Red Hat Security Advisory 2018-0648-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.7.0. Issues addressed include a buffer overflow vulnerability.
736867ed385fcc20caaf720c2a144f2c0d8e0bcce0c2b8f560ac32a84eac0bdfRed Hat Security Advisory 2018-0649-01 - The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis, a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed format for audio and music at fixed and variable bitrates. Issues addressed include an out of bounds write.
aea974d9e940d481415562ca98b4bed0b6d5dbe1d52676b632f079f2d742836eUbuntu Security Notice 3620-2 - USN-3620-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. Various other issues were also addressed.
d798485e3bbd4692b62e40f7dd3bc4665b87003190226b4bceb08a4ce5ba5f99Z-Blog version 1.5.1.1740 suffers from a cross site scripting vulnerability.
220285bb5cab0c0176f05799513613a1bd8f8c1d758bc127179b7a43ce997115YzmCMS version 3.6 suffers from a cross site scripting vulnerability.
d1d20000ad6729e56a1e50a2abe9d4b060ada687003ff431f573efa36a6fe42bGetSimple CMS version 3.3.13 suffers from a cross site scripting vulnerability.
f0dfba9130d06a5dd3ede8c742c13c3eb224dc776e3ba5fa8c3571f2e9f58b43Joomla JS Jobs component version 1.2.0 suffers from a cross site scripting vulnerability.
3c2c08f45cd54536e865f1b1210a4d134bfea2929ea21f0de115552ffd33749cMyBB Downloads plugin version 2.0.3 suffers from a cross site scripting vulnerability.
9089e6e85161daf404be0645349b9761e07e94ff319685188cbfa8355dabb297Atlassian Bamboo versions 2.7.0 through 6.3.2 and 6.4.0 suffer from a code execution vulnerability.
72579ac313380df47c8c8323c109ad9176469f5b6f3eb57353d5dbbf09343433Atlassian Fisheye and Crucible versions 4.5.0 through 4.5.2 suffer from a code execution vulnerability.
ba67c38eb49b7df19fab03d44e80e38c02272f017da74579304e5379d19578f7Debian Linux Security Advisory 4166-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code, incorrect LDAP/GSS authentication, insecure use of cryptography or bypass of deserialisation restrictions.
6f36f4da2f3eb8043a433062d4aad7c8ab82511dadd128bdfbebde9f80182976Ubuntu Security Notice 3621-1 - It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information. It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. Various other issues were also addressed.
4f364998ee8032109638f2f7380cd639a1e212dd1bfe63cd40d7804ef8e0846cRed Hat Security Advisory 2018-0646-01 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Issues addressed include a bypass vulnerability.
ca67dfa87fab4d316b9bf2de2719cd1dc8de2e11e472e46f9c80fb87fc28cc76Script that performs RSA factorization attack using Fermat's algorithm.
c6570807c86958d016e3357f7faa38b91231b7b1400248e719fb87d055b6bc72Simple script to perform RC4 encryption / decryption.
3e91bed392aefcdf25d85d0a212a6055b9b5e39912ace7a669a61c4968b786efMicrosoft Windows suffers from multiple use-after-free issues in jscript Array methods.
2f7ac558c542879acb965c4c06820f163464ea9dc3f6b7895a15dcadd6bca2f1Z-Blog version 1.5.1.1740 suffers from a full path disclosure vulnerability.
17f9e23d31325e4a810dcb3bede542f05b50e9efc7cb94051182ab3a0c06d0a6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed