Ubuntu Security Notice 3747-2 - USN-3747-1 fixed vulnerabilities in OpenJDK 10 for Ubuntu 18.04 LTS. Unfortunately, that update introduced a regression around accessibility support that prevented some Java applications from starting. This update fixes the problem. Various other issues were also addressed.
d976d682847548950360e8367b23160b0e1b44e81d4c7d9b6c183d4bed90c5e5
Ubuntu Security Notice 3747-2 - USN-3747-1 fixed vulnerabilities in OpenJDK 10 for Ubuntu 18.04 LTS. Unfortunately, that update introduced a regression around accessability support that prevented some Java applications from starting. This update fixes the problem. Various other issues were also addressed.
d976d682847548950360e8367b23160b0e1b44e81d4c7d9b6c183d4bed90c5e5
oBike Electronic Lock suffers from an access control bypass vulnerability via a replay attack on a predictable nonce.
13df632e5c53843e23194156fe2d63616d6e5979d4123095f308d37fcc056c1b
Wisetail Learning Ecosystem (LE) versions up to 4.11.6 suffer from multiple insecure direct object reference vulnerabilities that allow an attacker to download files and get access to the non-purchased course quiz test via a modified id parameter.
cc36e32ff6b7ae17f07bc9e0331c469bc08d5e7f11e8832e9800e8f423a2219c
HiScout GRC Suite versions prior to 3.1.5 suffer from a file upload vulnerability. An authenticated attacker with the permission to edit or add a "WebSiteElement" to the "content" pages is able to upload any file with any file extension to the data directory of the application. This directory is in the web root and the uploaded file is executed on the server if ".aspx" is chosen as the file extension and if the file contains aspx source code. Any commands can be executed with the permissions of the web server user on the server by exploiting this vulnerability.
0b70d18c98e2aa3b7c8228963bae5c8015cb59571383b77778ec28287f564e35
Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
eb2d5691b5848fe73c814bf14a56055ce9fa81837a6de53edcb56389b1288748
VBScan is a black box vBulletin vulnerability scanner written in perl.
6995ea103a40716fe5735d47841063df1571c2d4e08080fa9bdb9b2f2b2a6dcf
Seagate Personal Cloud is a consumer-grade Network-Attached Storage device (NAS). It was found that the web application used to manage the NAS is affected by various unauthenticated information disclosure vulnerabilities. The device is configured to trust any CORS origin, and is accessible via the personalcloud.local domain name. Due to this it is possible for any website to gain access to this information. While this information doesn't allow an attacker to compromise the NAS, the information can be used to stage more targeted attacks. This issue was tested on a Seagate Personal Cloud model SRN21C running firmware versions 4.3.16.0 and 4.3.18.0. The software is licensed from LACIE, it is very likely that other devices/models are also affected.
561f2e8c233f719d62e19876ccec52841abe5ce3a473389348130435a20ce8bc
Tor Browser versions prior to 8.0 are affected by an information disclosure vulnerability that allows remote attackers to bypass the intended anonymity feature and discover a client IP address. The vulnerability affects Windows users only and needs user interaction to be exploited.
5b1b6551f82ae1b8033ae157a5420a8e86e2df791a77602af401e147b60ad490
Red Hat Security Advisory 2018-2701-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 5 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include a denial of service vulnerability.
7ce886979afd2a4270a66385a1f97a6ac5310a6522d99ed7cff563b84b9e3541
FreeBSD Security Advisory - Insufficient validation was performed in the ELF header parser, and malformed or otherwise invalid ELF binaries were not rejected as they should be. Execution of a malicious ELF binary may result in a kernel crash or may disclose kernel memory.
42a2b3589a9c3b226fa7bfec84d4bf9ef2e34c4d0777d0e1da333fc52d5d9ecb
Linux suffers from an arbitrary kernel read into dmesg via a missing address check in the segfault handler.
d3543609cf07f5bc3c6ff63fec8e66a77587ae2ca18d384c4afa15317c5fc42f
There is a variety of RPC communication channels between the Chrome OS host system and the crosvm guest. This bug report focuses on communication on TCP port 8889, which is used by the "garcon" service. garcon uses gRPC, which is an RPC protocol that sends protobufs over plaintext HTTP/2. (Other system components communicate with the VM over gRPC-over-vsock, but garcon uses gRPC-over-TCP.) For some command types, the TCP connection is initiated by the host; for others, it is initiated by the guest. Both guest and host are listening on [::]:8889; however, the iptables rules of the host prevent an outside host from simply connecting to those sockets. However, apps running on the host are not affected by such restrictions.
9263536fa5f7e9451ac5165732e05e723c9b21083c0ec421bcbc98dfed2d7d49
Bayanno Hospital Management System version 4.0 suffers from a cross site scripting vulnerability.
d4f93fd6dfa9149d8e072789c883eebff608134fac840fec58a8ba5e3c0e8b1d
CirCarLife SCADA version 4.3.0 suffers from a credential disclosure vulnerability.
46627de7d762e475e35a663882dc966b35de840cbbba11f66704ee9905ab6e13
This Microsoft bulletin summary holds additional information regarding Microsoft security advisory ADV180002.
42af11a0825d69c66ad1ebe75ca516f25ca353f3a59c4856d696c6d617b31bc0
This Microsoft bulletin summary holds CVE updates for CVE-2018-8154.
765914132566857b5ee32d4e667887b33c5aeda536dcc96d38a280cfa3599929
Red Hat Security Advisory 2018-2700-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 5 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include a denial of service vulnerability.
0a9203311ab1c2f727860661fb96fed9f116236f730505d48439f3dfa77a914a
Red Hat Security Advisory 2018-2693-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.0 ESR. Issues addressed include bypass and use-after-free vulnerabilities.
1e04af099ec5b0ac812f19c6bbb4cd7f350c77e28130f9b45dec464590936e91
Rubedo CMS version 3.4.0 suffers from a directory traversal vulnerability.
638b967881d9edbdc2a4c81f93ad9e4ebeab01becb4c6dc79867735b3fc7928b
Ubuntu Security Notice 3764-1 - It was discovered that Zsh incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code. Richard Maciel Costa discovered that Zsh incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code.
89ba063df98e23a09aa7ae98398a759961e064ec95db0c10e5c0223142e0b938
Red Hat Security Advisory 2018-2692-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.0 ESR. Issues addressed include bypass and use-after-free vulnerabilities.
fac145b33805b88f759116e14c017487440f2d4989803aab2b35ca2d2f96fceb
Red Hat Security Advisory 2018-2684-01 - .NET Core is a managed software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. A new version of .NET Core that addresses several security vulnerabilities is now available. The updated version of the runtime is 2.1.4. The updated version of the SDK is 2.1.402. These versions correspond to the September 2018 security release by .NET Core upstream projects.
094ce7a6246a97103a35b9e51ff52c6828a0a35bfca61c0f670205f2baec77c7
DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.
ff2e163a1633e4fdc90cd4324c9040bd6065bea7acb9ef34b21a0b2feb7011f7
Debian Linux Security Advisory 4292-1 - Henning Westerholt discovered a flaw related to the Via header processing in kamailio, a very fast, dynamic and configurable SIP server. An unauthenticated attacker can take advantage of this flaw to mount a denial of service attack via a specially crafted SIP message with an invalid Via header.
f1512c8c5771d2687946690c4f61e648f7fcaee6872e5e094733605bc5d7f94e