Debian Linux Security Advisory 4183-1 - It has been discovered that Tor, a connection-based low-latency anonymous communication system, contains a protocol-list handling bug that could be used to remotely crash directory authorities with a null-pointer exception (TROVE-2018-001).
d8264a777e0fe636d3865e5c8a2bd1a00b22e174cae93816d3dc60ef011bf23eCockpit CMS versions 0.4.4 through 0.5.5 suffer from a server-side request forgery vulnerability.
877fb3147fad9053c21d2ae76bcbba82752af4be9b3e9a70fa171c8a6b4a756eDebian Linux Security Advisory 4181-1 - Andrea Basile discovered that the 'archive' plugin in roundcube, a skinnable AJAX based webmail solution for IMAP servers, does not properly sanitize a user-controlled parameter, allowing a remote attacker to inject arbitrary IMAP commands and perform malicious actions.
7003e22c47aad0f29075ef56927b0bb2fd415a5a734d9b6f25a33893ba5a6af7Debian Linux Security Advisory 4182-1 - Several vulnerabilities have been discovered in the chromium web browser.
bf467922f499761124cd3e7e1500636dd40ac227780bc16080c337465230a2adBlackboard Learn suffers from an open redirection vulnerability.
babf5d4124d851a4e9d66c658de82f2eca5512ae3986075bd6ee247d9c1f3cd9Red Hat Security Advisory 2018-1227-01 - Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. This advisory contains RPM packages for this release. Issues addressed include improper path sanitization.
0013a61a5f34ef1a45796e6ae5c87b28665c09ebb7331929ce6876dc8088f7cdPacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
c369bd8139eb3244e06e4110b08d66b5e6c43026b92006e94caf85487d820b56Norton Security for Mac versions prior to 7.6 do not validate the SSL certificate it receives when connecting to the server used to download the main installer.
3ff64c0bcea95c1c17c44f735f3bade688ca62e4289bfc78ed2b0ecb34ae3e4dFinal call for the 2018 Hack In The Box (HITB) GSEC conference in Singapore. HITB GSEC is a 3-day deep knowledge security conference where attendees get to vote on the final agenda of talks and and to meet with the speakers they voted for.
0a377fd65dfadc2bd92fb31ef0119091002f45e513a65b55a9565c3b2f4365baSlackware Security Advisory - New openvpn packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.
fe0c05369e6d1ddbeab06261b356f7586a42aa535e75abb0e9c5e79eed4addddRed Hat Security Advisory 2018-1253-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. Issues addressed include an out-of-bounds array dereference.
e20afcc9add78635cbc42fc37692f2c19c2764669c77c742919098329e102f59Test Your IQ version 1.1 suffers from a remote SQL injection vulnerability.
a29c97213b587870f1a5a4337f9f37c2bde8036f8ff2c0bcb06223176c8044f5Frog CMS version 0.9.5 suffers from a persistent cross site scripting vulnerability.
27e5740009e2c00b14ca3eed6da446e7f27908f8557acdab701bcf00d0b42f39Navicat versions prior to 12.0.27 suffer from an oracle connection overflow vulnerability.
8d035b1e096be2a42ad3e4c182c90e91021be26b95e6eb871a04a9cc4a24f909TP-Link Technologies TL-WA850RE Wi-Fi Range Extender suffers from an unauthorized remote reboot vulnerability.
970a5397e04acea93596c1622e954fa7cc0a100eb23d4a5bf1fa9ecac096aba5This Metasploit module exploits a Drupal property injection in the Forms API. Drupal versions 6.x, less than 7.58, 8.2.x, less than 8.3.9, less than 8.4.6, and less than 8.5.1 are vulnerable.
d8e06fe66e7a7c70257d472a150741719f1392fb6c548c25bee9d61d4f3a78cdGitList version 0.6 unauthenticated remote code execution exploit.
0dd6d31c236e339ea46cf2a96afd06f86a7c41ebbaa4e592b132cc48869c6f13Red Hat Security Advisory 2018-1254-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: rh-mysql56-mysql. Issues addressed include a ridiculous amount of unspecified vulnerabilities.
1ede294a6628ec4148b7f98e60bd2f20e8096d2d97b2753c5341e15b2bc31937Red Hat Security Advisory 2018-1252-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed relate to speculative execution.
1648e1038845c34ef925ef9147793bdab70663276d5666f94f6db9a435e7def0Google Chrome V8 Await methods call ResolveNativePromise which calls InternalResolvePromise which can invoke a user JavaScript code through a "then" getter. If the AwaitedPromise is replaced by the user script, the AwaitedPromise will be immediately overwritten after the call to Await, this may lead the generator to an incorrect state.
78b2c24ff6a8f61df29a3ac781ec2f32f86061d57afb7512f75393705b8644f1Debian Linux Security Advisory 4180-1 - A remote code execution vulnerability has been found in Drupal, a fully-featured content management framework.
4e067265514ce8ce9cff33e5fcb7c8923db4db1b073aa843b234dd36517ecc44Red Hat Security Advisory 2018-1251-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and traversal vulnerabilities.
ceb01489516a96b14c36584e28b0efbda2f1d027c752097948d8d0dc7419fbbfHRSALE The Ultimate HRM version 1.0.2 suffers from a cross site scripting vulnerability.
8dbe06a437c757977d1e7e6fff47c5afc2c86bf0606b007b7b8ec40b4dc8df01HRSALE The Ultimate HRM version 1.0.2 suffers from a local file inclusion vulnerability.
5772c8ea23208440a6468e45bb2ba8d98e1bb327e63a9e3a03be53512f1a46d0Secunia Research has discovered a vulnerability in Oracle Outside In Technology, which can be exploited by malicious people to compromise a vulnerable system. Version 8.5.3 is affected.
6b1d3b5b8e9640b261be0265a0c6d2b4ae818f1b9f7a7e93a4b5f90930af4f8f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed