Ubuntu Security Notice 3573-1 - It was discovered that a double-free vulnerability existed in the Quagga BGP daemon when processing certain forms of UPDATE message. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Quagga BGP daemon did not properly bounds check the data sent with a NOTIFY to a peer. An attacker could use this to expose sensitive information or possibly cause a denial of service. This issue only affected Ubuntu 17.10. Various other issues were also addressed.
e25145ec1ce999392dc95a2f6855a83162bf02bf998bdf9f82eae3b3c59d60e2This Metasploit module attempts to gain root privileges on Fedora systems with a vulnerable version of Automatic Bug Reporting Tool (ABRT) configured as the crash handler. A race condition allows local users to change ownership of arbitrary files (CVE-2015-3315). This Metasploit module uses a symlink attack on '/var/tmp/abrt/*/maps' to change the ownership of /etc/passwd, then adds a new user with UID=0 GID=0 to gain root privileges. Winning the race could take a few minutes. This Metasploit module has been tested successfully on ABRT packaged version 2.1.5-1.fc19 on Fedora Desktop 19 x86_64, 2.2.1-1.fc19 on Fedora Desktop 19 x86_64 and 2.2.2-2.fc20 on Fedora Desktop 20 x86_64. Fedora 21 and Red Hat 7 systems are reportedly affected, but untested.
01b8bf4ffa026e722d143beb159ab4a57e3e4542e56046a209e14abce7657161Debian Linux Security Advisory 4114-1 - It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attempting deserialization. This allowed an attacker to perform code execution by providing maliciously crafted input.
34b359f85ccf3d02c7b0553b22f9b8b07490127faf50db9ea0a97348b932e12aTejari suffers from a cross site request forgery vulnerability.
0f198b0f4634100d9abd153a7f8f136b5c3736a71529fab98dd2f615a499877fMicrosoft Edge Chakra JIT suffers from an array type confusion via NewScObjectNoCtor.
4ac084c552f9822fec322c3e31b85cf23a1d498cff56c8c9dad92504e9074c12Microsoft Edge suffers from an ACG bypass using UnmapViewOfFile.
75ecabd99428551cbe1014fc356b85e09fce1ebc3b0a7a93516a607cecbb55caMicrosoft Edge Chakra JIT suffers from a bypass vulnerability.
8ce08b0b6f46754890191b995fa9cbb47828ce12e8fb546d9f1d56451ebf5184Whitepaper called The Easiest Metasploit Guide You'll Ever Read.
44393c965d97dada0b32bb475727bdd9da490ad80f648f97f7f518b99ff9ec1cMicrosoft Edge Chakra JIT from an array type confusion via Array.prototype.reverse.
372035adf035366e852aa772129a246e5e6cb1af1df70605043dd4c7b919c009Pdfium suffers from an out-of-bounds read vulnerability with shading pattern backed by pattern colorspace.
02680f03b5081f40044a2e4ca25561b68960dcd1b645e45aa7c8482ac2740d08Microsoft Edge Chakra JIT suffers from an array type confusion via InitProto instructions.
e38a2dddc73f74565d03e9d92e0438ee5e671fd38345a0e91831ce90272437b0Microsoft Edge Chakra JIT escape analysis bug #2.
19767484eabbab7a3d2e818e7ba9427865db35b6f5ecc154b7616bad56ee4863Microsoft Edge Chakra JIT suffers from an ImplicitCallFlags checks bypass vulnerability.
c87add50b726e35a92b452b95913e941f58ba29f3bb41838a2cf35048e8e9883Pdfium suffers from integer overflow vulnerabilities in pattern shading.
4d935fa943fbc44b9937952cadde9af1947020b1ac363f12570b622bf6f56911Microsoft Edge Chakra JIT suffers from an LdThis type confusion vulnerability.
d8d0116b008f1f1e7a68497fef45abb762b6cb89420c50ef992c7207b106599cChrome V8 suffers from a Runtime_RegExpReplace integer overflow vulnerability.
ad883f1223e1290d56f2333e3f66f880c80916c3fd07667ba2ffbf5ba4d76f00Pdfium suffers from an out-of-bounds read vulnerability with nested colorspaces.
12f03767c9d43e8a501e1d3a1b41c4dd55373be4fd2eac5418f3d65528b4290b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed