Security Bulletin: IBM Spectrum LSF is affected by a privilege escalation vulnerability

Summary IBM Spectrum LSF has addressed the following vulnerability. Enhancing the eauth executable file to prevent the preloading of getuid to avoid the users changing their job user at job submission time. Vulnerability Details CVEID:CVE-2018-1724 DESCRIPTION:IBM Spectrum LSF 9.1.1 9.1.2, 9.1.3,...

GHSA-MH7G-99W9-XPJM Remote code execution occurs in Apache Solr

Remote code execution occurs in Apache Solr before versions 5.5.5, 6.6.2 and 7.1.0 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external...

ClamAV Denial of Service Vulnerability (CNVD-2018-21240)

ClamAV Clam AntiVirus is a free and open source antivirus program developed by the ClamAV team. The software is used to detect Trojans, viruses, malware and other malicious threats. A security vulnerability exists in the 'unmew11' function of MEW unpacker in versions of ClamAV prior to 0.100.2. A...

kernel: Integer overflow in Linux's create_elf_tables function

An integer overflow flaw was found in the Linux kernel's createelftables function. An unprivileged local user with access to SUID or otherwise privileged binary could use this flaw to escalate their privileges on the system...

DEBIAN-CVE-2018-15378

A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service DoS condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11" function libclamav/mew.c, which can be exploited to trigger an invalid read memory access v...

ALPINE-CVE-2018-15378

A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service DoS condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11" function libclamav/mew.c, which can be exploited to trigger an invalid read memory access v...

DEBIAN-CVE-2018-18310

An invalid memory address dereference was discovered in dwflsegmentreportmodule.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service application crash with a crafted ELF file, as demonstrated by considernotes...

Cisco WebEx Network Recording Player ATAS32 ARF File Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

Quick Heal Technologies Seqrite EndPoint Security Elevation of Privilege Vulnerability

Quick Heal Technologies Seqrite EndPoint Security EPS is a suite of endpoint security protection solutions from Quick Heal Technologies India. The product features device control, vulnerability scanning, patch management and asset management. An elevation of privilege vulnerability exists in Quic...

Music Center for PC improperly verifies software update files

Overview Music Center for PC provided by Sony Video & Sound Products Inc. contains an issue in software update process CWE-669. As a result, under a man-in-the-middle attack, a specially crafted executable file may be downloaded and executed. DigiGnome reported this vulnerability to IPA. JPCERT/C...

[SECURITY] Fedora 29 Update: nekovm-2.2.0-8.fc29

Neko is a high-level dynamically typed programming language which can also be used as an embedded scripting language. It has been designed to provide a common run-time for several different languages. Neko is not only very easy to learn and use, but also has the flexibility of being able to exten...

ifwatchd Privilege Escalation Exploit

This Metasploit module attempts to gain root privileges on QNX 6.4.x and 6.5.x systems by exploiting the ifwatchd suid executable. ifwatchd allows users to specify scripts to execute using the '-A' command line argument; however, it does not drop privileges when executing user-supplied scripts,...

ifwatchd - Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ifwatchd Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on QNX 6.4.x and 6.5.x systems by exploiting the...

JVN#36623716: Music Center for PC improperly verifies software update files

Music Center for PC provided by Sony Video & Sound Products Inc. contains an issue in software update process CWE-669. As a result, under a man-in-the-middle attack, a specially crafted executable file may be downloaded and executed. Impact Under a man-in-the-middle attack, a specially crafted fi...

CVE-2018-17775

Seqrite End Point Security v7.4 has "Everyone: F" permission for %PROGRAMFILES%\Seqrite\Seqrite, which allows local users to gain privileges by replacing an executable file with a Trojan horse...

Code injection

Seqrite End Point Security v7.4 has "Everyone: F" permission for %PROGRAMFILES%\Seqrite\Seqrite, which allows local users to gain privileges by replacing an executable file with a Trojan horse...

CVE-2018-17775

Seqrite End Point Security v7.4 has "Everyone: F" permission for %PROGRAMFILES%\Seqrite\Seqrite, which allows local users to gain privileges by replacing an executable file with a Trojan horse...

CVE-2018-5402

The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once authenticated can change configurations, upload new configuration files, and upload executable co...

ifwatchd Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ifwatchd Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on QNX 6.4.x and 6.5.x systems by exploiting the...

UBUNTU-CVE-2018-15378

A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service DoS condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11" function libclamav/mew.c, which can be exploited to trigger an invalid read memory access v...