Web2py version 2.14.5 suffers from cross site request forgery, cross site scripting, and local file inclusion vulnerabilities.
967983318fc0a206d3dfe9b11f666c89eaa24b3941dd90b7f0560b57b3f2d15aUbuntu Security Notice 2979-4 - Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.
f8e3be2b927e976c9209bd751acdb51d9b30164629cb20cc001b615de8729e1dUbuntu Security Notice 2979-1 - David Matlack discovered that the Kernel-based Virtual Machine (KVM) implementation in the Linux kernel did not properly restrict variable Memory Type Range Registers (MTRR) in KVM guests. A privileged user in a guest VM could use this to cause a denial of service (system crash) in the host, expose sensitive information from the host, or possibly gain administrative privileges in the host. Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.
f54efabc7a7953e27810fe6ce72422448a5483cf73e0c1c26490ee17ddb6515dUbuntu Security Notice 2979-2 - USN-2979-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. David Matlack discovered that the Kernel-based Virtual Machine (KVM) implementation in the Linux kernel did not properly restrict variable Memory Type Range Registers (MTRR) in KVM guests. A privileged user in a guest VM could use this to cause a denial of service (system crash) in the host, expose sensitive information from the host, or possibly gain administrative privileges in the host. Various other issues were also addressed.
cdb2c86cd663d5c26cde9b3c2a5708b24e10070bf88b9fc77d97870354cfaeb1Ubuntu Security Notice 2977-1 - Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.
d6b3be39ac7937bb9c063bc7588dc509dfded0b1d2782055a62769be30157ce9Ubuntu Security Notice 2976-1 - Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.
a7e8c5cbdc10dd613588bad7d3979dece9409d0fcc442c155c1452784fcf6482Ubuntu Security Notice 2978-3 - Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.
380a8900f2b41cbbcdc679855c577286d9e8ac890b72e924185614245a2678d8Ubuntu Security Notice 2975-1 - Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.
ce4aa24f49da8508bdc20d9f6ec8279498501fffb6953834550e0930d92b30a2Ubuntu Security Notice 2975-2 - USN-2975-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.
feac0eb25f9c1cd3fa095cee054213a408415e169c7b4778f95545c5dacb38c1Ubuntu Security Notice 2978-2 - USN-2978-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS. David Matlack discovered that the Kernel-based Virtual Machine (KVM) implementation in the Linux kernel did not properly restrict variable Memory Type Range Registers (MTRR) in KVM guests. A privileged user in a guest VM could use this to cause a denial of service (system crash) in the host, expose sensitive information from the host, or possibly gain administrative privileges in the host. Various other issues were also addressed.
64141def5026b2fd37a8d73d52076845eb142cd7b02d5e2f75a7ec27d647aa30Ubuntu Security Notice 2979-3 - Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.
ebdfe841208c413cc4a3580e230a63f56eb848beb54d4fc7056c707f90f943dfUbuntu Security Notice 2978-1 - David Matlack discovered that the Kernel-based Virtual Machine (KVM) implementation in the Linux kernel did not properly restrict variable Memory Type Range Registers (MTRR) in KVM guests. A privileged user in a guest VM could use this to cause a denial of service (system crash) in the host, expose sensitive information from the host, or possibly gain administrative privileges in the host. Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.
c7ba527bc03f4e3f11f857d8f2bda733be9c17654f1a0e13e3c436345ac34da5Multiple Nexon games suffer from an unquoted path privilege escalation vulnerability.
ae3dc720652a1161004450af6de86cde4682dd9e3789a6fea1dd95a02ff904b7Debian Linux Security Advisory 3580-1 - Nikolay Ermishkin from the Mail.Ru Security Team and Stewie discovered several vulnerabilities in ImageMagick, a program suite for image manipulation. These vulnerabilities, collectively known as ImageTragick, are the consequence of lack of sanitization of untrusted input. An attacker with control on the image input could, with the privileges of the user running the application, execute code (CVE-2016-3714), make HTTP GET or FTP requests (CVE-2016-3718), or delete (CVE-2016-3715), move (CVE-2016-3716), or read (CVE-2016-3717) local files.
747cf13d24c6beb4d0ce9afc86b233876539d3430e7ac143db6dd5daba44316eHex: Shard of Fate version 1.0.1.026 suffers from an unquoted path privilege escalation vulnerability.
a21e1888cef138f37d32feb4f851bcb83406be17358d447e2ca62f796c0bc177The TP-Link SC2020n Network Video Camera is vulnerable to OS Command Injection via the web interface. By firing up the telnet daemon, it is possible to gain root on the device. The vulnerability exists at /cgi-bin/admin/servetest, which is accessible with credentials.
6d9bcf28b50744ae1b54ed55f4fdaa3d592c14f7b0231ff8fe3e82e0cf7640caSAP MII version 15.0 suffers from a directory traversal vulnerability.
3d47db897ab0c13589383048d607feb517d5192140c1fe1fec6f7b1c71e770f9SAP NetWeaver AS JAVA version 7.4 suffers from a cross site scripting vulnerability.
6b5b4efd5d7e256e564699033608a728468786c991209741d89bfdce20049406Various PLANET IP cameras suffer from local file inclusion, arbitrary file read, information disclosure, cross site request forgery, cross site scripting, and hard-coded credential vulnerabilities.
32a7e102bd9444774357f4899f075de9a6081f7cccd69d5a1179bd263341ef93Merit LILIN IP cameras suffer from cross site request forgery, cross site scripting, hard-coded credential, and various other vulnerabilities.
a711535aafed30d30e1a56926ee5a7846d632335d1407d6a65b454b5335e783bDebian Linux Security Advisory 3579-1 - Gustavo Grieco discovered an use-after-free vulnerability in xerces-c, a validating XML parser library for C++, due to not properly handling invalid characters in XML input documents in the DTDScanner.
45b6e047db4b73858971629f52ff7aa4053af4847c4a43806674c5fe5dc051caDebian Linux Security Advisory 3578-1 - It was discovered that libidn, the GNU library for Internationalized Domain Names (IDNs), did not correctly handle invalid UTF-8 input, causing an out-of-bounds read. This could allow attackers to disclose sensitive information from an application using the libidn library.
0f6df94ca20bee4e1e8ac06f0e309a5d702366a562dcfdf9f35c4080410948d4Debian Linux Security Advisory 3577-1 - Gustavo Grieco discovered that jansson, a C library for encoding, decoding and manipulating JSON data, did not limit the recursion depth when parsing JSON arrays and objects. This could allow remote attackers to cause a denial of service (crash) via stack exhaustion, using crafted JSON data.
35e0db4c71f3007af50999c51a455a7780263187a843797552b6d84891ce2fb6Adobe Flash suffers from a use-after-free vulnerability in addProperty.
1b2c5c8671f279a72c51ff397907b306c28103beaa466105adb2ca954f9d46cfA malicious mp4 file can cause stack corruption in Adobe Flash.
5c20d0caed9aa474e926c8c2f3fe70234702e7285a0649e165699ff480f97a1e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed