Red Hat Security Advisory 2016-0064-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A use-after-free flaw was found in the way the Linux kernel's key management subsystem handled keyring object reference counting in certain error path of the join_session_keyring() function. A local, unprivileged user could use this flaw to escalate their privileges on the system.
55a4411f3400ee4bc51ac2c4135b411e4643233cf8671e676fb7682df32dd5feLenovo ShareIT suffers from hard-coded password, information exposure, missing encryption, and missing authorization vulnerabilities.
96d4f6a74a820b941b3d27b4014182f1cacb7fd773eb0e70d29238ade9b5878dThis Metasploit module writes and spawns a native payload on an android device that is listening for adb debug messages.
2640ae56b805049663375ef5896d5d962a5262a64ccd23e5e08906e8bd85f1c9Debian Linux Security Advisory 3452-1 - "DrWhax" of the Tails project reported that Claws Mail is missing range checks in some text conversion functions. A remote attacker could exploit this to run arbitrary code under the account of a user that receives a message from them using Claws Mail.
4b2f8b41d47f1c4b90b9d0c58f508fe27783c81d2327177ec110aede13caa40cRed Hat Security Advisory 2016-0063-01 - The Network Time Protocol is used to synchronize a computer's time with a referenced time source. It was discovered that ntpd as a client did not correctly check the originate timestamp in received packets. A remote attacker could use this flaw to send a crafted packet to an ntpd client that would effectively disable synchronization with the server, or push arbitrary offset/delay measurements to modify the time on the client. All ntp users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the update, the ntpd daemon will restart automatically.
f558df16fe9bae669369c39cdc3e8faffdb3fcb847f77abf444ba32192061693PHP-FPM suffered from memory leak and buffer overflow vulnerabilities in the access logging feature. The fixed versions of PHP are 5.5.31, 5.6.17, and 7.0.2.
51daba0a03b7d26034ec17e1ea4ebf73742706c017813cd75bc99f3e30eb351bIn suEXEC_Daemon mode of the LiteSpeed web server spawns one PHP master process during startup. It is running as root and accepts LSAPI requests, which in turn specify what user under the script should run. The LSAPI request is authenticated with a MAC, which is based on pre-shared random key between the the PHP and the web server. The researchers found that the Litespeed PHP SAPI module did not clear this secret in its child processes so it was available in the PHP process memory space of the child processes. The fixed versions of PHP are 5.5.31, 5.6.17, and 7.0.2.
dcdfba0d864d56f1eab83f8a2d054770a95e1e8eb5d10e504881b19b952d0a78pfSense Firewall version 2.2.5 cross site request forgery exploit.
cd24141bfed33f5c149656f80675d11461497302450b5ffabb4c741fb3b702b4The Linux prima WLAN driver suffers from a heap overflow vulnerability.
42f77c96c79b5f34870a10d56508b7bfe738f47704af55a41749f1fe7d3b3a57WordPress Appointment Booking Calendar plugin versions 1.1.23 and below suffer from a remote SQL injection vulnerability.
1223ee97734c6256c00d7dc70bc97125ea8a4133dd63c31e98cdf921ed556c1eLinux x86_64 xor/not/div encoded execve shellcode.
e04b7503ac24cbbcbcba03ec95f7abb04b2fe4103b59c7107226d057aaab2b01FreeBSD suffers from an SCTP ICMPv6 error processing denial of service vulnerability.
0e9739e6af079dbf01619289a6322ec59c79b437390fcdb866cdc2f4a91789c1Buffalo NAS devices suffer from a remote shutdown / denial of service vulnerability.
f99e8c369f01da7e80e9a7b0df078a3ffdd172d69408918d83065f4a607f1069Revive Adserver version 3.2.2 suffers from an open redirection vulnerability.
bc4a81ab54e8ccaad0a6c3732d35ed7c07078ebd62518e39c3de527320a5ea43DigiKala of Iran suffers from a cross site scripting vulnerability.
3e2fdc0e340c1adf417272d57c6719fc9cae9d1d655feb4937f4283600bd5fb7
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed