Ubuntu Security Notice 3704-1 - It was discovered that devscripts incorrectly handled certain YAML files. An attacker could possibly use this to execute arbitrary code.
a16655925322ab5e126d0d9869ac6db0dfac77a986cb37a44b5f0fe6bcf64e0cApple Security Advisory 2018-7-05-1 - Wi-Fi Update for Boot Camp 6.4.0 is now available and addresses logic issues.
5f91d9e834959a278ce08d80d5d504793c39de457bd6e44a4faf756c6cb0e4ffDebian Linux Security Advisory 4241-1 - It was discovered that the Soup HTTP library performed insuffient validation of cookie requests which could result in an out-of-bounds memory read.
834d05e05cf758a43954bc09393c1a40355ab98464488cb29e436e3cebdd6e45Debian Linux Security Advisory 4240-1 - Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language.
4369be1bc2fc15b16bcbc45b903b8da4f8ffb2ca89575a1dcfff84f66942c227Ubuntu Security Notice 3705-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, bypass same-origin restrictions, bypass CORS restrictions, bypass CSRF protections, obtain sensitive information, or execute arbitrary code. Various other issues were also addressed.
cfd4cc88f31fd1abec1754d224edeff04519ec9a5d0a04e2202da985f02d98deSlackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues.
863c079fabea4ad398e4cf0435a983e6f3f6ea8e2458aeedaff0b9342818e759Ubuntu Security Notice 3690-2 - USN-3690-1 provided updated microcode for AMD processors to address CVE-2017-5715. Unfortunately, the update caused some systems to fail to boot. This update reverts the update for Ubuntu 14.04 LTS. Various other issues were also addressed.
ae7046e9ae2f87f3ebe5bf96a7db5786b8e7fc1d5a97591cd924bd9fccf6c7ccRSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user to run malicious code on the targeted system. Many versions are affected and are listed in this advisory.
a4e969618774016a80bd1a4a61cf867025cda6eb5eb340161de68f9abaf3a5ebRed Hat Security Advisory 2018-2143-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.0.1 serves as an update to Red Hat Decision Manager 7.0.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and denial of service vulnerabilities.
7ae5c260ec977f51e176a61c20ac2f4e8abd7195c7c947ea386859f7e0b9f9afUbuntu Security Notice 3702-2 - USN-3702-1 fixed a vulnerability in PHP. PHP 7.2.7 did not actually include the fix for CVE-2018-12882. This update adds a backported patch to correct the issue. It was discovered that PHP incorrectly handled exif tags in certain images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
931887a83ac183366a8eaab232b3c0dacadb502998e0aca9208838388806231fSoftExpert Excellence Suite version 2.0 suffers from a remote SQL injection vulnerability.
4244a18b2ee6ba2b00be8752c6023206bbbe5818efe3d7b2f28b21d223ae6c14Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service (system crash) when mounted. It was discovered that an information leak vulnerability existed in the floppy driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). Various other issues were also addressed.
d714af351ebe0661ff777dd209b5eddccb3e9cea04d0ba77486507fcb340f6d4Info-Zip's zip binary version 3.0-11 may suffer from an off by one vulnerability.
adb14ffcde2c0e08e3a4d30a3f680313d891be018271aa345ef21946a3e9e677
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed