RSA Validation Manager versions 3.2 prior to build 201 suffer from race condition, cross site scripting, denial of service, and various other vulnerabilities.
703e04b821a0df9e65975d31c6a38a8fc2688b91256b2bfeecf3b49ca2c66426The overlayfs filesystem does not correctly check file permissions when creating new files in the upper filesystem directory. This can be exploited by an unprivileged process in kernels with CONFIG_USER_NS=y and where overlayfs has the FS_USERNS_MOUNT flag, which allows the mounting of overlayfs inside unprivileged mount namespaces. This is the default configuration of Ubuntu 12.04, 14.04, 14.10, and 15.04. Included is a full exploit demonstration root code execution.
f86829bc8ea48c36f6d3cd054fa6293bb6beab50057404ccaddcd6c16e8bed3cUbuntu Security Notice 2649-1 - It was discovered that the uupdate tool incorrectly handled symlinks. If a user or automated system were tricked into processing specially crafted files, a remote attacker could possibly replace arbitrary files, leading to a privilege escalation.
7d5451bdd010c364078a583ebeb8b2ea946413d031c6886bd1a9f1f94760b3faUbuntu Security Notice 2650-1 - Kostya Kortchinsky discovered multiple flaws in wpa_supplicant and hostapd. A remote attacker could use these issues to cause wpa_supplicant or hostapd to crash, resulting in a denial of service.
c3ee6d4a5670629f11fe50ed57e6cdd0dc404dd3bb4af89ba16a428653faabebCellPipe 7130 router version 1.0.0.20h.HOL suffers from a cross site scripting vulnerability.
3dbbd6127d694b4edcf1b718fd1acdcbca841f4fde9082ba044f21f713cb578dRed Hat Security Advisory 2015-1120-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.
3ec1967895e1681c1fef937c63310959e9099d0c14bde83f555875f3684d3b70Ubuntu Security Notice 2648-1 - Tavis Ormandy discovered that Aptdeamon incorrectly handled the simulate dbus method. A local attacker could use this issue to possibly expose sensitive information, or perform other file access as the root user.
e05a32cadd10925759bdbae89726726df91c6208026ce4e19f73e37857c62c94CellPipe 7130 router version 1.0.0.20h.HOL suffers from a cross site request forgery vulnerability.
b4208c80088ecfa773353853c2cf70171df70a35ad267695d22e5afeee28d344EMC UIM/P version 4.1 contains an authentication bypass vulnerability that could potentially be exploited by malicious users to compromise the affected system.
78dbdf84e5e6fea60c5c569a4239e7b4a69a9358a122b03e7e12294bc7f068deBlackCat CMS version 1.1.1 suffers from an arbitrary file download vulnerability.
f8fe91c327a9426411a6ab0146f398710c166865e0b8856056ca898353a6d541RealTimes (Realplayer) versions 18.0.1.6 and below suffer from a desktop service trusted path privilege escalation vulnerability.
a464f6ef7f8e5ab701f2dd718de925bb0e3201cd2c1a94efc90b3b217d06f0bcXtMediaPlayer version 0.93 memory corruption proof of concept exploit.
6f20422bb0ff521e463929e32ec936ee0b979b95a289460be8c2a8c3b0461fd558 bytes small Linux/x86 /etc/passwd reading shellcode.
6563636ad1d60a1ea50d144df18758818cb2033648591b1d94ca955faf18635fFinePlayer version 2.20 memory corruption proof of concept exploit.
cfd118d530c7f9ec518ef261b7367e07b28950a2f5988cee0e98550918186628
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed