EMC Isilon OneFS is affected by an LDAP injection vulnerability that could potentially be exploited by a malicious user to compromise the system. Versions 8.0.0.0, 7.2.1.0 through 7.2.1.2, 7.2.0.x, 7.1.1.0 through 7.1.1.10, and 7.1.0.x are affected.
40c71b633efde3f5237f806494977b2d6c5c950fa01149ad1ac39515d75147c7EMC Documentum Webtop and its client products contain a stored cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. Various products and versions are affected.
8fe6c3a197a6ce1a3ec8ba68fa6c8d6d61bb304157e50e8ae1c15ecc4202d5b0SentryHD version 02.01.12e suffers from a local privilege escalation vulnerability.
f64b81388f410459aa468ccb0864c1de86969cc8d0c7e9c102fc5f96b967e82cMailZu version 0.8RC3 suffers from a cross site scripting vulnerability.
28eb94c8022d315a9ae75af66ca16756dec140e761ca782ab425a2c6957e5f79Red Hat Security Advisory 2017-0127-01 - The runC tool is a lightweight, portable implementation of the Open Container Format that provides container runtime. Security Fix: The runc component used by `docker exec` feature of docker allowed additional container processes via to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain low-level access to these new processes during initialization. An attacker can, depending on the nature of the incoming process, leverage this to elevate access to the host. This ranges from accessing host content through the file descriptors of the incoming process to, potentially, a complete container escape by leveraging memory access or syscall interception.
4c009cc7dea6f028ae1cb75fe2f5bfda87b81084285a319bcc950f148b79cd52Red Hat Security Advisory 2017-0123-01 - Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, and self-sufficient container that will run virtually anywhere. The following packages have been upgraded to a newer upstream version: docker-latest. Security Fix: The runc component used by `docker exec` feature of docker allowed additional container processes via to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain low-level access to these new processes during initialization. An attacker can, depending on the nature of the incoming process, leverage this to elevate access to the host. This ranges from accessing host content through the file descriptors of the incoming process to, potentially, a complete container escape by leveraging memory access or syscall interception.
de50c49be744fe589acdac53cf345a0739019a50926ef3571992b4e93d7dcb8aRed Hat Security Advisory 2017-0116-01 - Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. The following packages have been upgraded to a newer upstream version: docker. Security Fix: The runc component used by `docker exec` feature of docker allowed additional container processes via to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain low-level access to these new processes during initialization. An attacker can, depending on the nature of the incoming process, leverage this to elevate access to the host. This ranges from accessing host content through the file descriptors of the incoming process to, potentially, a complete container escape by leveraging memory access or syscall interception.
3cf1ed7bcc758f58c553163296f488859391e4ab61c7826e6ec2c4edb5277808Keypatch is a plugin of IDA Pro for Keystone Assembler Engine.
8b8b3572b1049ef7d1c1f53be469e17b4a5c534d760c2d05bb2c6aa6de27ff10OpenExpert version 0.5.17 suffers from a cross site scripting vulnerability.
02ec59b09dcd5db63f93ca101026b138aebc522b67e869be3b43b4ded4f6f42bOpenExpert version 0.5.17 suffers from a remote SQL injection vulnerability.
54b9268acdb5c8f1683b3ff403403a56d3aa6797f5c26507d620599de744f426Android suffers from a buffer overflow vulnerability in the fps sysfs entry.
25b12398d3ab499a9858e18014b79e83ac449fe0890dbe2d143f2c31726f1a1fAndroid suffers from a race condition in the sec_ts touchscreen sysfs interface.
e9dfc0abf4f0d79c32179e40d4d62cb2eb2973e748d25280df5ee80cb835cf9cAndroid suffers from multiple overflows in TSP sysfs "cmd_store".
42d123716a927efbf4fb70fa2cf3961b0c2af20806a2ca2ce851d319ab222a32iTechScripts Payment Gateway Script version 8.46 suffers from multiple remote SQL injection vulnerabilities.
823d7beb69eabd38cf5eb4a921317bf50edd69150bbb0db67ff3ac9e8222b9baiTechScripts Video Sharing Script version 4.93 suffers from cross site scripting and remote SQL injection vulnerabilities.
f8f26c8cff785165056ce43d50ede1b607c404fce7a58bbca31b4c5e4bdf95de25 bytes small Linux/x86_x64 mkdir("ajit", 755) shellcode.
424246640bce692aab5862ebbb855088fdbb7283b4f9afe49828bc8f5e8fb950Red Hat Security Advisory 2017-0086-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes.
77d8c001f6e36a31c7d9b132fd230b09dd8d1ff369953d1af091527660b20e23Red Hat Security Advisory 2017-0113-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. The kernel-rt packages have been upgraded to version 3.10.0-514, which provides a number of security and bug fixes over the previous version. Security Fix: A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function.
ae32125d304c935326bc1a74cc1849c05c36bac1fbbb18bcc366b461cf500527Red Hat Security Advisory 2017-0091-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function.
4b1ea17eeb74a4a9c87605d8dcce73b522498ff561fc105d5e5fdebb334bbfdbRed Hat Security Advisory 2017-0083-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: An out-of-bounds read-access flaw was found in the QEMU emulator built with IP checksum routines. The flaw could occur when computing a TCP/UDP packet's checksum, because a QEMU function used the packet's payload length without checking against the data buffer's size. A user inside a guest could use this flaw to crash the QEMU process.
7a2ddf762fdf561f4f7e2de69693c69e64a8bdb4866a74fcb53c283ad6694d3cUbuntu Security Notice 3173-1 - It was discovered that the NVIDIA graphics drivers contained a flaw in the kernel mode layer. A local attacker could use this issue to cause a denial of service.
b3656bdef99bec416e8ae6e4b202bf3f76f3d1863d1e50a4b656aeec678822dd
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed