Microsoft Windows suffers from a CiSetFileCache TOCTOU CVE-2017-11830 variant WDAC security feature bypass vulnerability.
ec7d5c98907d960bda7e631701207804It was discovered that the Western Digital My Cloud is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the My Cloud device. This vulnerability was successfully verified on a Western Digital My Cloud model WDBCTL0020HWT running firmware version 2.30.172. This issue is not limited to the model that was used to find this vulnerability since most of the products in the My Cloud series share the same (vulnerable) code.
8137c7cec868dfc1cc789683ce268ce8Imperva SecureSphere WAF version 11.5 suffers from a bypass vulnerability due to first validating that a Content-Type header must be passed.
64e8407adb3a1ec56bc9a51ab5a506a1oBike Electronic Lock suffers from an access control bypass vulnerability via a replay attack on a predictable nonce.
faf3a2334ac574fa116c3da2a5483ca5Tor Browser version 7.x suffers from a NoScript bypass vulnerability.
ef38c2b6e0e85e188cbd26b95cee544fWordPress Ajax BootModal Login plugin version 1.4.3 suffers from a CAPTCHA bypass vulnerability.
b22482cb09d399984f08cbf8bc094508ownCloud version 0.1.2 suffers from a user impersonation authorization bypass vulnerability.
6bc5693824d5901a03d83caf7dbc9ee2Microsoft Edge Chakra JIT suffers from an ImplicitCallFlags check bypass vulnerability with Intl.
b06d81dae646fb997c8078d09c0343baRed Hat Security Advisory 2018-2394-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.
14f3c60bc7297b2894f63fd0687edb78Red Hat Security Advisory 2018-2396-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a bypass vulnerability.
5e3403f4ef9ef7eb50906783ec76098aRed Hat Security Advisory 2018-2387-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.
59108e2a3b8f624b8c7e278e385a1d36Red Hat Security Advisory 2018-2363-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. Issues addressed include a bypass vulnerability.
f39789c1cbfeacc275583986ae3ef016Red Hat Security Advisory 2018-2364-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. Issues addressed include a bypass vulnerability.
4ba2017bc1278237736dec4c2ebc3323Microsoft Windows suffers from an SCF open file security warning feature bypass vulnerability.
6040e3240487f072def3a3791d8f65ffRed Hat Security Advisory 2018-2328-01 - The rhvm-setup-plugins package adds functionality exclusive only to Red Hat Virtualization Manager, and is not available for the upstream ovirt-engine. It includes the configuration of the Red Hat Support plugin, copying downstream-only artifacts to the ISO domain, and links to the knowledgebase and other support material. Issues addressed include a bypass vulnerability.
c060a397c9c42bd68a0aab76cb732900Red Hat Security Advisory 2018-2309-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.
1e0323f0367612bfb37718139c812ea0Seq versions 4.2.476 and below suffer from an authentication bypass vulnerability.
c48efc082b4b480dbec43f5a5e1885e7Red Hat Security Advisory 2018-2289-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. Issues addressed include a bypass vulnerability.
4f5de6a9085a9c88e44314350bb7defbRed Hat Security Advisory 2018-2258-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. Issues addressed include a bypass vulnerability.
b102292b262e1622520ec544e79575deRed Hat Security Advisory 2018-2250-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.
46608b5095f87799c5e442ceea221b39Red Hat Security Advisory 2018-2246-01 - The rhev-hypervisor7 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Issues addressed include a bypass vulnerability.
2536dac87ce97b13f26c96941b2697f4RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site scripting vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to elevate their privileges.
574ac49865a7a3a381903494b92d19f8Red Hat Security Advisory 2018-2228-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include a bypass vulnerability.
d3c8def83c9a3ce2f920fcfdd6aa1b87Red Hat Security Advisory 2018-2216-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.
d56d27208391fc4c05e5ab7c21479c7eRSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component (ACM). A remote authenticated malicious user with non-admin privileges could potentially bypass the Java Security Policies. Once bypassed, a malicious user could potentially run arbitrary system commands at the OS level with application owner privileges on the affected system. RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser.
1a57d9533919b282096f7aa641a6e6a8
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed