This advisory describes a local privilege escalation via guest-account in LightDM found in Ubuntu versions 16.10 / 16.04 LTS.
7eb1528e323459cf945e526fa778e82b210bbab5581e8b3874acbbb6985be89bUnder its default configuration, Cassandra binds an unauthenticated JMX/RMI interface to all network interfaces. As RMI is an API for the transport and remote execution of serialized Java, anyone with access to this interface can execute arbitrary code as the running user. Versions 1.2.0 to 1.2.19, 2.0.0 to 2.0.13, and 2.1.0 to 2.1.3 are affected.
d79a592a24e0f1d275de2bef522ee3e10d9c60eb83bb3d79b0647c9167894d02Apache Qpid's qpidd up to and including version 0.30 has an issue where an attacker can gain access to qpidd as an anonymous user, even if the ANONYMOUS mechanism is disallowed.
06645715d84f1fc35ec6374bda9612d9d7e7cfe32c43f771345163d665548962Apache Qpid's qpidd up to and including version 0.30 has an issue where certain unexpected protocol sequences cause the broker process to crash due to insufficient checking, but that authentication could be used to restrict the exploitation of this vulnerability.
8993e8ca3a940ec6ab2ae983a86c4b9b0e15985ffbd0a9791e196337735cb1e6Apache Qpid's qpidd up to and including version 0.30 suffers from a denial of service vulnerability.
93e08a917a4400984c0daa916d80f064f905d79916e53644c6f039af207a0100Apache Qpid's qpidd versions 0.30 and below can be induced to make HTTP requests.
02b8f6b5094a9d7d10965cd7f7bba8617ecef190936e5c0be10efc070b74f3ed
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed