a451daa7674878Red Hat Security Advisory 2018-0270-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.19 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.18, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that when Artemis and HornetQ are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError.
55f6e618c39ded36286188ab30f1ce084d3cde4625686571fd4f7c2360c498c1Red Hat Security Advisory 2018-0271-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.19 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.18, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that when Artemis and HornetQ are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError.
64dad27b4be16f54f1b1469d65627e74e595dde876b807bbb780c814da98546dRed Hat Security Advisory 2018-0268-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.19 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.18, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that when Artemis and HornetQ are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError.
f715120595ee79831f6b7a47a44e3de317657aa6467cb89a1c791dad3262cf06Red Hat Security Advisory 2018-0269-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.19 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.18, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that when Artemis and HornetQ are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError.
f5802dffb21f36902f8c60f225cbce9be3a8311276de9a89fe98ffd3e79c8efcDebian Linux Security Advisory 3877-1 - It has been discovered that Tor, a connection-based low-latency anonymous communication system, contain a flaw in the hidden service code when receiving a BEGIN_DIR cell on a hidden service rendezvous circuit. A remote attacker can take advantage of this flaw to cause a hidden service to crash with an assertion failure (TROVE-2017-005).
016a8c8acae4e88be5185434fc6f29e7f818106b08893b6a225379a1d73119c5Ubuntu Security Notice 3284-1 - It was discovered that OpenVPN improperly triggered an assert when receiving an oversized control packet in some situations. A remote attacker could use this to cause a denial of service. It was discovered that OpenVPN improperly triggered an assert when packet ids rolled over. An authenticated remote attacker could use this to cause a denial of service. Various other issues were also addressed.
d0323cbce6c72f6e323f9f5f4a6bca483302ed4b2d91ef985a627a4d571e8433Ubuntu Security Notice 2980-1 - Julien Bernard discovered that libndp incorrectly performed origin checks when receiving Neighbor Discovery Protocol (NDP) messages. A remote attacker outside of the local network could use this issue to advertise a node as a router, causing a denial of service, or possibly to act as a man in the middle.
fd80dfb5e75a446fbe7f7256ff55473acd17f98dda4e3e20e1cfdab2bede7e5dThe o2 Auto Configuration Server (ACS) discloses VoIP/SIP credentials of arbitrary customers when receiving manipulated CWMP packets. These credentials can then be used by an attacker to register any VoIP number of the victim. This enables the attacker to place and receive calls on behalf of the attacked user.
f61935b3b37229ff1b4f27ebaef671d58dbbebb3c4c012e1603981367b17881bApache Flex BlazeDS versions 4.7.0 and 4.7.1 suffer from a server-side request forgery vulnerability.
0005b6103d499d01523afeee675b0ec07725b42b1b1468d91a6d3b6c8f9096aeRed Hat Security Advisory 2015-2378-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. It was found that Squid configured with client-first SSL-bump did not correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this flaw to spoof a Squid server using a specially crafted X.509 certificate. This update fixes the following bugs: Previously, the squid process did not handle file descriptors correctly when receiving Simple Network Management Protocol requests. As a consequence, the process gradually accumulated open file descriptors. This bug has been fixed and squid now handles SNMP requests correctly, closing file descriptors when necessary.
d5ceee7ceef28f7f64ebb85564d2ca943167c76079f8f17f04b21946deed25d4Cumulus Linux's Switch Configuration Tools Backend, clcmd_server, is vulnerable to local privilege escalation via command injection. Cumulus Linux's clcmd_server, when receiving commands that end in user supplied labels, will execute any other command appended to the end of it whether it is in the Rosetta or not. And it will do so using its own running credentials which are root. Versions 2.5.3 and earlier are affected.
a1fb04f6cf34bae2b04ccf1d59b164a1842267b7fa3db86f1b9bd93597c10072Golden FTP version 5.00 suffers from a denial of service condition when receiving a large payload for username and password fields.
459a285a0206d485942a1faf129341cd7e80c57eb5551d29d6cef151892adceaApache Flex asdoc versions prior to 4.14.1 suffer from a cross site scripting vulnerability.
46dfb4836a0f4b57607590eecfe753129c637f91c28ff7afd261777fc6d98ef3The WhatsApp iOS application appears to suffer from a buffer overflow condition when receiving a malicious location message.
c8cbbfa784fa9dc86d64bfc86141fcad9c0be3d44088932960751c9fa3ec7913Debian Linux Security Advisory 3068-1 - It was discovered that Konversation, an IRC client for KDE, could by crashed when receiving malformed messages using FiSH encryption.
77c8aad5769ad1c0e6cb3fcce95d3006aa1daa05d1cc23b4acfa72eff2075c29
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed