Ubuntu Security Notice 3275-2 - USN-3275-1 fixed vulnerabilities in OpenJDK 8. This update provides the corresponding updates for OpenJDK 7. It was discovered that OpenJDK improperly re-used cached NTLM connections in some situations. A remote attacker could possibly use this to cause a Java application to perform actions with the credentials of a different user. Various other issues were also addressed.
4f21667f05e9140f4f1c8350046f6031922bc511769015c43e35d6c0ce3b2c5cRed Hat Security Advisory 2017-1232-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system.
5320ffedef283ff1f76aecce917fe67e21a02ba281439a96af56abccb5937cffRed Hat Security Advisory 2017-1233-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system.
aa5c908b13897fd2c9c4cf722fa84fe657869cd1437682227963a27f534ffa96Ubuntu Security Notice 3272-2 - USN-3272-1 fixed vulnerabilities in Ghostscript. This change introduced a regression when the DELAYBIND feature is used with the eqproc command. This update fixes the problem. It was discovered that Ghostscript improperly handled parameters to the rsdparams and eqproc commands. An attacker could use these to craft a malicious document that could disable -dSAFER protections, thereby allowing the execution of arbitrary code, or cause a denial of service. Various other issues were also addressed.
89c2956bcc647b7f0010cbff3cb81eb6291d199296a26e5a2dd4b1eacc632b49Ubuntu Security Notice 3289-1 - Li Qiang discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Jiangxin discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Li Qiang and Jiangxin discovered that QEMU incorrectly handled the Cirrus VGA device when being used with a VNC connection. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Various other issues were also addressed.
dde5185a850c3ac4a506f63cc22dbe863cf22505aee84dd81835562d4980c02aNextCloud and OwnCloud suffer from a cross site scripting vulnerability in their error pages. OwnCloud versions 9.1.5 and below are affected. NextCloud versions prior to 11.0.3, 10.0.5, and 9.0.58 are affected.
65879de6c3bc16a06a84fa76fc56c4fec014ee26d19bb377b0cde628a8e097a2HP ERK-321A is a wireless desktop set consisting of a mouse and a keyboard.
397d0a3e42b49ff649457998978949155ade071f9d5b96485fc2ed32dcb78d1bMicrosoft Windows suffers from a stack memory disclosure vulnerability in win32k!xxxClientLpkDrawTextEx.
58a16953958dd050621e1702b09e1edc735d52fbfcdb7a31a10af1e565faf705The handler of the nt!NtTraceControl system call (specifically the EtwpSetProviderTraitsUm functionality, opcode 0x1E) discloses portions of uninitialized pool memory to user-mode clients on Microsoft Windows 10 systems.
e4b83ed0279f0bf7126f660bff80c3238477bad783d8653366676ce865e7a606Microsoft Windows kernel suffers from an uninitialized memory issue in the default DACL descriptor of system processes token.
339b484718a60bc84bf91af536895aefacc2adfe2b2c1224af92554d1cd7c623Two related bugs have been discovered in the Microsoft Windows kernel code responsible for implementing the bind() socket function, specifically in the afd!AfdBind and tcpip!TcpBindEndpoint routines. They both can lead to reading beyond the allocated pool-based buffer memory area, potentially allowing user-mode applications to disclose kernel-mode secrets. They can also be exploited to trigger a blue screen of death and therefore a denial of service condition.
9b41916531e305ccf017e5064b5a3412788fbaa21187262224130f6886d5a773Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
f1c664cfcf190edcaf95a44ac11285e6ef859e617d52126ee06f96bda526936ePayload Mask is a payload editor that can mutate an initial dataset.
305f7803a9c231582d3d54c3625bc4de03dbb62b3df631af072a7c95e42ed317Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
9640c4448ef3cad7237c68ed6984e705db8fb2b9d6bb74c8815d01bb06527d02Apple Security Advisory 2017-05-15-7 - Safari 10.1.1 is now available and addresses denial of service, spoofing, code execution, and various other vulnerabilities.
f184953a7037280d7e4e373cfd587685f3e1437bdc9f7b89a0745d9c829ee388Apple Security Advisory 2017-05-15-6 - iTunes 12.6.1 is now available and addresses memory corruption issues.
15175fee8a41ad4cab3937c3fca580d717aedde85bec2691e3a21ba00c8dd8efUbuntu Security Notice 3288-1 - It was discovered that libytnef incorrectly handled malformed TNEF streams. If a user were tricked into opening a specially crafted TNEF attachment, an attacker could cause a denial of service or possibly execute arbitrary code.
0bd4647cbf3608a8faab43b87222895eed8cee87221307f7e8b473c98e823c9fPlaySms version 1.4 suffers from a remote code execution vulnerability.
9878587e8dfdd2451061b778be33b8def9e7dcb8aa71d1ad6556d9627a73ab36
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed