Ubuntu Security Notice 3675-1 - Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the status of the cryptographic operation reported by GnuPG. Lance Vick discovered that GnuPG did not enforce configurations where key certification required an offline master Certify key. An attacker with access to a signing subkey could generate certifications that appeared to be valid. This issue only affected Ubuntu 18.04 LTS. Various other issues were also addressed.
3766e8329e34b63027e4f5cf9a8633afd662c34ab0ba403d391cd6bb6a60ae4bAsterisk Project Security Advisory - When endpoint specific ACL rules block a SIP request they respond with a 403 forbidden. However, if an endpoint is not identified then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints.
0a8df976f443c76825aaacd37af4fd8f1b496b41d03db87301ebcb184dddb134Asterisk Project Security Advisory - When connected to Asterisk via TCP/TLS if the client abruptly disconnects, or sends a specially crafted message then Asterisk gets caught in an infinite loop while trying to read the data stream. Thus rendering the system as unusable.
b374d470f9dcc44672552df78fa345a74c969e43f270c085e9d4019049d28547Ubuntu Security Notice 3674-2 - USN-3674-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
d9670de8ee5732e1f317876d13852a8d12a2013a36b3d7dd2d941db95d255de8Ubuntu Security Notice 3674-1 - It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a NULL pointer dereference existed in the RDS protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
d808284e76889914a80353a1e3422eace8b93049648e16d9582cece4693fb7c1VMware Security Advisory 2018-0015 - VMware AirWatch Agent updates resolve remote code execution vulnerability.
8eedf84a536af539e3b782efa5002b2304872f2285e51ab25ee1e8a223443c8aRed Hat Security Advisory 2018-1824-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 30.0.0.113. Issues addressed include a code execution vulnerability.
eb085c3e02115ffe7d44e26102878dd393e3745df415b5e9970e0e5dc3f16fa5Red Hat Security Advisory 2018-1825-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 67.0.3396.79. Issues addressed include an incorrect handling of the CSP header.
0b40e8fb6cb8d1e698165ee2fe8e40315dbf848332de820448b6308ca1da5a3fRed Hat Security Advisory 2018-1820-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a heap overflow vulnerability.
f2d957f9b40130aa3fdabbf4336e770d69893b20f1d8e6d68e0566726a5819b1Splunk versions 6.2.3 through 7.0.1 suffer from an information disclosure vulnerability.
799e5977c37e92a4b8cae606ad19d8dfc60e9a513a80f2cef6e0a03e025ecdb6userSpice version 4.3.24 suffers from a username enumeration vulnerability.
1dd5f5e4c2e9fccbf4b67cf18579d258dbfb1cc68d65cce24865514de10f13beuserSpice version 4.3.24 suffers from an X-Forwarded-For cross site scripting vulnerability.
4ea0d12a03a60e6b02bb7c5210264ce73e64dfd04cc3e842e48eec6e4bd3d5b1Schools Alert Management Script suffers from an arbitrary file deletion vulnerability.
a30d184e06e7195ec70fb958780df5a9d4b448ad6cf584d2525d35bbf3c9dcb6Joomla Ek Rishta component version 2.10 suffers from a remote SQL injection vulnerability.
16f737f4ee08cfe42a11a7224814e8d5af02676fc6a87da86b0c109711bc2a8eThe Event Manager PHP Script admin panel suffers from a remote SQL injection vulnerability in events_new.php.
b368ead29a2f750662393f8925e30b2d5a4d527a518307aa521c140f1f2ca00dWordPress Pie Register plugin versions prior to 3.0.9 suffer from a remote blind SQL injection vulnerability.
e04cd55a98ab1899a458679951e539e9b862845e1385e23ce312536b968454f9Schools Alert Management Script suffers from a remote SQL injection vulnerability.
717d15eff170a4c6ac733a4ee608d8802bacc07fecb3c1cf87baca10ac0b4e13Schools Alert Management Script suffers from an arbitrary file real vulnerability.
c06a12a979c39b653b47c3a4e1007f597fcae38135ee120c0721a899c3f45c54This Metasploit module exploits a vulnerability in WebKitFaviconDatabase when pageURL is unset. If successful, it could lead to application crash, resulting in denial of service.
2d4a36193a36d5db933286558911bee2976dd1809ed77e8e72e1d0079e824e85Schools Alert Management Script suffers from a remote SQL injection vulnerability.
066335c2b5756a5000c5d5a3e08fe5c6c686c697437f28e0b6648d343908d0bdWhitepaper called Reverse Engineering - Simple Patching. Written in Arabic.
1ddf1f7571967b1956d2af44522a52d2025891f1307b9286469463bc59474a65
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed