Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
Roxy Fileman version 1.4.5 for .NET suffers from a directory traversal vulnerability.
Siemens Security Advisory - SPPA-T3000 Application Server and MS3000 Migration Server are affected by multiple vulnerabilities. Some of the vulnerabilities can allow an attacker to execute arbitrary code on the server. Exploitation of the vulnerabilities described in this advisory requires access to either Application- or Automation Highway. 54 CVEs are covered in this advisory.
FTP Commander Pro version 8.03 suffers from a local stack overflow vulnerability.
NVMS-1000 suffers from a directory traversal vulnerability.
Red Hat Security Advisory 2019-4201-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include a denial of service vulnerability.
Windows Defender Antivirus version 4.18.1908.7-0 suffers from a file extension spoofing vulnerability.
Qualys discovered a local privilege escalation in OpenBSD's dynamic loader (ld.so). This vulnerability is exploitable in the default installation (via the set-user-ID executable chpass or passwd) and yields full root privileges. They developed a simple proof of concept and successfully tested it against OpenBSD 6.6 (the current release), 6.5, 6.2, and 6.1, on both amd64 and i386; other releases and architectures are probably also exploitable.
This Metasploit module exploits a command injection in OpenNetAdmin versions 8.5.14 through 18.1.1.
Bullwark Momentum Series JAWS version 1.0 suffers from a directory traversal vulnerability.
Red Hat Security Advisory 2019-4222-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers the RPM packages for the OpenShift Service Mesh 1.0.3 release. Issues addressed include bypass and information leakage vulnerabilities.
Ubuntu Security Notice 4214-2 - USN-4214-1 fixed a vulnerability in RabbitMQ. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
Ubuntu Security Notice 4217-2 - USN-4217-1 fixed several vulnerabilities in Samba. This update provides the corresponding update for Ubuntu 14.04 ESM. Andreas Oster discovered that the Samba DNS management server incorrectly handled certain records. An authenticated attacker could possibly use this issue to crash Samba, resulting in a denial of service. Various other issues were also addressed.
Red Hat Security Advisory 2019-4205-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.3.0. Issues addressed include buffer overflow and use-after-free vulnerabilities.
Apple Security Advisory 2019-12-10-4 - watchOS 5.3.4 is now available and addresses a code execution vulnerability.
Apple Security Advisory 2019-12-10-3 - macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra is now available and addresses buffer overflow, code execution, and denial of service vulnerabilities.
Apple Security Advisory 2019-12-10-2 - iOS 12.4.4 is now available and addresses a code execution vulnerability.
Apple Security Advisory 2019-12-10-5 - tvOS 13.3 is now available and addresses code execution vulnerabilities.
Apple Security Advisory 2019-12-10-6 - Safari 13.0.4 is now available and addresses code execution vulnerabilities.
Apple Security Advisory 2019-12-10-8 - watchOS 6.1.1 is now available and addresses code execution vulnerabilities.
Red Hat Security Advisory 2019-4096-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Red Hat Security Advisory 2019-4101-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2019-4097-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include bypass and cross site scripting vulnerabilities.
Red Hat Security Advisory 2019-4098-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Red Hat Security Advisory 2019-4099-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed