Red Hat Security Advisory 2018-0648-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.7.0. Issues addressed include a buffer overflow vulnerability.
736867ed385fcc20caaf720c2a144f2c0d8e0bcce0c2b8f560ac32a84eac0bdf
Red Hat Security Advisory 2018-0649-01 - The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis, a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed format for audio and music at fixed and variable bitrates. Issues addressed include an out of bounds write.
aea974d9e940d481415562ca98b4bed0b6d5dbe1d52676b632f079f2d742836e
Ubuntu Security Notice 3620-2 - USN-3620-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. Various other issues were also addressed.
d798485e3bbd4692b62e40f7dd3bc4665b87003190226b4bceb08a4ce5ba5f99
Z-Blog version 1.5.1.1740 suffers from a cross site scripting vulnerability.
220285bb5cab0c0176f05799513613a1bd8f8c1d758bc127179b7a43ce997115
YzmCMS version 3.6 suffers from a cross site scripting vulnerability.
d1d20000ad6729e56a1e50a2abe9d4b060ada687003ff431f573efa36a6fe42b
GetSimple CMS version 3.3.13 suffers from a cross site scripting vulnerability.
f0dfba9130d06a5dd3ede8c742c13c3eb224dc776e3ba5fa8c3571f2e9f58b43
Joomla JS Jobs component version 1.2.0 suffers from a cross site scripting vulnerability.
3c2c08f45cd54536e865f1b1210a4d134bfea2929ea21f0de115552ffd33749c
MyBB Downloads plugin version 2.0.3 suffers from a cross site scripting vulnerability.
9089e6e85161daf404be0645349b9761e07e94ff319685188cbfa8355dabb297
Atlassian Bamboo versions 2.7.0 through 6.3.2 and 6.4.0 suffer from a code execution vulnerability.
72579ac313380df47c8c8323c109ad9176469f5b6f3eb57353d5dbbf09343433
Atlassian Fisheye and Crucible versions 4.5.0 through 4.5.2 suffer from a code execution vulnerability.
ba67c38eb49b7df19fab03d44e80e38c02272f017da74579304e5379d19578f7
Debian Linux Security Advisory 4166-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code, incorrect LDAP/GSS authentication, insecure use of cryptography or bypass of deserialisation restrictions.
6f36f4da2f3eb8043a433062d4aad7c8ab82511dadd128bdfbebde9f80182976
Ubuntu Security Notice 3621-1 - It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information. It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. Various other issues were also addressed.
4f364998ee8032109638f2f7380cd639a1e212dd1bfe63cd40d7804ef8e0846c
Red Hat Security Advisory 2018-0646-01 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Issues addressed include a bypass vulnerability.
ca67dfa87fab4d316b9bf2de2719cd1dc8de2e11e472e46f9c80fb87fc28cc76
Script that performs RSA factorization attack using Fermat's algorithm.
c6570807c86958d016e3357f7faa38b91231b7b1400248e719fb87d055b6bc72
Simple script to perform RC4 encryption / decryption.
3e91bed392aefcdf25d85d0a212a6055b9b5e39912ace7a669a61c4968b786ef
Microsoft Windows suffers from multiple use-after-free issues in jscript Array methods.
2f7ac558c542879acb965c4c06820f163464ea9dc3f6b7895a15dcadd6bca2f1
Z-Blog version 1.5.1.1740 suffers from a full path disclosure vulnerability.
17f9e23d31325e4a810dcb3bede542f05b50e9efc7cb94051182ab3a0c06d0a6