National Instruments Circuit Design Suite version 14.0 suffers from a local privilege escalation vulnerability.
98aa4b631011caf494a631d35959d1daDeviceViewer version 3.12.0.1 add user local buffer overflow exploit with DEP bypass.
70ae5f2f1f2b9c91d4222fed2be40c4bASX to MP3 Converter version 3.1.3.7 .asx local stack overflow exploit.
20f8d66dda4e923b5433ade635fb4ca1Ubuntu Security Notice 4147-1 - It was discovered that the Intel Wi-Fi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup. A physically proximate attacker could use this to cause a denial of service. It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
9b6a21a8a4483fda16543f89ef6b5f9bUbuntu Security Notice 4145-1 - It was discovered that a race condition existed in the GFS2 file system in the Linux kernel. A local attacker could possibly use this to cause a denial of service. It was discovered that the IPv6 implementation in the Linux kernel did not properly validate socket options in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
ea50ef6fe5c28f797b35ddfa61c716dcUbuntu Security Notice 4144-1 - It was discovered that the XFS file system in the Linux kernel did not properly handle mount failures in some situations. A local attacker could possibly use this to cause a denial of service or execute arbitrary code. Benjamin Moody discovered that the XFS file system in the Linux kernel did not properly handle an error condition when out of disk quota. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.
a08d6c0764fd808ec1d2ad89c0113cd9Duplicator Pro version 1.3.14 and below suffer from a local information disclosure vulnerability.
3e7a8b3a11b1663559ba3dc5c9329650The Samsung Text-to-speech Engine System Component on Android suffers from a local privilege escalation vulnerability. Versions before 3.0.02.7 and 3.0.00.101 are affected.
8f7af7fb883fdaea5d4b41303321e322This Metasploit module attempts to gain root privileges on RHEL systems with a vulnerable version of Automatic Bug Reporting Tool (ABRT) configured as the crash handler. sosreport uses an insecure temporary directory, allowing local users to write to arbitrary files (CVE-2015-5287). This module has been tested successfully on abrt 2.1.11-12.el7 on RHEL 7.0 x86_64 and abrt 2.1.11-19.el7 on RHEL 7.1 x86_64.
0f23d5ba9a3e00fce536b47e337e69e0Easy File Sharing Web Server version 7.2 local SEH buffer overflow exploit.
6ee9f6c71745a4d56ab197185d1c6d0cUbuntu Security Notice 4134-2 - USN-4134-1 fixed a vulnerability in IBus. The security fix introduced a regression when being used with Qt applications. This update reverts the security fix pending further investigation. Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user. Various other issues were also addressed.
f3dd6bb956db553071cad73e67c6b26cGila CMS versions prior to 1.11.1 suffer from a local file inclusion vulnerability.
ce5dec0eb4e015a8c838b87741efe71cTor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
d5e290d2a09d4225693cebc37a83097fmacOS version 18.7.0 kernel local privilege escalation exploit that may only work on Macs before 2016.
8157e1ede5cfd34c7e3aa2019494c8bbUbuntu Security Notice 4135-1 - Peter Pi discovered a buffer overflow in the virtio network backend implementation in the Linux kernel. An attacker in a guest may be able to use this to cause a denial of service or possibly execute arbitrary code in the host OS. It was discovered that the Linux kernel on PowerPC architectures did not properly handle Facility Unavailable exceptions in some situations. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
95e7c4187500bf769ca3eaa74251777dUbuntu Security Notice 4135-2 - Peter Pi discovered a buffer overflow in the virtio network backend implementation in the Linux kernel. An attacker in a guest may be able to use this to cause a denial of service or possibly execute arbitrary code in the host OS. It was discovered that the Linux kernel on PowerPC architectures did not properly handle Facility Unavailable exceptions in some situations. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
d96f38d38b0c0c92e88f66fa91d9dbfaUbuntu Security Notice 4134-1 - Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user.
6002dfaf1a23b111091bd34ff316b088Ubuntu Security Notice 4133-1 - It was discovered that Wireshark improperly handled certain input. A remote or local attacker could cause Wireshark to crash by injecting malformed packets onto the wire or convincing someone to read a malformed packet trace file.
5beae93d0843329763e065d95b120cdeFTPShell Client version 6.74 suffers from a local buffer overflow denial of service vulnerability.
57c456409533cdc1763216b90f4971a2Ubuntu Security Notice 4120-2 - USN-4120-1 fixed a vulnerability in systemd. The update included a recent SRU from the updates pocket that introduced networking problems for some users. This update fixes the problem. It was discovered that the systemd-resolved D-Bus interface did not enforce appropriate access controls. A local unprivileged user could exploit this to modify a system's DNS resolver settings. Various other issues were also addressed.
82d8f28d12fffac3503d35d76ab85de6It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
024d77eed49a23432c14adc8f067c9adUbuntu Security Notice 4120-1 - It was discovered that the systemd-resolved D-Bus interface did not enforce appropriate access controls. A local unprivileged user could exploit this to modify a system's DNS resolver settings.
7234aab1bef208f524e07f03bf6b1160Ubuntu Security Notice 4118-1 - It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. Various other issues were also addressed.
606239d761ad7f615ccb6ead5cc82c96Ubuntu Security Notice 4116-1 - It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service or possibly execute arbitrary code. Amit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. Various other issues were also addressed.
6f30126d89e5e8e65cce204ca2609ebaUbuntu Security Notice 4115-1 - Hui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service. Zhipeng Xie discovered that an infinite loop could triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.
d33b91a9062e22127c5fc65115ec33fe
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed