Slackware Security Advisory - New gnupg2 packages are available for Slackware 13.37, 14.0, 14.1, 14.2, and - -current to fix a security issue.
d310e76a0921a6cc2ee16f19d8f8b391df2cb4899707346d543830d25c927438Debian Linux Security Advisory 4224-1 - Marcus Brinkmann discovered that GnuGPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email.
48ffa2083ce23edda66107d7e98133264aff4c0af7aaa1febaa827798b766e31Debian Linux Security Advisory 4220-1 - Ivan Fratric discovered a buffer overflow in the Skia graphics library used by Firefox, which could result in the execution of arbitrary code.
20dac8da2aa3b0850230e9839582a70df5eb615fb9c785abfc18ecae374e9b7dDebian Linux Security Advisory 4221-1 - Alexander Peslyak discovered that insufficient input sanitising of RFB packets in LibVNCServer could result in the disclosure of memory contents.
836f52812d9c51553e2be67824d58a661d853e79e2193ac4a05b1a7d0e46b6bcXiongMai uc-httpd version 1.0.0 suffers from a buffer overflow vulnerability.
069dabf4383561057bde692c6f3a559449df9f5431de62760f807308dac7d99bOX App Suite versions 7.8.4 and below suffer from cross site scripting, improper privilege management, content spoofing, server-side request forgery, and path traversal vulnerabilities.
b05b1425ad2ad09c94d5f8ea14683797a289d6404376b147dc5a8333076d15fcThe libfsntfs_attribute_read_from_mft function in libfsntfs_attribute.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. The libfsntfs_reparse_point_values_read_data function in libfsntfs_reparse_point_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. The libfsntfs_mft_entry_read_header function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. The libfsntfs_security_descriptor_values_free function in libfsntfs_security_descriptor_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause a denial of service (double-free) via a crafted ntfs file. The libfsntfs_mft_entry_read_attributes function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file.
d51475d526556c38315d3ad495346f228174e57aaea7b756952cb090daa26d44The mobi_parse_index_entry function in index.c in Libmobi 0.3 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted mobi file. The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file. The mobi_decode_font_resource function in util.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file.
734054659817f2c6fe191be96ca9463bb463d1768291d5ec1cb547fef8c59d82The libpff_name_to_id_map_entry_read function in libpff_name_to_id_map.c in libyal libpff through 2018-04-28 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted pff file.
bb60000f6af9c141c2ef4116d6d57a18a2cf342fb2daab8cb8e5c99b583a5d0aGnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
777b4cb8ced21965a5053d4fa20fe11484f0a478f3d011cef508a1a49db50dcdDebian Linux Security Advisory 4219-1 - Several vulnerabilities were discovered in jruby, a Java implementation of the Ruby programming language. They would allow an attacker to use specially crafted gem files to mount cross-site scripting attacks, cause denial of service through an infinite loop, write arbitrary files, or run malicious code.
6e5cc1eb575ab1d047c7a67b69e08887ebd38e343b7b9963e1a43e4d616ef663This archive holds a 70+ pages long technical paper accompanied by two reverse engineering tools to analyze STMicroelectronics DVB chipsets.
38bffd3496f315e8460e0c28a7d946b77b455c78115e5b31dff9bc4e92356db9OfficeScan XG version 11.0 suffers from an unauthorized change prevention bypass vulnerability.
32dc9c5686796d41853c8b27d1d4b50ef583c060f39f37106a3843b56056a2a3Gnome Web (Epiphany) versions prior to 3.28.2.1 suffer from a denial of service vulnerability.
ad038f44f7bbbf2ff97e2ef7529e457cfe0a4797fa9c915a63209bf98270321cJoomla versions 2.4.0 and below suffer from a cross site scripting vulnerability in the Gridbox extension.
a5c9be825a63ecbce56403bbaa7bc44f16907303759cbb78c94f17f7cb178ffdThe ClassLink OneClick browser extension and the ClassLink Agent are vulnerable to universal cross site scripting and remote code execution.
9009c6063cf45f973ccdc5297fed83759e8c4e593bf42a2455d616f09143e5c4ESPN's CDN suffers from a cross site scripting vulnerability.
9be24660797a2ad3378aff136f4908999af7c4b7bab45ebf5f069b1ae697cd72Red Hat Security Advisory 2018-1812-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP20. Issues addressed include deserialization, insecure handling, randomization, and use-after-free vulnerabilities.
221148ef0de88896f8459f4e5e0cbf8dcb142f45ea6c2e753d125ce1e56b2984
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed