:: Deepquest ::

Asterisk version 14.4.0 running chan_pjsip with PJSIP version 2.6 suffers from a denial of service vulnerability.

Asterisk version 14.4.0 with chan_skinny enabled suffers from a memory exhaustion vulnerability that can lead to a denial of service vulnerability.

This vulnerability permits an unprivileged user on a Linux machine on which VMWare Workstation is installed to gain root privileges. The issue is that, for VMs with audio, the privileged VM host process loads libasound, which parses ALSA configuration files, including one at ~/.asoundrc. libasound is not designed to run in a setuid context and […]

Mantis Bug Tracker versions 1.3.10 and 2.3.0 suffer from a cross site request forgery vulnerability.

MacOS suffers from a kernel register leak via 32-bit syscall exit.

LG has an issue where a malformed OGM file can cause the use of an uninitialized pointer during Vorbis header verification – vorbis_info_clear is called on a vorbis_info structure that has not previously been initialised by a call to vorbis_info_init.

This is an issue on MacOS that allows un-entitled root to read kernel frame pointers, which might be useful in combination with a kernel memory corruption bug.

Sure Thing Disc Labeler version 6.2.138.0 suffers from a buffer overflow vulnerability.

This Metasploit module exploits a stack-based buffer overflow vulnerability in the web interface of VX Search Enterprise v9.5.12, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. This Metasploit module has been tested successfully on Windows 7 SP1 x86.

http://keelek-phatumrat.go.th notified by Con7ext