Debian Linux Security Advisory 4271-1 - Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix.
1cd23e688938ba7d5034395ba01b18fc3d061baf0c1802c7177355634269b102Debian Linux Security Advisory 4272-1 - Juha-Matti Tilli discovered a flaw in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker can take advantage of this flaw to trigger time and calculation expensive fragment reassembly algorithms by sending specially crafted packets, leading to remote denial of service. This is mitigated by reducing the default limits on memory usage for incomplete fragmented packets.
0728079d095807496cbcd5cf2912b81abbd6595bfa96cba6e6502591a1bae9f9It is possible to replay an authentication by using a specially prepared smartcard or token in case pam-pkcs11 is compiled with NSS support. Furthermore two minor implementation issues have been identified. Linux PAM version 0.6.9 is affected.
b156716f0716691c0ca438fba63d6af0df228025140f98efed7f8babd73f2e70Yubico version 0.1.9 libykneomgr suffers from out of bounds read and write vulnerabilities.
f026402949671b5c7eaa93c8c450e63c93a2dd7a8bf17ecede7d2e2b8238938bAttackers with local access can exploit security issues in the smartcard driver. These result in memory corruptions, which might lead to code execution. Since smartcards can be used for authentication, the vulnerabilities may allow an attacker to login to the system without valid credentials as any user.
03f8a989d5a6ce06634983e336918a7bae2b2c343a199065eb0802f689d3a8c5On August 14, fixes for CVE-2018-3620 and CVE-2018-3646 were released into the Ubuntu Xenial and Bionic kernels. These CVEs are security vulnerabilities caused by flaws in the design of speculative execution hardware in the computer's CPU. Researchers discovered that memory present in the L1 data cache of an Intel CPU core may be visible to other processes running on the same core.
85663d16e365831ddb6166944044cd7b5c82c443b513338e9cf44622ed20b0c4Multiple issues have been identified in OpenSC, ranging from stack based buffer overflows to out of bounds reads and writes on the heap. They can be triggered by malicious smartcards sending malformed responses to APDU commands. Additionally to those fixes reported here, a lot of minor issues (eg. OOB reads and similar) have been reported and fixed. Version 0.18.0 is affected.
7cbf1ff1fb1b510bc49220cd0645d75c841ff20cdb39c8575a2bdfc1fe2b2b64ASUSTOR NAS ADM version 3.1.0 suffers from code execution and remote SQL injection vulnerabilities.
1644681fa9ff008830ac7ddad2b94c3263d391b10d2e6962b1b9eaf1341a36beThis Metasploit module exploits a directory traversal vulnerability in cgit versions prior to 1.2.1.
a6e005dc2280ba56fb5c4225445c65d8851f8cf8775107d49d6da21b41b8d918Nasdaq BWise version 5.0 suffers from a JMX/RMI interface remote code execution vulnerability.
bd5c8c9b2bdc9af063a4f07d2fccdc991619335996b3a5f28f30a14b6f598b5eA buffer overflow and an out of bounds memory read were identified in the yubico-piv-tool-1.5.0, these can be triggered by a malicious token.
ba4bb77ccc36b888c9bfe1c04ac1e72de278a001510604b38d74fbc9bf952c81Wansview version 1.0.2 suffers from a denial of service vulnerability.
174b4f4e48a463dcff4ceeb63f875334dd8fd156adc424ebfd23e4a5102e130cSlackware Security Advisory - New openssl packages are available for Slackware 14.2 and -current to fix security issues.
6e711887d2814ee045ff01a89ca03e6b1ae678c324141c1fa0b6f5d63c441183This Microsoft advisory notification includes advisories released or updated on August 14, 2018.
395e66cd10014a37e907ad50920568dfcff21a31416ad12b47a5634a4be5182eThis Microsoft advisory notification includes security updates released on August 14, 2018.
7becd88c44c59c30bc785ebce0e77ae01984d49fce4197987c1e9fad17bd273eThis Metasploit module exploits a stack buffer overflow in Cloudme version 1.8.x and 1.9.x.
89e2b67fa70ea47b854afcbf57cff077380559cd4f00fe5f4a75523fe83aa13eJetty version 6.1.6 suffers from a cross site scripting vulnerability.
5a16f6df9887b8370e3580d8d5ebef0042e20e2a03a0475e679f35aa0a28c482cPanel versions 76 and below suffer from a filename based cross site scripting vulnerability.
eba54bf5cdcd8ef8d37af72785eee2c438d212069d085667cd2048a3c7e2995f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed