A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it.
f596977ec0c838a1e24c8e7b3ba40756d8c45733524c4820e426799d27f008d3
Spring Data REST versions prior to 2.6.9 (Ingalls SR9) and 3.0.1 (Kay SR1) suffer from a PATCH request remote code execution vulnerability.
d1731be7e3c13eb181dffc18934b90d84ba2b0e795604b2cfbfe2829c85a1b0b
This tool will perform an NMap scan, or import the results of a scan from Nexpose, Nessus, or NMap. The processed results will be used to launch exploit and enumeration modules according to the configurable Safe Level and enumerated service information. All module results are stored on localhost and are part of APT2's Knowledge Base (KB). The KB is accessible from within the application and allows the user to view the harvested results of an exploit module.
7aa300429d6a0b709fbdadb7330886fba8194cbdeb3edf634379736834433398
Ubuntu Security Notice 3598-1 - Phan Thanh discovered that curl incorrectly handled certain FTP paths. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Dario Weisser discovered that curl incorrectly handled certain LDAP URLs. An attacker could possibly use this issue to cause a denial of service. Max Dymond discovered that curl incorrectly handled certain RTSP data. An attacker could possibly use this to cause a denial of service or even to get access to sensitive data. Various other issues were also addressed.
5fbb1400645b61a044fca73ca639b2de1ff2a14cc946b3e01c95040b0d3af675
Red Hat Security Advisory 2018-0528-01 - Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Issues addressed include a man-in-the-middle vulnerability.
372a0abd076134eead331d3655baa5f73e9be7f5fdf3e7d32cc05c357e4a3f50
Red Hat Security Advisory 2018-0527-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.7.0 ESR. Issues addressed include a buffer overflow vulnerability.
5a57b6946c0c19743f5c8d622733aebe1a42b551e4aaa2cd85bda3e5b6cd6a9e
Debian Linux Security Advisory 4138-1 - Several vulnerabilities were discovered in mbed TLS, a lightweight crypto and SSL/TLS library, that allowed a remote attacker to either cause a denial-of-service by application crash, or execute arbitrary code.
000142b4cb683ae87066a75057971417443fdc878266c68a19d146be3da88496
Red Hat Security Advisory 2018-0526-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.7.0 ESR. Issues addressed include a buffer overflow vulnerability.
1a11fea385f9134b845bdf721789f9cbcaa49e8f8d4b21f8ba21e3038d7f72f9
Ubuntu Security Notice 3597-2 - USN-3597-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. USNS 3541-2 and 3523-2 provided mitigations for Spectre and Meltdown for the i386, amd64, and ppc64el architectures for Ubuntu 16.04 LTS. This update provides the corresponding mitigations for the arm64 architecture. Various other issues were also addressed.
23bc8db95216b5246352497682682f4334b47b5deb970a8e3701b66d7f9c1884
Ubuntu Security Notice 3597-1 - USNS 3541-1 and 3523-1 provided mitigations for Spectre and Meltdown for the i386, amd64, and ppc64el architectures in Ubuntu 17.10. This update provides the corresponding mitigations for the arm64 architecture. Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. Various other issues were also addressed.
c1fff708893a2dfbc7b008429e3f314327f8a64ad5bdb9422d8f18fe0aeeb3c5
Red Hat Security Advisory 2018-0522-01 - .NET Core is a managed software framework. It implements a subset of the .NET framework APIs and includes a CLR implementation. New versions of .NET Core that address several security vulnerabilities are now available. The updated versions are .NET Core 1.0.10, 1.1.7, and 2.0.6. These correspond to the March 2018 security release by .NET Core upstream projects. Issues addressed include a denial of service vulnerability.
268ba877eaa55e61c645a4abf497035c60e9eb57e3da49097d7ca1b13c2860b5
Red Hat Security Advisory 2018-0521-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP20. Issues addressed include insecure handling, randomization, and use-after-free vulnerabilities.
7ae5584ed48fb8fe5feace735645093fc305fc5409fc9f6a5cbe1d76430117c6
Red Hat Security Advisory 2018-0520-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 29.0.0.113. Issues addressed include a code execution vulnerability.
edc41967a187b73428ac34bc9958665da2ee5c2a28308d89b467455931a88a2d
Slackware Security Advisory - New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
4e58b48ccc1dd179e7f77394b3fa9ab462094736fe090ebe9f7204b3174c7c96
Debian Linux Security Advisory 4139-1 - Several security issues have been found in the Mozilla Firefox web may lead to the execution of arbitrary code, denial of service or information disclosure.
a318f7ba3e4cea81d40e5a7bdc2c5215d3dc61bdb1cf5f4069fa0e9ec49d8091
VMware Security Advisory 2018-0008 - Workstation and Fusion updates address a denial-of-service vulnerability.
c855fd3691af711f8a3438892cf670fdb873ba8ef7d5da21aa41f285a327f6ce
Android DRM services suffers from a buffer overflow vulnerability.
efb1ce2739b233f90481dfd1618352f64557499ae57c7214a0748615c4651e39
WordPress Duplicator plugin version 1.2.32 suffers from a cross site scripting vulnerability.
402da38fca9c526b8fd552f7d50a017de799a50817b3f8996377dc7d62465f4d