Red Hat Security Advisory 2018-2949-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include out-of-bounds write vulnerability.
f241453ffa163d40dd81258a5862a82222959a75a2cbbe5df63dc0fa6673d22dRed Hat Security Advisory 2018-2946-01 - Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. The RHOAR Eclipse Vert.x 3.5.4 release serves as a replacement for RHOAR Eclipse Vert.x 3.5.3, and includes bug fixes and enhancements. For a detailed list of issues resolved in the community Eclipse Vert.x 3.5.4 release, see the release notes in the References section. Issues addressed include an API validation flaw and a problem where the WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake.
e29c6150ae8d0030a070aada9327816802a5882ebb9954d037d9af034d62e61cRed Hat Security Advisory 2018-2944-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include an out-of-bounds write vulnerability.
fbd71887a969f803ba77744adb4f3767ff5ac3ced19975e9e474b78bfdce39c6Red Hat Security Advisory 2018-2945-01 - Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of RHOAR Spring Boot 1.5.16 serves as a replacement for RHOAR Spring Boot 1.5.15, and includes bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section. Issues addressed include a denial of service vulnerability.
ddfaf8bb4cf6423bb14ed2a6d7fa6bb022af219eab477c44382342e63413890fGhostscript has an issues where callers of a procedure are not forced to be properly marked as executeonly or pseudo-operators, allowing for the ability to take complete control of it.
c212335a3050997bb3269410331972bd215ee205ac25561281f6b950ad7bb670The Linux BPF verifier has an issue where 32-bit RSH verification does not truncate input before the ALU op.
bd63997ae2acb84be7a1e8de8677be40bfb12f314579a9e60ee98b321c11a3a0Linux suffers from a semi-arbitrary task stack read on ARM64 (and x86) via /proc/$pid/stack.
aa57cf6a492d7f45505fa3498cb8e656f5d02f443b0cde3a3cb505708affcfc3Chrome has missing validation in the deserialization routines for both DataPipeConsumerDispatcher and DataPipeProducerDispatcher, which take from the incoming message a read_offset/write_offset respectively into shared memory. Providing an offset outside the bounds of the allocated memory will then result in an out-of-bounds read/write when the pipe is used.
d1c10f2bf9feaa3822d838795ee22e210b6fbe031a801f2821a9365aceb1fd14OwnTicket version 1.0 suffers from a remote SQL injection vulnerability.
afa3c546224151b9410ddd099aab71dd6a14834b1ce39843fcfe35715af02555PHP-SHOP Master version 1.0 suffers from a cross site request forgery vulnerability.
80961f981d7888a03c8cd1d09a5d4b075a376ca4f924e6c7a3fffb851015f9beLearning with Texts version 1.6.2 suffers from a remote SQL injection vulnerability.
a0314965d94eec9350e5503bf1194f6ad12142e2625a0e4efd7e8098a87b09a9Time and Expense Management System version 3.0 suffers from a remote SQL injection vulnerability.
b7ffe90d6d630f9253a034a6c2b51b585d964fb13fd9b391d729378585e987e0This Microsoft bulletin summary lists a CVE that has undergone a major revision increment.
1880caf0f905e87609ecf1274ed2d2e6c11686a539c829aafba22a373483437cZenar Content Management System version 8.3 suffers from a cross site request forgery vulnerability.
11b891dae78b89a0b0de8d65ae192050226dafd5b589b7fe2566a673e8dea795User Management version 1.1 suffers from a cross site scripting vulnerability.
bd246ce3935fbc933764bdfa47bdf167d570a9c0f6d1c74bab395687327bafbdRed Hat Security Advisory 2018-2942-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include improper access controls.
d1a8daa978552d839173b7222173bf9268ca5a14264ff855e1135931c5b994f8Red Hat Security Advisory 2018-2943-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include improper access checks.
c21292dc76bd098bf315c666c0c295bef722f34ef0cd50adf37b94f4075f03ffRed Hat Security Advisory 2018-2939-01 - Red Hat Fuse Integration Services provides a set of tools and containerized xPaaS images that enable development, deployment, and management of integration microservices within OpenShift. Security fix: jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries spring-framework: Address partial fix for CVE-2018-1270 Issues addressed include bypass, code execution, denial of service, and traversal vulnerabilities.
df886e50a83354eaf0614cdf4bb930a04577e8f124f9e750b2d4ca2e9e06e04eUbuntu Security Notice 3796-2 - USN-3796-1 fixed a vulnerability in paramiko. This update provides the corresponding update for Ubuntu 12.04 ESM. Daniel Hoffman discovered that Paramiko incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials. Various other issues were also addressed.
be9629570efc8591bd695beae9a55dc4cd8b3fc56250b3efb7ee5ab5d55cbdabWordPress Wordfence plugin version 7.1.12 suffers from bypass, cross site scripting, and path disclosure vulnerabilities.
7bd9c300ee5c12f903f4a443c03eeac48af0e1085041a04c331ee74dccfda5dbMultiple D-Link router models suffer from code execution, plain-text password storage, and directory traversal vulnerabilities.
9541adf37d2c85c0b0f169e169c1066383eece8ec4a5884e9d841c8dbcc16ca5
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed