Ubuntu Security Notice 4162-1 - It was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not did not handle detach operations correctly, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
b951fc58b34ed48fd82f3107a2bf05c2Ubuntu Security Notice 4157-2 - USN-4157-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 19.04 for Ubuntu 18.04 LTS. Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
739bbc1907a2787aeff5444c0e073effUbuntu Security Notice 4161-1 - It was discovered that the IPv6 routing implementation in the Linux kernel contained a reference counting error leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
0350d44f78e30df4705eb8a35b215342Red Hat Security Advisory 2019-3140-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database. This release of Red Hat JBoss Data Virtualization 6.4.8 serves as a replacement for Red Hat JBoss Data Virtualization 6.4.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, deserialization, information leakage, and path sanitization vulnerabilities.
62ddc64d2da4efc2000f826c874707b3Ubuntu Security Notice 4157-1 - Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Matt Delco discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform bounds checking when handling coalesced MMIO write operations. A local attacker with write access to /dev/kvm could use this to cause a denial of service. Various other issues were also addressed.
cf8f7834679112d7b1f99a08e16b2bfeSolaris version 11.4 xscreensaver local privilege escalation exploit.
70e56cdc262b3313173bbedcba447cbaX.Org X Server version 1.20.4 suffers from a local stack overflow vulnerability.
564ac3d1c52679d7e251c911238be5a0Uplay version 92.0.0.6280 suffers from a local privilege escalation vulnerability.
ea5c9317378eaa521cf89c8d29612e31National Instruments Circuit Design Suite version 14.0 suffers from a local privilege escalation vulnerability.
98aa4b631011caf494a631d35959d1daDeviceViewer version 3.12.0.1 add user local buffer overflow exploit with DEP bypass.
70ae5f2f1f2b9c91d4222fed2be40c4bASX to MP3 Converter version 3.1.3.7 .asx local stack overflow exploit.
20f8d66dda4e923b5433ade635fb4ca1Ubuntu Security Notice 4147-1 - It was discovered that the Intel Wi-Fi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup. A physically proximate attacker could use this to cause a denial of service. It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
9b6a21a8a4483fda16543f89ef6b5f9bUbuntu Security Notice 4145-1 - It was discovered that a race condition existed in the GFS2 file system in the Linux kernel. A local attacker could possibly use this to cause a denial of service. It was discovered that the IPv6 implementation in the Linux kernel did not properly validate socket options in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
ea50ef6fe5c28f797b35ddfa61c716dcUbuntu Security Notice 4144-1 - It was discovered that the XFS file system in the Linux kernel did not properly handle mount failures in some situations. A local attacker could possibly use this to cause a denial of service or execute arbitrary code. Benjamin Moody discovered that the XFS file system in the Linux kernel did not properly handle an error condition when out of disk quota. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.
a08d6c0764fd808ec1d2ad89c0113cd9Duplicator Pro version 1.3.14 and below suffer from a local information disclosure vulnerability.
3e7a8b3a11b1663559ba3dc5c9329650The Samsung Text-to-speech Engine System Component on Android suffers from a local privilege escalation vulnerability. Versions before 3.0.02.7 and 3.0.00.101 are affected.
8f7af7fb883fdaea5d4b41303321e322This Metasploit module attempts to gain root privileges on RHEL systems with a vulnerable version of Automatic Bug Reporting Tool (ABRT) configured as the crash handler. sosreport uses an insecure temporary directory, allowing local users to write to arbitrary files (CVE-2015-5287). This module has been tested successfully on abrt 2.1.11-12.el7 on RHEL 7.0 x86_64 and abrt 2.1.11-19.el7 on RHEL 7.1 x86_64.
0f23d5ba9a3e00fce536b47e337e69e0Easy File Sharing Web Server version 7.2 local SEH buffer overflow exploit.
6ee9f6c71745a4d56ab197185d1c6d0cUbuntu Security Notice 4134-2 - USN-4134-1 fixed a vulnerability in IBus. The security fix introduced a regression when being used with Qt applications. This update reverts the security fix pending further investigation. Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user. Various other issues were also addressed.
f3dd6bb956db553071cad73e67c6b26cGila CMS versions prior to 1.11.1 suffer from a local file inclusion vulnerability.
ce5dec0eb4e015a8c838b87741efe71cTor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
d5e290d2a09d4225693cebc37a83097fmacOS version 18.7.0 kernel local privilege escalation exploit that may only work on Macs before 2016.
8157e1ede5cfd34c7e3aa2019494c8bbUbuntu Security Notice 4135-1 - Peter Pi discovered a buffer overflow in the virtio network backend implementation in the Linux kernel. An attacker in a guest may be able to use this to cause a denial of service or possibly execute arbitrary code in the host OS. It was discovered that the Linux kernel on PowerPC architectures did not properly handle Facility Unavailable exceptions in some situations. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
95e7c4187500bf769ca3eaa74251777dUbuntu Security Notice 4135-2 - Peter Pi discovered a buffer overflow in the virtio network backend implementation in the Linux kernel. An attacker in a guest may be able to use this to cause a denial of service or possibly execute arbitrary code in the host OS. It was discovered that the Linux kernel on PowerPC architectures did not properly handle Facility Unavailable exceptions in some situations. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
d96f38d38b0c0c92e88f66fa91d9dbfaUbuntu Security Notice 4134-1 - Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user.
6002dfaf1a23b111091bd34ff316b088
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed