BlueBorne BlueTooth buffer overflow proof of concept exploit that causes a denial of service vulnerability on Linux kernels prior to 4.13.1.
8fe062e0b377bb75c70ddb9e02781792EMC ViPR SRM, EMC Storage M and R, EMC VNX M and R, EMC M and R (Watch4Net) for SAS Solution Packs contain directory traversal and denial of service vulnerabilities.
318038a7ee6e2b7855e77004110ff700Ubuntu Security Notice 3414-2 - USN-3414-1 fixed vulnerabilities in QEMU. The patch backport for CVE-2017-9375 was incomplete and caused a regression in the USB xHCI controller emulation support. This update fixes the problem. Leo Gaspard discovered that QEMU incorrectly handled VirtFS access control. A guest attacker could use this issue to elevate privileges inside the guest. Li Qiang discovered that QEMU incorrectly handled VMWare PVSCSI emulation. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources or crash, resulting in a denial of service. Various other issues were also addressed.
92172bfdd6366a35c975fa4e430d2218Apple Security Advisory 2017-09-19-1 - iOS 11 is now available and addresses cross site scripting, denial of service, and various other vulnerabilities.
9ee202aa152d60cfa872edd8b90b9234Watchguard's Firebox and XTM appliances suffer from an XML-RPC empty member denial of service vulnerability. Firmware versions below 12.0 were found to be vulnerable.
834b3f0a96297865381ef9778e35cd66The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service (system crash). It was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
f0f811c3905f66d55df59c33e5694479Ubuntu Security Notice 3424-1 - It was discovered that a type confusion error existed in libxml2. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. It was discovered that libxml2 did not properly validate parsed entity references. An attacker could use this to specially construct XML data that could expose sensitive information. Various other issues were also addressed.
4b0652d2acb742ad23250a852a802397Ubuntu Security Notice 3422-2 - USN-3422-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service. Various other issues were also addressed.
aa0d1979692666d02459e80975dec493Ubuntu Security Notice 3423-1 - It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service.
3faab12a208d3be17beccec1daccd61cUbuntu Security Notice 3422-1 - It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service. It was discovered that the asynchronous I/O subsystem of the Linux kernel did not properly set permissions on aio memory mappings in some situations. An attacker could use this to more easily exploit other vulnerabilities. Various other issues were also addressed.
aa932dae73e3a34aa75e9674d33572f6Ubuntu Security Notice 3420-1 - It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service. It was discovered that the Flash-Friendly File System implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
50cbfd60ce8d412743faebabf34f8de2Debian Linux Security Advisory 3976-1 - Marcin 'Icewall' Noga of Cisco Talos discovered two vulnerabilities in freexl, a library to read Microsoft Excel spreadsheets, which might result in denial of service or the execution of arbitrary code if a malformed Excel file is opened.
8b3157a35081512438053a2d850fe273Ubuntu Security Notice 3418-1 - It was discovered that the GDK-PixBuf library did not properly handle certain jpeg images. If an user or automated system were tricked into opening a specially crafted jpeg file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that the GDK-PixBuf library did not properly handle certain tiff images. If an user or automated system were tricked into opening a specially crafted tiff file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
6ea24115becec07c142c0e43fe654aceUbuntu Security Notice 3419-1 - It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service. It was discovered that a buffer overflow existed in the Broadcom FullMAC WLAN driver in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
92aeaa436f6bfa57fe57572a3f55d3a8Ubuntu Security Notice 3419-2 - USN-3419-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service. Various other issues were also addressed.
fa369a196a24f47e3a1a80466702ae48Ubuntu Security Notice 3420-2 - USN-3420-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service. Various other issues were also addressed.
e177f243659fd3ccbffa320d4a3677caUbuntu Security Notice 3421-1 - It was discovered that Libidn2 incorrectly handled certain input. A remote attacker could possibly use this issue to cause Libidn2 to crash, resulting in a denial of service.
3bed95d5ea26f28c5276b97bdec3ac22Gentoo Linux Security Advisory 201709-2 - Multiple vulnerabilities have been found in Binutils, the worst of which may allow remote attackers to cause a Denial of Service condition. Versions less than 2.28.1 are affected.
f1936ee853c46afad6ba02b59f393c46Ubuntu Security Notice 3416-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to bypass same-origin restrictions, bypass CSP restrictions, obtain sensitive information, spoof the origin of modal alerts, cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.
cf09ab38ab212ca3dc349a7ae4e4df58Ubuntu Security Notice 3414-1 - Leo Gaspard discovered that QEMU incorrectly handled VirtFS access control. A guest attacker could use this issue to elevate privileges inside the guest. Li Qiang discovered that QEMU incorrectly handled VMWare PVSCSI emulation. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources or crash, resulting in a denial of service. Various other issues were also addressed.
0392d6964c9f9ee67e40b47efe84d6b0Ubuntu Security Notice 3415-2 - USN-3415-1 fixed vulnerabilities in tcpdump for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 17.04. This update provides the corresponding tcpdump update for Ubuntu 12.04 ESM. Wilfried Kirsch discovered a buffer overflow in the SLIP decoder in tcpdump. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
5db2c334dd72fc4e36b678d175226b8cUbuntu Security Notice 3415-1 - Wilfried Kirsch discovered a buffer overflow in the SLIP decoder in tcpdump. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Bhargava Shastry discovered a buffer overflow in the bitfield converter utility function bittok2str_internal in tcpdump. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
571e33374fd459b45fa49b3ada3da68fRed Hat Security Advisory 2017-2727-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fix: An unsigned integer wrap around that led to a buffer over-read was found when parsing OFPT_QUEUE_GET_CONFIG_REPLY messages in Open vSwitch. An attacker could use this issue to cause a remote denial of service attack. While parsing an OpenFlow role status message Open vSwitch, a call to the abort() function for undefined role status reasons in the function 'ofp_print_role_status_message' in 'lib/ofp-print.c' could be misused for a remote denial of service attack by a malicious switch.
3b79bea0ae6b5f934f26a81fc17ee4d1Red Hat Security Advisory 2017-2698-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fix: An unsigned integer wrap around that led to a buffer over-read was found when parsing OFPT_QUEUE_GET_CONFIG_REPLY messages in Open vSwitch. An attacker could use this issue to cause a remote denial of service attack. While parsing an OpenFlow role status message Open vSwitch, a call to the abort() function for undefined role status reasons in the function 'ofp_print_role_status_message' in 'lib/ofp-print.c' could be misused for a remote denial of service attack by a malicious switch.
17dd9eac990782eb8ec6ab66a30060d8Red Hat Security Advisory 2017-2692-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fix: An unsigned integer wrap around that led to a buffer over-read was found when parsing OFPT_QUEUE_GET_CONFIG_REPLY messages in Open vSwitch. An attacker could use this issue to cause a remote denial of service attack. While parsing an OpenFlow role status message Open vSwitch, a call to the abort() function for undefined role status reasons in the function 'ofp_print_role_status_message' in 'lib/ofp-print.c' could be misused for a remote denial of service attack by a malicious switch.
7c19a66296d7fafae4b4600d1fef8643
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed