Twenty Year Anniversary
Showing 1 - 22 of 22 RSS Feed

Files Date: 2018-08-17

OpenSSL Toolkit 1.1.0i
Posted Aug 17, 2018
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Addressed a client denial of service due to a large DH parameter addressed. Cache timing vulnerability fixed. Various other updates and fixes.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2018-0732, CVE-2018-0737
MD5 | 9495126aafd2659d357ea66a969c3fe1
Xen xen-netback xenvif_set_hash_mapping Integer Overflow
Posted Aug 17, 2018
Authored by Felix Wilhelm, Google Security Research

Xen suffers from an integer overflow vulnerability in xen-netback xenvif_set_hash_mapping.

tags | advisory, overflow
MD5 | 056a37f9c265e3d9566b012c2ea95423
Microsoft Edge Chakra InitializeNumberFormat / InitializeDateTimeFormat Type Confusion
Posted Aug 17, 2018
Authored by Google Security Research, lokihardt

The InitializeNumberFormat function in Intl.js is used to initialize an Intl.NumberFormat object, and InitializeDateTimeFormat is used for an Intl.DateTimeFormat object. There are two versions of each initializer. One is for WinGlob and the other is for ICU. The problem is that the versions for ICU don't check whether the given object has been initialized. This allows to initialize the same object multiple times which can lead to type confusion.

tags | exploit
advisories | CVE-2018-8298
MD5 | 1b3261f5867fe61b3069b230e5d96d54
Microsoft Edge Chakra JIT InlineArrayPush Type Confusion
Posted Aug 17, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra JIT suffers from a type confusion vulnerability with InlineArrayPush.

tags | exploit
MD5 | 10eb2bef76e9e5e5df10028a6b00b0b7
Microsoft Edge Chakra DictionaryPropertyDescriptor::CopyFrom Failed Copy
Posted Aug 17, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra has an issue where DictionaryPropertyDescriptor::CopyFrom does not copy all fields.

tags | exploit
advisories | CVE-2018-8291
MD5 | 58ac89a215bdcc730aeb2f04f26ab26d
Microsoft Edge Chakra Parameter Scope Parsing Bug
Posted Aug 17, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from a parameter scope parsing bug.

tags | exploit
advisories | CVE-2018-8279
MD5 | 8b8b33096fd8de5b5ebbe8619cff7a64
Microsoft Edge Chakra JIT ImplicitCallFlags Check Bypass
Posted Aug 17, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra JIT suffers from an ImplicitCallFlags check bypass vulnerability with Intl.

tags | exploit, bypass
advisories | CVE-2018-8288
MD5 | b06d81dae646fb997c8078d09c0343ba
Silver Peak EdgeConnect 8.1.4.9_65644 XSS / DoS / Disclosure / Traversal
Posted Aug 17, 2018
Authored by Denis Kolegov, Antony Nikolaev, Nikita Oleksov, Nikolay Tkachenko, Maxim Gorbunov, Sergey Gordeychick, Oleg Broslavsky

Silver Peak EdgeConnect version 8.1.4.9_65644 suffers from brute force, information leakage, cross site request forgery, cross site scripting, denial of service, default SNMP community string, and path traversal vulnerabilities.

tags | exploit, denial of service, vulnerability, xss, csrf
MD5 | e4ddd8331675dc38b057e9a9e7378699
Debian Security Advisory 4276-1
Posted Aug 17, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4276-1 - Fariskhi Vidyan and Thomas Jarosch discovered several vulnerabilities in php-horde-image, the image processing library for the Horde groupware suite. They would allow an attacker to cause a denial-of-service or execute arbitrary code.

tags | advisory, arbitrary, php, vulnerability
systems | linux, debian
advisories | CVE-2017-14650, CVE-2017-9773, CVE-2017-9774
MD5 | 84275deef406d84c7f82d6c07a2ae031
Debian Security Advisory 4275-1
Posted Aug 17, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4275-1 - Kristi Nikolla discovered an information leak in Keystone, the OpenStack identity service, if running in a federated setup.

tags | advisory
systems | linux, debian
advisories | CVE-2018-14432
MD5 | b73ad3ba28a8ac7ab9742f34153c033e
Debian Security Advisory 4274-1
Posted Aug 17, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4274-1 - This update provides mitigations for the "L1 Terminal Fault" vulnerability affecting a range of Intel CPUs.

tags | advisory
systems | linux, debian
advisories | CVE-2018-3620, CVE-2018-3646
MD5 | b243cebc6d70476d0666dc109c93f67f
Debian Security Advisory 4273-1
Posted Aug 17, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4273-1 - This update ships updated CPU microcode for some types of Intel CPUs and provides SSBD support (needed to address "Spectre v4") and fixes for "Spectre v3a".

tags | advisory
systems | linux, debian
advisories | CVE-2018-3639, CVE-2018-3640
MD5 | 03ce223784ae024cf6f9ba3fb745df45
Ubuntu Security Notice USN-3658-3
Posted Aug 17, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3658-3 - USN-3658-1 fixed a vulnerability in procps-ng. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that the procps-ng top utility incorrectly read its configuration file from the current working directory. A local attacker could possibly use this issue to escalate privileges. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2018-1122, CVE-2018-1123, CVE-2018-1125
MD5 | 6b6c8d103894f735743fdd753f031223
Red Hat Security Advisory 2018-2486-01
Posted Aug 17, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2486-01 - This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Issues addressed include buffer overflow, heap overflow, and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2016-0718, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, CVE-2016-9598, CVE-2017-1000254, CVE-2017-1000257, CVE-2017-6004, CVE-2017-7186, CVE-2017-7244, CVE-2017-7245, CVE-2017-7246, CVE-2018-0500
MD5 | 4ed8879f71a593f7de2299931bf8ea6f
Red Hat Security Advisory 2018-2482-01
Posted Aug 17, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2482-01 - Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that runs virtually anywhere. Issues addressed include a container breakout vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-10892
MD5 | 85e32167fdb73c6fb9031c7af712a5e1
Red Hat Security Advisory 2018-2469-01
Posted Aug 17, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2469-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 4 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include insecure defaults.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2018-8014, CVE-2018-8019, CVE-2018-8020
MD5 | dbd3b2dc30c09f616dc6078a6fecc282
Ubuntu Security Notice USN-3743-1
Posted Aug 17, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3743-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2018-12911, CVE-2018-4263, CVE-2018-4267, CVE-2018-4278
MD5 | 40cbebca101b1768a0afa00205ce7873
Ubuntu Security Notice USN-3744-1
Posted Aug 17, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3744-1 - Andrew Krasichkov discovered that the PostgreSQL client library incorrectly reset its internal state between connections. A remote attacker could possibly use this issue to bypass certain client-side connection security features. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that PostgreSQL incorrectly checked authorization on certain statements. A remote attacker could possibly use this issue to read arbitrary server memory or alter certain data. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-10915, CVE-2018-10925
MD5 | af16db35ec128995a527666b5424b03e
ADM 3.1.2RHG1 Remote Code Execution
Posted Aug 17, 2018
Authored by Kyle Lovett, Matthew Fulton

ADM versions 3.1.2RHG1 and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2018-11510
MD5 | f601e98d8d0aa371f90d21a4cd31268b
Mikrotik WinBox 6.42 Credential Disclosure
Posted Aug 17, 2018
Authored by Maxim Yefimenko

Mikrotik WinBox version 6.42 suffers from a credential disclosure vulnerability.

tags | exploit, info disclosure
MD5 | e016351c814e2b52d73794e816013898
CEWE Photoshow 6.3.4 Denial Of Service
Posted Aug 17, 2018
Authored by Gionathan Reale

CEWE Photoshow version 6.3.4 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | 23efa637d7b8145b18b2911458663339
WordPress Dreamsmiths Themes 0.0.1 Arbitrary File Download
Posted Aug 17, 2018
Authored by IRaNHaCK Security Team

WordPress Dreamsmiths Themes version 0.0.1 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary, info disclosure
MD5 | 6e4265ce06a07de135930fa49f47a643
Page 1 of 1
Back1Next

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    16 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close