Red Hat Security Advisory 2018-0418-01 - LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. Security Fix: libreoffice: Remote arbitrary file disclosure vulnerability via WEBSERVICE formula.
a9fb919101d1d0d100c8aaf9df7bcd8a37122796ad3c221fc442b6ba84b9ba3bRed Hat Security Advisory 2018-0412-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: Kernel: KVM: MMU potential stack buffer overrun during page walks Kernel: KVM: debug exception via syscall emulation.
9a54b07277bfff301639af511a4c8cf54910763ea7b31ebde2aaaf49bc0dcc7eGentoo Linux Security Advisory 201803-1 - Multiple vulnerabilities have been found in Exim, the worst of which allows remote attackers to execute arbitrary code. Versions less than 4.90.1 are affected.
fae08f3a967abdc43a1c026ad3ce23d707d739eacf930009ae729881c47b4e5cUbuntu Security Notice 3591-1 - James Davis discovered that Django incorrectly handled certain template filters. A remote attacker could possibly use this issue to cause Django to consume resources, resulting in a denial of service.
9efac4a197e44f0396046429f942697760c1810c94fb2c30e8cb6eee1a01d582Magento suffers from product attribute information related cross site scripting vulnerabilities. Versions affected include Magento 2.0 prior to 2.0.18, Magento 2.1 prior to 2.1.12, and Magento 2.2 prior to 2.2.3.
549e235e03ef0bdbe9eea05a3e1bd3f340f29761c9abdad73f4036142c0591e3Magento suffers from downloadable product information related cross site scripting vulnerabilities. Versions affected include Magento 2.0 prior to 2.0.18, Magento 2.1 prior to 2.1.12, and Magento 2.2 prior to 2.2.3.
1bbd2c7b993ffcb1a4ef9c205272274661f6065ff4e313cd2057ced8ea75d918Magento Backups suffer from a cross site request forgery vulnerability. Versions affected include Magento Open Source prior to 1.9.3.8, Magento Commerce prior to 1.14.3.8, Magento 2.0 prior to 2.0.18, Magento 2.1 prior to 2.1.12, and Magento 2.2 prior to 2.2.3.
6d870f518782a4d674caa1e656efd73fa25831cbd1426facfd575d0b2defcd72Ubuntu Security Notice 3590-1 - It was discovered that Irssi incorrectly handled certain empty nick names. An attacker could possibly use this issue to cause a denial of service. It was discovered that Irssi incorrectly handled certain nick names. An attacker could possibly use this to access sensitive information. It was discovered that Irssi incorrectly handled an increase in the number of windows. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.
0548e0f4b89dc7472e3ba7693481d4756872196117f9b9df068049b4f91aecb4Red Hat Security Advisory 2018-0414-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: 389-ds-base: remote Denial of Service via search filters in SetUnicodeStringFromUTF_8 in collate.c 389-ds-base: Authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c.
01e6560dd4bd72db6460c4f62b68c7d6b23dedcf9b9f74ef4531c5259b2486bbRed Hat Security Advisory 2018-0395-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes.
29fea4f7c483d5c4d6cc5018a225a967284330ae9e73afc589eab9a2da529a2cMagento suffers from user information related cross site scripting vulnerabilities. Versions affected include Magento 2.0 prior to 2.0.18, Magento 2.1 prior to 2.1.12, and Magento 2.2 prior to 2.2.3.
8655d134ed2747f6351bd7d013f6487b55c2509759a2cba576f6d2143f46f59dUbuntu Security Notice 3589-1 - It was discovered that PostgreSQL incorrectly handled certain settings. An attacker could possibly use this issue to execute arbitrary code.
0030983d9b75e932de517259d17210a3137393e74bb8c2fc02ad201060ec426dUbuntu Security Notice 3585-1 - It was discovered that Twisted incorrectly handled certain HTTP requests. An attacker could possibly use this issue to execute arbitrary code.
6c609a9e2691d6eed8bc3f861c4ee967dd833b66728ff40a58ff763217a9250aRSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG contain fixes for a privilege escalation vulnerability that could potentially be exploited by malicious users to compromise an affected system. Affected includes RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (hardware appliance and software bundle deployments only), RSA Via Lifecycle and Governance version 7.0, all patch levels (hardware appliance and software bundle deployments only), and RSA Identity Management and Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (hardware appliance and software bundle deployments only).
3424a0127be2c0bd6adf14ce8f570640de8d777d1ac0ffefdf0bd1d3fdddf8dcRSA Archer GRC Platform versions prior to 6.2.0.8 suffer from user enumeration and open redirection vulnerabilities.
26cf1ac8a59c26447ef806d9c9c08fa12345b2512cc34368dd098c490ed71607Debian Linux Security Advisory 4132-1 - It was discovered that incorrect validation of frame widths in the libvpx multimedia library may result in denial of service and potentially the execution of arbitrary code.
46d3020315b985a2f9a956214d85c1cf687e1365e73f1693b4d2c52b29d71b87Red Hat Security Advisory 2018-0406-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: php: Buffer over-read from uninitialized data in gdImageCreateFromGifCtx function.
4322515cbf61927f02138b3b9c63386e93b8fc562cb4ad2a53a1c5aa43d92afeRed Hat Security Advisory 2018-0399-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: kernel: Use-after-free vulnerability in DCCP socket.
0c2eac28c72bb6c1f61ae13685312f6dfd422cd6c7ce11ed32952df66f624e0aDup Scout Enterprise version 10.5.12 suffers from a share username local buffer overflow vulnerability.
2cd3244d99f515f8423472b55b8cd08deb6816c2085fd413eb98727253c897cfThis is a proof of concept exploit for the memcached denial of service vulnerability.
e236ca49ed546c12ddb112111227312a5a52d87e88bf7ea165c9c3f5f8064cc2Xion version 1.0.125 .m3u file local SEH-based unicode buffer overflow exploit.
1c6e336d96bdd83059f021345fe494f2e7e24d065db0bafce0cb83dd0f334fd7Bravo Tejari Web Portal suffers from a cross site request forgery vulnerability.
755e2c3ea76f5f03a49b9d242e4aa278dc53f0722ef3b08295e8716d9fabf6beRapid Scada version 5.5.0 suffers from an insecure permission vulnerability.
f8015ce3acb7acf63bc94d7778e2d496db64e347752ff5ebb6255b75fa67345a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed