This Metasploit module exploits an authentication bypass in .srv functionality and a command injection in parhand to execute code as the root user.
c10f9b22f833b812b5b5320ea587dedf77fe8a60a4a58ddec5548a2ea5fb202dTrivum Multiroom Setup Tool version 8.76 suffers from a cross site request forgery vulnerability.
089d519a68650f17e77aeb208817d089d6ad194b453eccac690b71c2ff37c3a1There is a heap overflow in Skia when drawing paths with anti-aliasing turned off. This issue can be triggered in both Google Chrome and Mozilla Firefox by rendering a specially crafted SVG image. Proof of concepts included.
3f160181c8497dc4cf1f1145b96c07f641ce5f7ac700a9824ddcbbf59315795bCore FTP version 2.0 XRMD denial of service proof of concept exploit.
66307a4890821f1325509963fa3a88fdd06110613682aa0ae6983a65634cc93fThis Microsoft bulletin summary holds CVE updates for CVE-2018-8308.
dea63ee770752757f3393bac9560688ed9ae6dbfb0eca27e531bdc642cfdcaa5CleanMyMac3 suffers from a local privilege escalation vulnerability.
6744052aebb52d3e899c7d82463ec8086571011160b1cf1d11510bcdd6c0949fWordPress Snazzy Maps plugin versions 1.1.3 and below suffer from a cross site scripting vulnerability.
69d9372e1f11eb13779812a45773c8c5799eb581c2d4f0a43fdac8c63bc11aacRed Hat Security Advisory 2018-2251-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.9.1. Issues addressed include buffer overflow, cross site request forgery, and use-after-free vulnerabilities.
cfab7a998bd27c1e4a1a0e65a6b7bd19bed1aba4d0504b8ee9a31d57643744bfRed Hat Security Advisory 2018-2252-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.9.1. Issues addressed include buffer overflow, cross site request forgery, and use-after-free vulnerabilities.
710bbfbe7f1c6bbad567e4d6df96227243d295254c8df4498a8b7b3a8cd14173Red Hat Security Advisory 2018-2255-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 191. Issues addressed include an insufficient validation vulnerability.
7f56d6d295c0b9904a9d164fe4d5c455c5008ad4d1e65d4ab50bb02cf2ac133dRed Hat Security Advisory 2018-2258-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. Issues addressed include a bypass vulnerability.
76959ab67f758bf3a25828abc174c7dee4a3e20303347acfeb5222db000f8b03Red Hat Security Advisory 2018-2261-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Issues addressed include a replay attack vulnerability.
3abdddcc6ff800466cb69e4f002a8015497e54b68610e36aa52a8258ba62d450Red Hat Security Advisory 2018-2267-01 - The procps packages contain a set of system utilities that provide system information. The procps packages include the following utilities: ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, pwdx, sysctl, pmap, and slabtop. Issues addressed include a heap overflow vulnerability.
c0907ab3460d24304dcb7a7f242911a95312066de9cc013fadeb46fad7b1d68bRed Hat Security Advisory 2018-2268-01 - The procps packages contain a set of system utilities that provide system information. The procps packages include the following utilities: ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, pwdx, sysctl, pmap, and slabtop. Issues addressed include a heap overflow vulnerability.
5c5dce04b98f5034ccab76187f370aa0ec5490e0a49c819bb83e596dc833f392Red Hat Security Advisory 2018-2274-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Issues addressed include a replay attack.
bea6f150d20001083244fdaba28167aa06e13177c81317dee86bdbc4c382fa81Red Hat Security Advisory 2018-2276-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on Wildfly. This asynchronous patch is a security update for wildfly-core and apache-cxf packages in Red Hat JBoss Enterprise Application Platform 7.1 Issues addressed include a traversal vulnerability.
5bfd068d41ade41ff1f4c1290242f6d2137acaf5d4dccdaca5ac00d3c77c4c4cRed Hat Security Advisory 2018-2277-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on Wildfly. This asynchronous patch is a security update for apache-cxf package in Red Hat JBoss Enterprise Application Platform 7.1 Issues addressed include a traversal vulnerability.
846c99de715bb3f633d02464de9d396b4458165b9af6c343861912a7f7ca622eRed Hat Security Advisory 2018-2279-01 - Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This asynchronous patch is a security update for wildfly-core and apache-cxf packages in Red Hat Single Sign-On 7.2. Issues addressed include a traversal vulnerability.
d56913cfdf67e8721884d0fa325bfa7b3d2be10531eb51b925101cdb44681478Tracto ERC20 suffers from an integer overflow vulnerability.
bc34d4bbbffaebf35132a4b460490459086c1cddcfe292345c067eb4956963b2Ubuntu Security Notice 3722-3 - USN-3722-1 fixed vulnerabilities in ClamAV. The updated ClamAV version removed some configuration options which caused the daemon to fail to start in environments where the ClamAV configuration file was manually edited. This update fixes the problem. Various other issues were also addressed.
41052a7d3bb083be920c2df786f863a32cee51a01ca68f639683d2e4d9a7eeecUbuntu Security Notice 3722-4 - USN-3722-1 fixed vulnerabilities in ClamAV. The updated ClamAV version removed some configuration options which caused the daemon to fail to start in environments where the ClamAV configuration file was manually edited. This update fixes the problem. Various other issues were also addressed.
3f0e86e883998fe97abd02ceef3e0439bf2a4b04d4556694b7e29c0f101c686fUbuntu Security Notice 3724-1 - Jon Kristensen discovered that Evolution Data Server would automatically downgrade a connection to an IMAP server if the IMAP server did not support SSL. This would result in the user's password being unexpectedly sent in clear text, even though the user had requested to use SSL.
3d04bb1d5ce0cb74db7fe74df01a5a64e35f411215bfd767137a2d675c04a6bc
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed