Ubuntu Security Notice 3560-1 - It was discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows QEMU to expose new CPU features added by microcode updates to guests on amd64, i386, and s390x. On amd64 and i386, new CPU models that match the updated microcode features were added with an -IBRS suffix. Certain environments will require guests to be switched manually to the new CPU models after microcode updates have been applied to the host. Various other issues were also addressed.
ecf30c2ab3063f7c4453fd5a2f25fd20a9a0811b8b750790af31f961d51b10e9Red Hat Security Advisory 2018-0285-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 28.0.0.161. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
8a55ff082adb2050d0ba197537f62c4ce0a4d5b6d98222bd4250b5d7e7669d5aCisco ASA crash proof of concept exploit.
22410b089089e7b8ffef27f7fb0a008e7affff448aee37013b0a41335bb533a6InfoZip UnZip versions 6.00 and below and 6.1c22 and below suffer from multiple buffer overflow vulnerabilities.
dac731d2690cb1af2ab661aed3d50c9247b02e31917bc2d087907958bbe12e5eOnline Test Script version 2.0.7 suffers from a remote SQL injection vulnerability.
cd0307298550cabc1a7b58b19655a9a29aeb8cff02e9c0b935e0fe15968f04a1Hot Scripts Clone Script Classified version 3.1 suffers from a cross site scripting vulnerability.
a554ae59f4aaf8356bc6b8c7762da4da53560fbad14fa447eea25964c957af53MalwareFox AntiMalware version 2.74.0.150 suffers from a local privilege escalation vulnerability.
535e902bcb52d7119719f4adb46efa5dabeaf1f0cebc17dec4b5c1a39e6a597eUbuntu Security Notice 3559-1 - It was discovered that Django incorrectly handled certain requests. An attacker could possibly use this to access sensitive information.
24fb96a7aeea6dbab0ee7506db4be544a25951c589739278125f848889e699ccMultilanguage Real Estate MLM Script versions 3.0 and below suffer from a persistent cross site scripting vulnerability.
0a4aca6bb487cb20980af32211fbd36458c05e66b8b8f15dbda9f9ef91e9794dEntrepreneur Dating Script version 2.0.2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
84761ebe94d4e8b348271d4375c41149aac86b810d75bf91bafce3c38837934cDebian Linux Security Advisory 4105-1 - It was discovered that mpv, a media player, was vulnerable to remote code execution attacks. An attacker could craft a malicious web page that, when used as an argument in mpv, could execute arbitrary code in the host of the mpv user.
9d62b2442745a4c9c4bd227c62bd0a6d2955e0b06fe5fa74c04517dcf75ea546Naukri Clone Script version 3.0.3 suffers from a persistent cross site scripting vulnerability.
f1763de7f69cc82f9ce26a172c0914028e16e5677132fe8edf6d14b892185c27PHP Scripts Mall Doctor Search Script version 1.0.2 suffers from a cross site scripting vulnerability.
fdb04a7140d76d1de3c87907bf8d52105b86c40b5a030e237341874df608e6c3Adobe Coldfusion version 11.0.03.292866 BlazeDS java object deserialization remote code execution exploit.
9f43954491b5424ac6ee32a1cc680c100107de9af5a045c39dae3bcff46fe242Geovision Inc. IP Camera and Video Server remote command execution proof of concept exploit.
f762d019583e0d7096722348281e9a3c4ba29f54f060ab1b5ed4d4e9e947c0f4
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed