Local Services Search Engine Management System (LSSMES) version 1.0 suffers from a persistent cross site scripting vulnerability.
46876b9312a0d7f98c43a6325f026855Local Services Search Engine Management System (LSSMES) version 1.0 suffers from blind and error-based authenticated remote SQL injection vulnerabilities.
6051bc313dd2683b38e4b7e7256fd08aUbuntu Security Notice 4752-1 - Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this to impersonate a previously paired Bluetooth device. Jay Shin discovered that the ext4 file system implementation in the Linux kernel did not properly handle directory access with broken indexing, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
9add7841f0ccf8f64e1da83e75e06c64Ubuntu Security Notice 4751-1 - It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensitive information. Minh Yuan discovered that the tty driver in the Linux kernel contained race conditions when handling fonts. A local attacker could possibly use this to expose sensitive information. Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
7bb32fb3e62f03bec71b2c606776cd36Ubuntu Security Notice 4750-1 - Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the jfs file system implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to possibly cause a denial of service. Various other issues were also addressed.
c85137173facaaae05662060f5c26ad1Ubuntu Security Notice 4749-1 - Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the jfs file system implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to possibly cause a denial of service. Various other issues were also addressed.
e814a088294feb0a838a75b2880951cdUbuntu Security Notice 4748-1 - It was discovered that the jfs file system implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to possibly cause a denial of service. It was discovered that the memory management subsystem in the Linux kernel did not properly handle copy-on-write operations in some situations. A local attacker could possibly use this to gain unintended write access to read-only memory pages. Various other issues were also addressed.
89dfc2cac6b4f51b038cdb39707b3c65dataSIMS Avionics ARINC 664-1 version 4.5.3 suffers from a local buffer overflow vulnerability.
b35c61735f270473a31e925b82681d2eApport version 2.20 suffers from a local privilege escalation vulnerability.
41ed08c45f621a8c566d4fe5ff7b8474Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
22a04ef62c714b7d9d8928ebe238e4c4Ubuntu Security Notice 4731-1 - It was discovered that JUnit 4 contains a local information disclosure vulnerability. An attacker could possibly use this issue to obtain sensitive information.
3c3186cd3a91fda92432153a933f95e3Ubuntu Security Notice 4727-1 - Alexander Popov discovered that multiple race conditions existed in the AF_VSOCK implementation in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code.
a8c89d3cda17bd2462a03e3fd24d9971Ubuntu Security Notice 4728-1 - Gilad Reti discovered that snapd did not correctly specify cgroup delegation when generating systemd service units for various container management snaps. This could allow a local attacker to escalate privileges via access to arbitrary devices of the container host from within a compromised or malicious container.
086df1dbda8bd6351da6a2f9cd5a4644Millewin version 13.39.028 suffers from a local privilege escalation issue due to insecure permission and unquoted service path vulnerabilities.
f069ddcee4ed6d84c74d51def0f46982WordPress Supsystic Backup plugin version 2.3.9 suffers from a local file inclusion vulnerability.
aa7db6fb704f48b330319ce9f9b505e6A heap based buffer overflow exists in the sudo command line utility that can be exploited by a local attacker to gain elevated privileges. The vulnerability was introduced in July of 2011 and affects version 1.8.2 through 1.8.31p2 as well as 1.9.0 through 1.9.5p1 in their default configurations. The technique used by this implementation leverages the overflow to overwrite a service_user struct in memory to reference an attacker controlled library which results in it being loaded with the elevated privileges held by sudo.
5a520123546e73d450b7fef8df23c9deTor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
6ea60eb939ab3633a682a81fb46dd37fUbuntu Security Notice 4720-1 - Itai Greenhut discovered that Apport incorrectly parsed certain files in the /proc filesystem. A local attacker could use this issue to escalate privileges and run arbitrary code. Itai Greenhut discovered that Apport incorrectly handled opening certain special files. A local attacker could possibly use this issue to cause Apport to hang, resulting in a denial of service.
34798d94c26a3bd12acc34173bea402fUbuntu Security Notice 4720-2 - USN-4720-1 fixed several vulnerabilities in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM. Itai Greenhut discovered that Apport incorrectly parsed certain files in the /proc filesystem. A local attacker could use this issue to escalate privileges and run arbitrary code. Various other issues were also addressed.
49e34ac829aa531d6ce391a79f60d6faElena Petrova discovered that the pin controller device tree implementation in the Linux kernel did not properly handle string references. A local attacker could use this to expose sensitive information (kernel memory). Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate remote attacker could use this to expose sensitive information (kernel memory). Various other issues were also addressed.
6330d3eeacc7aa6e678f919eefeb140bGentoo Linux Security Advisory 202101-38 - A vulnerability was discovered in NSD which could allow a local attacker to cause a Denial of Service condition. Versions less than 4.3.4 are affected.
966f120d946325517cbc311ac7388e47Ubuntu Security Notice 4705-2 - USN-4705-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that Sudo incorrectly handled memory when parsing command lines. A local attacker could possibly use this issue to obtain unintended access to the administrator account. Various other issues were also addressed.
83bcf987c775a6200689ce72ac3bb60aSifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.
3c86c5de8576ed5c3253bf01f0c44fd8Ubuntu Security Notice 4705-1 - It was discovered that Sudo incorrectly handled memory when parsing command lines. A local attacker could possibly use this issue to obtain unintended access to the administrator account. It was discovered that the Sudo sudoedit utility incorrectly handled checking directory permissions. A local attacker could possibly use this issue to bypass file permissions and determine if a directory exists or not. Various other issues were also addressed.
7441929fd8273b9e8c967ac727cda7eaSelea CarPlateServer (CPS) version 4.0.1.6 suffers from a local privilege escalation vulnerability.
1fdb0ca0e6a83adb86d6020b489e504c
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed