Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.
d33caeb94fc7ab80b75d2a7a871cb6e3f70e50fb835984e8b4d56e19ede143fcUbuntu Security Notice 3620-1 - It was discovered that the netlink 802.11 configuration interface in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker with the CAP_NET_ADMIN privilege could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a buffer overflow existed in the ioctl handling code in the ISDN subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
5bad86a1b836a836f77b374d0dce05b619b4080fa156e54af36ae9ff36d98185Ubuntu Security Notice 3619-1 - Jann Horn discovered that the Berkeley Packet Filter implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
c6a6f41fea45fbea18a8b7d6e773995876e32e44e04595bd392e7b20c000dc48PMS version 0.42 suffers from a buffer overflow vulnerability.
3c10668d26f85f6269d8af46ac25fa32a6808b8ab80409a57cd778bf9df55a98Ubuntu Security Notice 3617-3 - It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
448337d0f05b0a41584005e6cc61e3ade46f16a30a520f6de2809982cf2960d2This is a simple perl script to perform dictionary attacks against the KeePass password manager.
6543608fbc7bd69c9aed01176048fc5dbb4c5cfcf6b3eb1751f46ee2b6e9c7cdUbuntu Security Notice 3618-1 - It was discovered that LibVNCServer incorrectly handled certain packet lengths. A remote attacker able to connect to a LibVNCServer could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code.
94f093bef1d50914cc832a9db3e8e076858d3e6677937a03c041fbb2d17f4935FiberHome VDSL2 Modem HG 150-UB suffers from a login bypass vulnerability.
1c1412cbdbb3a4b5d97c16234dd1e75b60bc9b404eb6f2a9774a25178ad66495FreeBSD Security Advisory - The length field of the option header does not count the size of the option header itself. This causes a problem when the length is zero, the count is then incremented by zero, which causes an infinite loop. In addition there are pointer/offset mistakes in the handling of IPv4 options. A remote attacker who is able to send an arbitrary packet, could cause the remote target machine to crash.
555a304505193445412db4273adaa7588902e5c99b66e180c2984fe9988501b7FreeBSD Security Advisory - Insufficient validation of user-provided font parameters can result in an integer overflow, leading to the use of arbitrary kernel memory as glyph data. Characters that reference this data can be displayed on the screen, effectively disclosing kernel memory. Unprivileged users may be able to access privileged kernel data. Such memory might contain sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way; for example, a terminal buffer might include a user-entered password.
e5feb439623564c9e4f8d2df8d6d345fd1caf41d9417c9aa365ca318675e3e11Microsoft Sharepoint version 14.x suffers from a cross site scripting vulnerability.
7de70556a59741aafa3fe927b73b43cd718139d2af52b743bb17e2c7e6194e39Adobe Flash versions 28.0.0.137 and below remote code execution proof of concept exploit.
ead98c95358be678b404109ebe91038bf937b15ee8aae06be52bdad92c345418Sophos Endpoint Protection version 10.7 control panel authentication uses a weak unsalted unicoded cryptographic hash (SHA1) function. Not using a salt allows attackers that gain access to hash ability to conduct faster cracking attacks using pre-computed dictionaries, e.g. rainbow tables. This can potentially result in unauthorized access that could allow for changing of settings, whitelist or unquarantine files.
df0aaf3aee69bce369bbcbdaa1ba7ad4bd24c37e8ba5a6d601b2e884488a5983Sophos Endpoint Protection version 10.7 suffers from a tamper protection bypass vulnerability.
5b7ef605d212dfe1f2d4f88c42cdc7b9c393dc17670bc503ed2c1ca962498babDebian Linux Security Advisory 4165-1 - Michal Kedzior found two vulnerabilities in LDAP Account Manager, a web front-end for LDAP directories.
4155448aa8433b09acfcda984e379b08d1e2c5be5274a49b65a42755e5e24b74Debian Linux Security Advisory 4164-1 - Several vulnerabilities have been found in the Apache HTTPD server.
dfdafe74b240b4390f155a02035575c5c0d7feface77e315de1396e8db1f2419Inspection of mpengine.dll revealed that the code responsible for processing RAR archives appears to be a forked and modified version of the original unrar code and has a vulnerability that has since been patched in newer versions of unrar.
874c4c7764116651d9a83650dec6e193aab5fcc1361e21905eaeafff212baed1Red Hat Security Advisory 2018-0627-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for slf4j package in Red Hat JBoss Enterprise Application Platform 6.4. Issues addressed include a code execution vulnerability.
a7500ac87de56f7040bac69bee986ec73586b26dddd813625155da8bd8a28c98Red Hat Security Advisory 2018-0628-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on WildFly. This asynchronous patch is a security update for slf4j package in Red Hat JBoss Enterprise Application Platform 7.1. Issues addressed include a code execution vulnerability.
cd3c594e34a9c5af05483817690e57fd3d73c77a89b1766fdac627e4501964aeRed Hat Security Advisory 2018-0630-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for slf4j package in Red Hat JBoss Enterprise Application Platform 6.4. Issues addressed include a code execution vulnerability.
05601a9f859c438e0ddd2040dc02c39819df83068376fa3b778c281416aa2e65Red Hat Security Advisory 2018-0629-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on WildFly. This asynchronous patch is a security update for slf4j package in Red Hat JBoss Enterprise Application Platform 7.1. Issues addressed include a code execution vulnerability.
5d8777c62423f90790323ee9b1126494c144db274b87d0cbc0c3fe0aeabfeeb2
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed