Ubuntu Security Notice 4419-1 - It was discovered that a race condition existed in the Precision Time Protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could possibly use this to cause a denial of service or possibly execute arbitrary code. Matthew Sheets discovered that the SELinux network label handling implementation in the Linux kernel could be coerced into de-referencing a NULL pointer. A remote attacker could use this to cause a denial of service. Various other issues were also addressed.
1a43296b82c72fbb0f52cc4e8828d2f4Sony PS4 versions prior to 7.02 and FreeBSD versions 9 and 12 ip6_setpktopt kernel local privilege escalation proof of concept exploit.
66081af37b3d9c2473d365c7b2e2bfc3This Metasploit module exploits multiple vulnerabilities in openSIS 7.4 and prior versions which could be abused by unauthenticated attackers to execute arbitrary PHP code with the permissions of the webserver. The exploit chain abuses an incorrect access control issue which allows access to scripts which should require the user to be authenticated, and a local file inclusion to reach a SQL injection vulnerability which results in execution of arbitrary PHP code due to an unsafe use of the eval() function.
07a638401a07dae3fe0cc15b5a196965Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.
e949cb34e77af181abdfa0f99f1bbf41Ubuntu Security Notice 4417-2 - USN-4417-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Cesar Pereida, Billy Bob Brumley, Yuval Yarom, and Nicola Tuveri discovered that NSS incorrectly handled RSA key generation. A local attacker could possibly use this issue to perform a timing attack and recover RSA keys. Various other issues were also addressed.
6beff0f6338dd54f6fb90b69d9a0df10Ubuntu Security Notice 4417-1 - Cesar Pereida, Billy Bob Brumley, Yuval Yarom, and Nicola Tuveri discovered that NSS incorrectly handled RSA key generation. A local attacker could possibly use this issue to perform a timing attack and recover RSA keys.
e9274f982c4cc0c30bfbf3a764a56313Microsoft Windows mshta.exe allows processing of XML external entities which can result in local data-theft and or program reconnaissance upon opening specially crafted HTA files.
3d485c03f4489132e6fd1b36a2775fe9Ubuntu Security Notice 4413-1 - Matthew Sheets discovered that the SELinux network label handling implementation in the Linux kernel could be coerced into de-referencing a NULL pointer. A remote attacker could use this to cause a denial of service. It was discovered that the SCSI generic driver in the Linux kernel did not properly handle certain error conditions correctly. A local privileged attacker could use this to cause a denial of service. Various other issues were also addressed.
fde79b2524fd2873eced62bd6c5bd6f8Ubuntu Security Notice 4412-1 - Matthew Sheets discovered that the SELinux network label handling implementation in the Linux kernel could be coerced into de-referencing a NULL pointer. A remote attacker could use this to cause a denial of service. It was discovered that the SCSI generic driver in the Linux kernel did not properly handle certain error conditions correctly. A local privileged attacker could use this to cause a denial of service. Various other issues were also addressed.
a481f0961e706d7aae6286d909781dcaUbuntu Security Notice 4411-1 - It was discovered that the elf handling code in the Linux kernel did not initialize memory before using it in certain situations. A local attacker could use this to possibly expose sensitive information. Matthew Sheets discovered that the SELinux network label handling implementation in the Linux kernel could be coerced into de-referencing a NULL pointer. A remote attacker could use this to cause a denial of service. Various other issues were also addressed.
148b0d020976d401ff4a67db24197a2bopenSIS versions 7.4 and below suffer from a local file inclusion vulnerability.
34773fe08298e4f70971b2ca475bfba4Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.
a090820edabc71b33d544d8ee4fd8657Ubuntu Security Notice 4404-1 - Thomas E. Carroll discovered that the NVIDIA Cuda graphics driver did not properly perform access control when performing IPC. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the UVM driver in the NVIDIA graphics driver contained a race condition. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
ed103ada76b58b8202678448c90e6471FHEM version 6.0 suffers from a local file inclusion vulnerability.
35ad551f0a301429cff04952d64edc5eThe installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to version 4.8.02042 is vulnerable to path traversal and allows local attackers to create/overwrite files in arbitrary locations with system level privileges. The attack consists in sending a specially crafted IPC request to the TCP port 62522 on the loopback device, which is exposed by the Cisco AnyConnect Secure Mobility Agent service. This service will then launch the vulnerable installer component (vpndownloader), which copies itself to an arbitrary location before being executed with system privileges. Since vpndownloader is also vulnerable to DLL hijacking, a specially crafted DLL (dbghelp.dll) is created at the same location vpndownloader will be copied to get code execution with system privileges. This exploit has been successfully tested against Cisco AnyConnect Secure Mobility Client versions 4.5.04029, 4.5.05030 and 4.7.04056 on Windows 10 version 1909 (x64) and Windows 7 SP1 (x86).
0ce466f922be78b19e5b1169c13ef711Ubuntu Security Notice 4402-1 - Marek Szlagor, Gregory Jefferis and Jeroen Ooms discovered that curl incorrectly handled certain credentials. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 19.10 and Ubuntu 20.04 LTS. It was discovered that curl incorrectly handled certain parameters. An attacker could possibly use this issue to overwrite a local file. Various other issues were also addressed.
5409bded104ef9efdfd65718ad405682Qualys has released their local privilege escalation and remote code execution exploit for qmail that leverages the vulnerability as described in CVE-2005-1513.
918f10fb453026a4eef569943c62c387Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.
01eb4e3df77ae6fd35d80eaf617255c5Odoo version 12.0 suffers from a local file inclusion vulnerability.
ef259aea09b43ebfc94e8efe879074f2Code Blocks version 17.12 File Name SEH unicode local buffer overflow exploit.
068c265e735a68bda5f57b1a8fe5b2d2Ubuntu Security Notice 4397-2 - USN-4397-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Cesar Pereida Garcia discovered that NSS incorrectly handled DSA key generation. A local attacker could possibly use this issue to perform a timing attack and recover DSA keys. Various other issues were also addressed.
59cf6ce8a438927a2d01029a21c63e00Ubuntu Security Notice 4398-2 - USN-4398-1 fixed a vulnerability in DBus. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Kevin Backhouse discovered that DBus incorrectly handled file descriptors. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service.
b79c5bba9ef0577e9f937bfded9fe33bUbuntu Security Notice 4398-1 - Kevin Backhouse discovered that DBus incorrectly handled file descriptors. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service.
50b7c9b6dbf13f5c1ef112217cec9aa5Red Timmy Sec has discovered that Pulse Secure Client for Windows suffers from a local privilege escalation vulnerability in the PulseSecureService.exe service.
660c4ebfc56db61522849dc8876a9d7dUbuntu Security Notice 4397-1 - It was discovered that NSS incorrectly handled the TLS State Machine. A remote attacker could possibly use this issue to cause NSS to hang, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. Cesar Pereida Garcia discovered that NSS incorrectly handled DSA key generation. A local attacker could possibly use this issue to perform a timing attack and recover DSA keys. Various other issues were also addressed.
394e975df72ff7664f636a86cddc7604
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed