Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
95a6b8249b729d6c431377015c53724d3d267b74c2c9e5596a4d1c59c15df64cMicrosoft Windows 10 Creators Update suffers from a 32-bit execution of ring-0 code from NULL page via NtQuerySystemInformation (class 185, Warbird functionality).
c9dba87848ba8309e2ef635f11fc4bb02d9040930b2591370ea21e0a1a27b79fUbuntu Security Notice 3459-2 - USN-3459-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 12.04 ESM. A Multiple security issues were discovered in MySQL and this update A includes new upstream MySQL versions to fix these issues. A MySQL has been updated to 5.5.58 in Ubuntu 12.04 ESM. Various other issues were also addressed.
70b7d12d84d4aa5120855332d774f53b647d9460ff4801984bc8ac3daf77b63cRed Hat Security Advisory 2017-3082-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 62.0.3202.75. Security Fix: A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.
524807a1eb1bf5c2f6d8bf017f507e705a7e2eb789944a6ac47b26f457f481c4Ubuntu Security Notice 3464-2 - USN-3464-1 fixed several vulnerabilities in Wget. This update provides the corresponding update for Ubuntu 12.04 ESM. A Antti Levomaki, Christian Jalio, and Joonas Pihlaja discovered that Wget incorrectly handled certain HTTP responses. A remote attacker could use this issue to cause Wget to crash, resulting in a denial of A service, or possibly execute arbitrary code. Various other issues were also addressed.
733a73af531d42ae891013006453221a631191deeaaf444b04f58f13f0b49b81Ubuntu Security Notice 3467-1 - It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service.
1df57a365ac818cf143477b1eb3886c6a673517536df6b6f2e33f24543f43b92Red Hat Security Advisory 2017-3081-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: A vulnerability was discovered in Tomcat's handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.
5ee983090f72ece9f5cb9792f0c4f5e3483212e72951bcc2f52b90e4f854419fRed Hat Security Advisory 2017-3080-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: A vulnerability was discovered in Tomcat's handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page.
72e971421dc578d94992998ea2583fa3d26096b02f8d1943c478536a76eccf76Gentoo Linux Security Advisory 201710-32 - Multiple vulnerabilities have been found in Apache, the worst of which may result in the loss of secrets. Versions less than 2.4.27-r1 are affected.
c4f07281c74492eeee76e5aa05668d9989fff715e4d08bed6c25d2d75755726cGentoo Linux Security Advisory 201710-31 - Multiple vulnerabilities have been found in Oracle's JDK and JRE software suites, the worst of which can be remotely exploited without authentication. Versions less than 1.8.0.152-r1 are affected.
2cf0328599c61e8d96a0c7644ff739c1e26ca5c16e25a38caa81567f6536847eGentoo Linux Security Advisory 201710-30 - Multiple vulnerabilities have been found in X.Org Server the worst of which could allow a local attacker to replace shared memory segments. Versions less than 1.19.4 are affected.
63eddffde35de0427f38fd9d9a39600951883ee472d11a47f0c8ae006c4c1d75Website Broker Script suffers from a remote SQL injection vulnerability.
1008f023d20735133678ce895414aae02d18601422947f0bd145a264938f8899Vastal I-Tech Agent Zone suffers from a remote SQL injection vulnerability.
3f5b7a2b9b7f01a7cadcc612a82bc00cb35adf711c3131624b53f1d516e5d380Zomato Clone Script suffers from a remote SQL injection vulnerability.
751c6587f5acca8dc49e0427d6b5ba66ba13c03b4b77bfaaa4b322146d479027PHP Inventory suffers from an arbitrary file upload vulnerability.
5cb053d150b5b12b4075097eb79ac29ed2b5c952892181b4110e7fc3c1835fa2Online Exam Test Application suffers from a remote SQL injection vulnerability.
d1e63c11a3df12015c68150cccfa68f6dbbc1e95760ad97160f791dcd93899cbWordPress Ultimate Product Catalog plugin versions 4.2.24 and below suffer from a PHP object injection vulnerability.
3a32c416cc40f0d2746a5880bfd6ee9b498b22a31a88ccef544429ac5814521e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed