10-Strike Network Scanner version 3.0 suffers from a local buffer overflow vulnerability.
fdd8fa543739944bb1bb7bcef3a80a0e10-Strike Network Inventory Explorer Standard version 8.54 suffers from a local buffer overflow vulnerability in the Enter Registration Key field.
17ad7c5d7080ebbd766c9066712d286410-Strike Network Inventory Explorer Standard version 8.54 suffers from a local buffer overflow vulnerability.
2f8a0210fd1ec5ab9948105278bc39fdUbuntu Security Notice 3664-2 - USN-3664-1 fixed a vulnerability in Apport. Sander Bos reported that Ubuntu 14.04 LTS was also vulnerable to this issue, but was incorrectly omitted from the previous updates. This update provides the corresponding update for Ubuntu 14.04 LTS. Sander Bos discovered that Apport incorrectly handled core dumps when certain files are missing from /proc. A local attacker could possibly use this issue to cause a denial of service, gain root privileges, or escape from containers. Various other issues were also addressed.
67273d8fdf19a09dbdc393e426a31d0cZip-N-Go version 4.9 suffers from a local buffer overflow vulnerability.
ac1ab93d242c01a0ca189e09acc37070Ubuntu Security Notice 3666-1 - Divya K Konoor discovered Oslo middleware was vulnerable to an information disclosure. A local attacker could exploit this flaw to obtain sensitive information from OpenStack component error logs.
2290884fc4716154beacb93bd3bd2ecbUbuntu Security Notice 3664-1 - Sander Bos discovered that Apport incorrectly handled core dumps when certain files are missing from /proc. A local attacker could possibly use this issue to cause a denial of service, gain root privileges, or escape from containers.
0c542d9aa0e59f4f0b5dae590c06df0bGentoo Linux Security Advisory 201805-15 - A vulnerability in beep could allow local attackers to escalate privileges. Versions less than 1.3-r3 are affected.
459642ec9fbb8cef7ae8cdd73527cbc3Ubuntu Security Notice 3662-1 - It was discovered that the NVIDIA graphics drivers contained flaws in the kernel mode layer. A local attacker could use these issues to cause a denial of service or potentially escalate their privileges on the system.
42285ffd50a082c06276f6a90363d77bAlexei Starovoitov discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel contained a branch-pruning logic issue around unreachable code. A local attacker could use this to cause a denial of service. The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image. Various other issues were also addressed.
b00a0d7a8bfca8dc02b44351db6c3dccALFTP version 5.31 suffers from a local buffer overflow vulnerability.
f9052011abed690dd610f4161773c333Gentoo Linux Security Advisory 201805-10 - Multiple vulnerabilities have been found in Zsh, the worst of which could allow local attackers to execute arbitrary code. Versions less than 5.5 are affected.
54ba950c21714a4e2cb2d0c8b4983b27Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
80ab629790f1aa50f37047ae46ced282Ubuntu Security Notice 3658-1 - It was discovered that the procps-ng top utility incorrectly read its configuration file from the current working directory. A local attacker could possibly use this issue to escalate privileges. It was discovered that the procps-ng ps tool incorrectly handled memory. A local user could possibly use this issue to cause a denial of service. It was discovered that libprocps incorrectly handled the file2strvec function. A local attacker could possibly use this to execute arbitrary code. Various other issues were also addressed.
a8255e951f2f6a7ed7c7e65bf541bf6eUbuntu Security Notice 3655-2 - USN-3655-1 fixed vulnerabilities and added mitigations in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. Various other issues were also addressed.
2b2541f15f41c2092f625c5522937befUbuntu Security Notice 3655-1 - Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. Jan H. Schonherr discovered that the Xen subsystem did not properly handle block IO merges correctly in some situations. An attacker in a guest vm could use this to cause a denial of service or possibly gain administrative privileges in the host. Various other issues were also addressed.
4e964cd9e83c2ee37d786d7f1d3125cbUbuntu Security Notice 3654-2 - USN-3654-1 fixed vulnerabilities and added mitigations in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. Various other issues were also addressed.
eb9f627ac1ce2183783e17ebfafca9feUbuntu Security Notice 3654-1 - Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. Tuba Yavuz discovered that a double-free error existed in the USBTV007 driver of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
e0baf24d047acd1eb6223677229f4d81Ubuntu Security Notice 3653-2 - USN-3653-1 fixed vulnerabilities and added mitigations in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. Various other issues were also addressed.
d822ac4ef2db51e6f160548683564e7eUbuntu Security Notice 3657-1 - It was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. A local attacker could use this to expose sensitive information. Tuba Yavuz discovered that a double-free error existed in the USBTV007 driver of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
5b70ec21b28ad41f7976b3e9f8fdebd4Ubuntu Security Notice 3656-1 - Tuba Yavuz discovered that a double-free error existed in the USBTV007 driver of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the F2FS implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
85f33670a38f0065959805559c975a75Gentoo Linux Security Advisory 201805-9 - A vulnerability found in Shadow may allow local attackers to bypass security restrictions. Versions less than 4.6 are affected.
4b5f9c8cc2f1a135bebc94e26a67c5e3Debian Linux Security Advisory 4207-1 - Matthias Gerstner discovered that PackageKit, a DBus abstraction layer for simple software management tasks, contains an authentication bypass flaw allowing users without privileges to install local packages.
818bf44649183241556978bcfc04e17dFTPShell Server version 6.80 local buffer overflow exploit with SafeSEH bypass.
40cfd7e488e4d9cdb73978bb8844d4f1R version 3.4.4 local buffer overflow exploit with DEP bypass.
1e98df1f770b5eda6dac2fd8eb7f29ec
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed