Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
bd9b00fb4fc255566d4d8a8b52eb4977b4e8b49b37710d166cba75e6a93a504aStegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
00c9aff3d788a3959003b738379817fa8e6213184c3d8e56f7164415d7d74decGnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
496c3e123ef53f35436ddccca58e82acaa901ca4e21174e77386c0cea0c49cd9There is a memory corruption issue when processing a malformed RTP video stream in FaceTime that leads to a kernel panic due to a corrupted heap cookie or data abort. This bug can be reached if a user accepts a call from a malicious caller. This issue only affects FaceTime on iOS, it does not crash on a Mac.
b654a42ccec58f4aa8867fe675b6574d58dc4650d28d211847ba1d2a5837e8e6There is a heap corruption vulnerability in VCPDecompressionDecodeFrame which is called by FaceTime. This bug can be reached if a user accepts a call from a malicious peer.
1bd312f7b4a101fec53ac225a7f3d6e0201421a8aa365cfae0b3c2da6c90a236FaceTime suffers from a stack corruption vulnerability in readSPSandGetDecoderParams.
928e14bf951e6370a242b3da65a0b6ef51852753ddfde59fb41281e9301ce912Dell OpenManage Network Manager exposes a MySQL listener that can be accessed with default credentials. This MySQL service is running as the root user, so an attacker can exploit this configuration to, e.g., deploy a backdoor and escalate privileges into the root account.
22a16815587703eaaa022a8f7fc66731fbd250580052e1ef2522bcc959b5b6ffRed Hat Security Advisory 2018-3518-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for the RichFaces package in Red Hat JBoss Enterprise Application Platform 5.2. Issues addressed include a code execution vulnerability.
ac8bf2c688d4777e473c034aebe746ff9c216a93cdc11d6723447e51a35e58bbRed Hat Security Advisory 2018-3517-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for the RichFaces package in Red Hat JBoss Enterprise Application Platform 5.2. Issues addressed include a code execution vulnerability.
663f8e8218e5c255e7ccfa37e54ee2894185be388adca7b633fb7e7bf7035c9bUbuntu Security Notice 3810-1 - Ivan Gotovchits discovered that ppp incorrectly handled the EAP-TLS protocol. A remote attacker could use this issue to cause ppp to crash, resulting in a denial of service, or possibly bypass authentication.
9d0b1290d87215ead4fe934d8e6256746a4a008c4668e91737abb620b59d4246Ubuntu Security Notice 3811-1 - It was discovered that SpamAssassin incorrectly handled certain unclosed tags in emails. A remote attacker could possibly use this issue to cause a denial of service. It was discovered that SpamAssassin incorrectly handled the PDFInfo plugin. A remote attacker could possibly use this issue to execute arbitrary code. It was discovered that SpamAssassin incorrectly handled meta rule syntax. A local attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.
d0467b2ffe47f0944194ff341be74533254817bca4bb0b5301521db17221392dRed Hat Security Advisory 2018-3514-01 - Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Issues addressed include a stack overflow vulnerability.
e598702dc1ff47a58d43c5085110485bf0c6299e5bb441cbb2032f0edda4397fUbuntu Security Notice 3786-2 - USN-3786-1 fixed several vulnerabilities in libxkbcommon. This update provides the corresponding update for Ubuntu 18.04 LTS. It was discovered that libxkbcommon incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.
c9f93a0f0c6e71f2c9acb5fee198c495a079086e7bd69efb91fd46483f004b52Red Hat Security Advisory 2018-3506-01 - Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Issues addressed include a stack overflow vulnerability.
133145a8b73902fe6bac8626ca7a6a8139ae2fadfe1e06c833cd421912c25533Red Hat Security Advisory 2018-3505-01 - Red Hat Ansible Tower 3.3.1 is now available and contains a large amount of security fixes.
5a18fce8ca273b8a62b85b1a2bf4e5b4df4fb5583a3543625bcc53528045ab49Red Hat Security Advisory 2018-3507-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Issues addressed include a denial of service vulnerability.
647ab57975ee860adb3a984eff220430645b35f09dffa6f54c7c9bb5a1827a2eRed Hat Security Advisory 2018-3459-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
d9ed013caefaafa615d8575f93905b3db590cc43ed285904b04b65724c310165Ubuntu Security Notice 3809-1 - Robert Swiecki discovered that OpenSSH incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. It was discovered that OpenSSH incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information. Various other issues were also addressed.
a84cfe92dbfe11614adbc141355e26a2d23aae9a63b987c3e12f8f9574c9b486Slackware Security Advisory - New mariadb packages are available for Slackware 14.1 and 14.2 to fix security issues.
d9d685d7f6197622d189da055fee168719c18d396fef56c9aab02f4028df8541Ubuntu Security Notice 3808-1 - It was discovered that Ruby incorrectly handled certain X.509 certificates. An attacker could possibly use this issue to bypass the certificate check. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
dc2d5b3f5be433cc29a21366af2eda8167a7638d8db5ae80699233902daf3800Blue Server version 1.1 suffers from a denial of service vulnerability.
084e5ec574c44c7af13413ab6b18462da5b707cc9608367b75a098efff95af40Grocery Crud version 1.6.1 suffers from a remote SQL injection vulnerability.
59f4e1ea80048501eab05bd6d1694bcb3ca944badb1b27b0460879f7c7eca73fOOP CMS BLOG version 1.0 suffers from a cross site request forgery vulnerability.
4e1848a477c2e6d8a9e67f94ff50331fa96a6d2c0589350a256477da2e3265efCradlepoint routers suffer from password disclosure, weak password storage, and privilege escalation vulnerabilities.
a838dee0da90b1c1bb280f7845c47453eb4ea825ff09116b290a0fa474ccab1dThis Microsoft advisory notification includes advisories released or updated on November 6, 2018.
e88740d9c7fdb8ca4a2e5d23cb938633fc64fce00eb8bbb6b5aa1ec73f78a4a9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed