Gentoo Linux Security Advisory 201612-2 - A vulnerability in DavFS2 allows local users to gain root privileges. Versions less than 1.5.2 are affected.
d0568f03ffe49f3c81a6c0e574c71ad92049b22ec3a89222a80394850b94ea44
Gentoo Linux Security Advisory 201612-1 - Due to a design flaw, the output of GnuPG's Random Number Generator (RNG) is predictable. Versions less than 1.4.21 are affected.
37fe9de631962cfd3e2975a9e2c328624e54229c467b32de7b2928980e4dd247
Ubuntu Security Notice 3148-1 - Tavis Ormandy discovered multiple vulnerabilities in the way that Ghostscript processes certain Postscript files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause a denial of service or possibly execute arbitrary code. Multiple vulnerabilities were discovered in Ghostscript related to information disclosure. If a user or automated system were tricked into opening a specially crafted file, an attacker could expose sensitive data. Various other issues were also addressed.
305ddd517930ecd6045f507192a90f2665deb323a20c8dbdc27d875d6773af78
Xfinity Gateway suffers from a remote code execution vulnerability.
cc2e0c44b8e4b910eb49b488cffc9d37540e885ee41ea2747fd9417e765cbde8
The code in IOMXNodeInstance.cpp that handles enableNativeBuffers uses port_index without validation, leading to writing the dword value 0 or 1 at an attacker controlled offset from the IOMXNodeInstance structure.
72e3f04c0dccca9d11b30c786b9e44b6ad70abc4202d48d377b62972e3b859af
As of Android Nougat, a new set of SELinux rules have been added which are designed to prevent system_server from loading arbitrary code into its address-space. However, as system_server is extremely privileged, there are a few vectors through which it may still load arbitrary code, thus bypassing the mitigation mentioned above.
24c10a0d6f4d42cf96eb11a1f2c3700f98a0275e04324e2cd9fff3a0af399fed
Nagios versions 2.x through 4.x suffer from a local privilege escalation vulnerability.
bb350a71b3261a164e4de72b3a02f190a730e7f19f0ddd7d80d3a5d441e96e5f
This Metasploit module will bypass Windows UAC by hijacking a special key in the Registry under the current user hive, and inserting a custom command that will get invoked when the Windows Event Viewer is launched. It will spawn a second shell that has the UAC flag turned off. This Metasploit module modifies a registry key, but cleans up the key once the payload has been invoked. The module does not require the architecture of the payload to match the OS. If specifying EXE::Custom your DLL should call ExitProcess() after starting your payload in a separate process.
9f324275d7747e6056b99457eba72507d809e7fdc4d2bbdb300c55c482595517
Red Hat Security Advisory 2016-2847-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Security Fix: A flaw was found in the way Ceph Object Gateway handles POST object requests. An authenticated attacker could launch a denial of service attack by sending null or specially crafted POST object requests.
ff9c3b0b4c89fdbb1b7c3f5a73cab03f16ebe37f730bfc97ef17ae59fb8263df
Red Hat Security Advisory 2016-2848-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Security Fix: A flaw was found in the way Ceph Object Gateway handles POST object requests. An authenticated attacker could launch a denial of service attack by sending null or specially crafted POST object requests.
0b013de12e046716e6f70eec15d7f4db2d9281b003c28e8fb4e959f101e5e910
Ubuntu Security Notice 3133-1 - Multiple security vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code. A heap-corruption issue was discovered in FFmpeg. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.
b72eb93d45742e189c07842398f2e7ce91e07a40811ab584bed196e1403a29b6
Red Hat Security Advisory 2016-2843-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.1 ESR. Security Fix: A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
435dfe9352257dc57f397cc39e899cbaf3481b14535753a62444cd16c0d57442
NorthSec 2017 has announced its Call For Papers. It will be held in Montreal, Canada, from May 16th through the 21st, 2017.
b96ddf41d13f35bae43aefe3e136d68c0367cab0fd13f28b12942b127f3ba702
Opera suffers from a foreignObject textNode::removeChild use-after-free vulnerability.
9cc42e69eae1ca521e8968289d7d5db932201ee29bd95e6b3b41610ffbe6890c
Microsoft Edge has an information leak in JSON.parse. If this function is called with a reviver, and the reviver modifies the output object to contain a native array, the Walk function assumes that this array is a Var array, and writes pointers to it. These pointers can then be read out of the array by script.
28aba0b72143b7ea7aebe7de276ebb7d83f377a03b421526aea18446883104b0
Because of a design bug in IOMX, the user-supplied sizes in the GET_PARAMETER and SET_PARAMETER calls ar e discarded before calling in to the responsible OMX code-paths. This has led to a variety of overflow-type bugs.
245303f62a985e2c7f94eea5fb4db0d07c7e4c06a7618c0e4bce59602d707a4c
Bitmap objects can be passed between processes by flattening them to a Parcel in one process and un-flattening them in another. In order to conserve memory, there exists a code path which allows Bitmaps to be shared between processes by providing an ashmem-mapped file descriptor containing the Bitmap's raw pixel data. The android.graphics.Bitmap class illegally assumes that the size of the ashmem region provided by the user matches the actual underlying size of the Bitmap.
043a3329589da90bcd2c6c0063a9bb264211f6a7b9a85049fc1e91ac861f231e
A specially crafted web-page can trigger a memory corruption vulnerability in Microsoft Edge.
6ba927cdd17ccd5b55048e77c1cd5525162f01de3ee491858224ceb7d2258621