Debian Linux Security Advisory 4183-1 - It has been discovered that Tor, a connection-based low-latency anonymous communication system, contains a protocol-list handling bug that could be used to remotely crash directory authorities with a null-pointer exception (TROVE-2018-001).
d8264a777e0fe636d3865e5c8a2bd1a00b22e174cae93816d3dc60ef011bf23e
Cockpit CMS versions 0.4.4 through 0.5.5 suffer from a server-side request forgery vulnerability.
877fb3147fad9053c21d2ae76bcbba82752af4be9b3e9a70fa171c8a6b4a756e
Debian Linux Security Advisory 4181-1 - Andrea Basile discovered that the 'archive' plugin in roundcube, a skinnable AJAX based webmail solution for IMAP servers, does not properly sanitize a user-controlled parameter, allowing a remote attacker to inject arbitrary IMAP commands and perform malicious actions.
7003e22c47aad0f29075ef56927b0bb2fd415a5a734d9b6f25a33893ba5a6af7
Debian Linux Security Advisory 4182-1 - Several vulnerabilities have been discovered in the chromium web browser.
bf467922f499761124cd3e7e1500636dd40ac227780bc16080c337465230a2ad
Blackboard Learn suffers from an open redirection vulnerability.
babf5d4124d851a4e9d66c658de82f2eca5512ae3986075bd6ee247d9c1f3cd9
Red Hat Security Advisory 2018-1227-01 - Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. This advisory contains RPM packages for this release. Issues addressed include improper path sanitization.
0013a61a5f34ef1a45796e6ae5c87b28665c09ebb7331929ce6876dc8088f7cd
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
c369bd8139eb3244e06e4110b08d66b5e6c43026b92006e94caf85487d820b56
Norton Security for Mac versions prior to 7.6 do not validate the SSL certificate it receives when connecting to the server used to download the main installer.
3ff64c0bcea95c1c17c44f735f3bade688ca62e4289bfc78ed2b0ecb34ae3e4d
Final call for the 2018 Hack In The Box (HITB) GSEC conference in Singapore. HITB GSEC is a 3-day deep knowledge security conference where attendees get to vote on the final agenda of talks and and to meet with the speakers they voted for.
0a377fd65dfadc2bd92fb31ef0119091002f45e513a65b55a9565c3b2f4365ba
Slackware Security Advisory - New openvpn packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.
fe0c05369e6d1ddbeab06261b356f7586a42aa535e75abb0e9c5e79eed4adddd
Red Hat Security Advisory 2018-1253-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. Issues addressed include an out-of-bounds array dereference.
e20afcc9add78635cbc42fc37692f2c19c2764669c77c742919098329e102f59
Test Your IQ version 1.1 suffers from a remote SQL injection vulnerability.
a29c97213b587870f1a5a4337f9f37c2bde8036f8ff2c0bcb06223176c8044f5
Frog CMS version 0.9.5 suffers from a persistent cross site scripting vulnerability.
27e5740009e2c00b14ca3eed6da446e7f27908f8557acdab701bcf00d0b42f39
Navicat versions prior to 12.0.27 suffer from an oracle connection overflow vulnerability.
8d035b1e096be2a42ad3e4c182c90e91021be26b95e6eb871a04a9cc4a24f909
TP-Link Technologies TL-WA850RE Wi-Fi Range Extender suffers from an unauthorized remote reboot vulnerability.
970a5397e04acea93596c1622e954fa7cc0a100eb23d4a5bf1fa9ecac096aba5
This Metasploit module exploits a Drupal property injection in the Forms API. Drupal versions 6.x, less than 7.58, 8.2.x, less than 8.3.9, less than 8.4.6, and less than 8.5.1 are vulnerable.
d8e06fe66e7a7c70257d472a150741719f1392fb6c548c25bee9d61d4f3a78cd
GitList version 0.6 unauthenticated remote code execution exploit.
0dd6d31c236e339ea46cf2a96afd06f86a7c41ebbaa4e592b132cc48869c6f13
Red Hat Security Advisory 2018-1254-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: rh-mysql56-mysql. Issues addressed include a ridiculous amount of unspecified vulnerabilities.
1ede294a6628ec4148b7f98e60bd2f20e8096d2d97b2753c5341e15b2bc31937
Red Hat Security Advisory 2018-1252-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed relate to speculative execution.
1648e1038845c34ef925ef9147793bdab70663276d5666f94f6db9a435e7def0
Google Chrome V8 Await methods call ResolveNativePromise which calls InternalResolvePromise which can invoke a user JavaScript code through a "then" getter. If the AwaitedPromise is replaced by the user script, the AwaitedPromise will be immediately overwritten after the call to Await, this may lead the generator to an incorrect state.
78b2c24ff6a8f61df29a3ac781ec2f32f86061d57afb7512f75393705b8644f1
Debian Linux Security Advisory 4180-1 - A remote code execution vulnerability has been found in Drupal, a fully-featured content management framework.
4e067265514ce8ce9cff33e5fcb7c8923db4db1b073aa843b234dd36517ecc44
Red Hat Security Advisory 2018-1251-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and traversal vulnerabilities.
ceb01489516a96b14c36584e28b0efbda2f1d027c752097948d8d0dc7419fbbf
HRSALE The Ultimate HRM version 1.0.2 suffers from a cross site scripting vulnerability.
8dbe06a437c757977d1e7e6fff47c5afc2c86bf0606b007b7b8ec40b4dc8df01
HRSALE The Ultimate HRM version 1.0.2 suffers from a local file inclusion vulnerability.
5772c8ea23208440a6468e45bb2ba8d98e1bb327e63a9e3a03be53512f1a46d0
Secunia Research has discovered a vulnerability in Oracle Outside In Technology, which can be exploited by malicious people to compromise a vulnerable system. Version 8.5.3 is affected.
6b1d3b5b8e9640b261be0265a0c6d2b4ae818f1b9f7a7e93a4b5f90930af4f8f