Red Hat Security Advisory 2018-0648-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.7.0. Issues addressed include a buffer overflow vulnerability.
09f5e6958b653eba3993557fed221c1aRed Hat Security Advisory 2018-0649-01 - The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis, a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed format for audio and music at fixed and variable bitrates. Issues addressed include an out of bounds write.
202c86761a9c588b41dbdea14d958185Ubuntu Security Notice 3620-2 - USN-3620-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. Various other issues were also addressed.
ec75abebcf0b7cadfae002c5506f6aabZ-Blog version 1.5.1.1740 suffers from a cross site scripting vulnerability.
f1f7f62827a7b4abea2e5361f1a04dc4YzmCMS version 3.6 suffers from a cross site scripting vulnerability.
0f37576ed66fa3e6d42c7efedbd840abGetSimple CMS version 3.3.13 suffers from a cross site scripting vulnerability.
6ecf79314326952339c1a3dd3cf28540Joomla JS Jobs component version 1.2.0 suffers from a cross site scripting vulnerability.
645eb32d80dec449657d13a251ad2a7fMyBB Downloads plugin version 2.0.3 suffers from a cross site scripting vulnerability.
b160710ea500ac72bff60c07796b7417Atlassian Bamboo versions 2.7.0 through 6.3.2 and 6.4.0 suffer from a code execution vulnerability.
94acc718c0e3e5468bc101178d369095Atlassian Fisheye and Crucible versions 4.5.0 through 4.5.2 suffer from a code execution vulnerability.
cc12264137c403adf94d352e2dd1eef5Debian Linux Security Advisory 4166-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code, incorrect LDAP/GSS authentication, insecure use of cryptography or bypass of deserialisation restrictions.
cd38ffe0e62498ca5f96a055f1652b09Ubuntu Security Notice 3621-1 - It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information. It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. Various other issues were also addressed.
cff2c69a5568de2c74adb2faa0b0fa2eRed Hat Security Advisory 2018-0646-01 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Issues addressed include a bypass vulnerability.
4c4a72b2d287abfd5e1ba4347df9ed7fScript that performs RSA factorization attack using Fermat's algorithm.
1c37da73d3f7d27402cfcfb57295c95cSimple script to perform RC4 encryption / decryption.
3a863b0b5164e05fa847e501c5eb915fMicrosoft Windows suffers from multiple use-after-free issues in jscript Array methods.
54dbc94c4392c67aa6871073166ebbc0Z-Blog version 1.5.1.1740 suffers from a full path disclosure vulnerability.
b539f83d3245ec921cb13135e29d3f56
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed