CVE-2019-9637

An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to...

Linux: Mounting of udf filesystems

The udf filesystem type is the universal disk format used to implement ISO/IEC 13346 and ECMA-167 specifications. This is an open vendor filesystem type for data storage on a broad range of media. This filesystem type is necessary to support writing DVDs and newer optical disc formats. Removing...

Linux: Mounting of jffs2 filesystems

The jffs2 journaling flash filesystem 2 filesystem type is a log-structured filesystem used in flash memory devices. Removing support for unneeded filesystem types reduces the local attack surface of the system. If this filesystem type is not needed, disable it. SPDX-FileCopyrightText: 2019...

Linux: Mounting of cramfs filesystems

The cramfs filesystem type is a compressed read-only Linux filesystem embedded in small footprint systems. A cramfs image can be used without having to first decompress the image. Removing support for unneeded filesystem types reduces the local attack surface of the server. If this filesystem typ...

Linux: Mounting of hfsplus filesystems

The hfsplus filesystem type is a hierarchical filesystem designed to replace hfs that allows you to mount Mac OS X filesystems. Removing support for unneeded filesystem types reduces the local attack surface of the system. If this filesystem type is not needed, disable it. SPDX-FileCopyrightText:...

Linux: Mounting of hfs filesystems

The hfs filesystem type is a hierarchical filesystem that allows you to mount Mac OS X filesystems. Removing support for unneeded filesystem types reduces the local attack surface of the system. If this filesystem type is not needed, disable it. SPDX-FileCopyrightText: 2019 Greenbone AG Some text...

Linux: Mounting of vfat filesystems

Older Windows systems and portable USB drives or flash modules use the FAT filesystem. The vfat module supports FAT12, FAT16 and FAT32. Linux kernel modules which implement filesystems that are not needed by the local system should be disabled. Note: This script looks for entry...

December 11, 2018—KB4471330 (Monthly Rollup)

December 11, 2018—KB4471330 Monthly Rollup Note: Because of minimal operations during the holidays and upcoming Western new year, there won’t be any preview releases for the month of December 2018. Monthly servicing will resume with the January 2019 security releases. Improvements and fixes This...

December 11, 2018—KB4471325 (Monthly Rollup)

December 11, 2018—KB4471325 Monthly Rollup Note: Because of minimal operations during the holidays and upcoming Western new year, there won’t be any preview releases for the month of December 2018. Monthly servicing will resume with the January 2019 security releases. Improvements and fixes This...

December 11, 2018—KB4471328 (Security-only update)

December 11, 2018—KB4471328 Security-only update Note: Because of minimal operations during the holidays and upcoming Western new year, there won’t be any preview releases for the month of December 2018. Monthly servicing will resume with the January 2019 security releases. Improvements and fixes...

December 11, 2018—KB4471324 (OS Build 17134.471)

December 11, 2018—KB4471324 OS Build 17134.471 Note: Because of minimal operations during the holidays and upcoming Western new year, there won’t be any preview releases for the month of December 2018. Monthly servicing will resume with the January 2019 security releases. Improvements and fixes...

December 11, 2018—KB4471319 (Security-only update)

December 11, 2018—KB4471319 Security-only update Note: Because of minimal operations during the holidays and upcoming Western new year, there won’t be any preview releases for the month of December 2018. Monthly servicing will resume with the January 2019 security releases. Improvements and fixes...

December 11, 2018—KB4471322 (Security-only update)

December 11, 2018—KB4471322 Security-only update Note: Because of minimal operations during the holidays and upcoming Western new year, there won’t be any preview releases for the month of December 2018. Monthly servicing will resume with the January 2019 security releases. Improvements and fixes...

October 9, 2018—KB4462929 (Monthly Rollup)

October 9, 2018—KB4462929 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4457134 released September 20, 2018 and addresses the following issues: Security updates to Windows Media Player, Microsoft Graphics Component, Windows...

October 9, 2018—KB4463104 (Security-only update)

October 9, 2018—KB4463104 Security-only update Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue in which all guest virtual machines running Unicast NLB fail to...

October 9, 2018—KB4462931 (Security-only update)

October 9, 2018—KB4462931 Security-only update Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue in which all guest virtual machines running Unicast NLB fail to...

October 9, 2018—KB4462923 (Monthly Rollup)

October 9, 2018—KB4462923 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4457139 released September 20, 2018 and addresses the following issues: Security updates to Windows Media Player, Windows Graphics, Microsoft Graphics...

October 9, 2018—KB4462919 (OS Build 17134.345)

October 9, 2018—KB4462919 OS Build 17134.345 Note This release also contains updates for Microsoft HoloLens OS Build 17134.345 released October 9, 2018. Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key...

Amazon Linux 2 : policycoreutils (ALAS-2018-1076)

Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state...

Immunity Canvas: SHOW_TIMER_LEAK

Name| showtimerleak ---|--- CVE| CVE-2017-18344 Exploit Pack| CANVAS Description| showtimerleak Notes| CVE Name: CVE-2017-18344 NOTES: This module gives an unpriviledged user the ability to dump a file from the kernel memory. A common scenario is to dump the /etc/shadow or kerberos tickets. Note:...