Ubuntu Security Notice 3260-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, spoof the addressbar contents or other UI elements, escape the sandbox to read local files, conduct cross-site scripting attacks, cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.
fc547869598b017a6c7221cafb999c384136ffa63756cbd165c0453cc85b6065A heap double-free vulnerability has been discovered in Oracle VirtualBox version 5.1.18 when Guest Additions (and more specifically shared folders) are enabled in the guest operating system.
f9a72132a43c0f4dc96388302410d8cba6377cc6b5879b7d58455004d04006fdWordPress AccessPress Social Icons plugin versions 1.6.6 and below suffer from multiple remote SQL injection vulnerabilities.
7ce6b848e27ebe9bc1174b66e9697d20e4f5a400b4b4af3a90f7f8e9e95aa985WebSocket.swift in Starscream versions 2.0.3 and below allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false). An attacker can achieve traffic interception from a man-in-the-middle position, first by resetting the TCP connection between the client and server, and afterwards by injecting an SSL server certificates they control.
911f854c9a36763caa18a5091f41af4eab6b024c955e6ae37364bb34cf77c512Exponent CMS versions 2.4.1 and below suffer from a remote SQL injection vulnerability.
b2b3f5f4605b3c70437a96d542184604c06c49b7675da3412cf8e8e513f44142This is a write up detailing how abusing enabled token privileges through a kernel exploit to gain elevation of privilege won't be enough anymore. From NT kernel version 10.0.15063 they are checked against the privileges present in the token of the calling process so an attacker needs to use two writes.
c9bce4e23ea1292a32341faf837c4893b70736ec88069aa0e359dff8ea63548cRed Hat Security Advisory 2017-1109-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges. It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory.
ff72b6e52ac4a8c893ad96530d2d52396b6f91f379caf508b6c3c4b3be7203b2Red Hat Security Advisory 2017-1108-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges. It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory.
3d64d2e49e80d328a85355344cd3876fce21ddd379c00c469377adfa175df6b7Ubuntu Security Notice 3263-1 - It was discovered that a heap-based buffer overflow existed in the FreeType library. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, resulting in a denial of service, or possibly execute arbitrary code.
747e1ff3f00647b55dbee7c25069f1800bd121b726e4535c919257812b4cb181Ubuntu Security Notice 3259-1 - It was discovered that the resolver in Bind made incorrect assumptions about ordering when processing responses containing a CNAME or DNAME. An attacker could use this cause a denial of service. Oleg Gorokhov discovered that in some situations, Bind did not properly handle DNS64 queries. An attacker could use this to cause a denial of service. Various other issues were also addressed.
e0a0e188df74112ab2a5202c03048a265df98295b15a73fdf2ea5b6597bc2f95Red Hat Security Advisory 2017-1106-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.1.0 ESR. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
4885801e989807b32fa2a7c6b4bab8e03699678260864bb71f3a66f21df60342Ubuntu Security Notice 3262-1 - It was discovered that curl incorrectly handled client certificates when resuming a TLS session. A remote attacker could use this to hijack a previously authenticated connection.
4d0f9cc1207ab7e0a120544717caa6484e9e7480b27c6d6a66b424de792e25bcWellsFargo.com password and security management has been identified as being in a weak state of configuration and violation of PCI DSS 3.2 Subsection 8.2.3, 8.2.4. Multiple vulnerabilities result in poor credential management and configuration, as well as flaws in triggering fraud detection. Some vulnerabilities can be paired with each other to increase the risk associated.
9897ca9c7c3fef37c751ef96b01826fa4151765a9919ef86e72d4e6962195fa6eBay Auction Premium Clone Script version 6.42 suffers from a remote SQL injection vulnerability.
d15360d964854fa4c0bfa270acabafbd26b2a5d73301cf3efd8fe5eb7cb7a181This is a powershell script that decrypts the data stored within a Thycotic Secret Server.
d429bf0b2808bf60dba4771a11d831563d769d772d9514653991af87457ed807A code injection through DLL sideloading vulnerability exists in 64-bit Oracle Java.
4f956101cdf5d276c874cea123fd4623f5a037012bdc72feb00042183a276e5dDAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.
add649af08d801bf2b2b02e9536974d3aabaceab3dad73b3c082d0a94f0d12a6
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed