Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
ef5fe0ea7ec7b94829897dfc0999857fStegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
e35d90beedc1aa42060c455467799ab7GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
e23a896d634e8b81681314780f5158a4There is a memory corruption issue when processing a malformed RTP video stream in FaceTime that leads to a kernel panic due to a corrupted heap cookie or data abort. This bug can be reached if a user accepts a call from a malicious caller. This issue only affects FaceTime on iOS, it does not crash on a Mac.
e1efd0319dcc1218c75d95f35d08574bThere is a heap corruption vulnerability in VCPDecompressionDecodeFrame which is called by FaceTime. This bug can be reached if a user accepts a call from a malicious peer.
98ed8bf1539b036052ee59ec0d5239fdFaceTime suffers from a stack corruption vulnerability in readSPSandGetDecoderParams.
17c8ace8d98479a7e023a22b0a94235cDell OpenManage Network Manager exposes a MySQL listener that can be accessed with default credentials. This MySQL service is running as the root user, so an attacker can exploit this configuration to, e.g., deploy a backdoor and escalate privileges into the root account.
9296a80d1fafbfc2dd325ed3e1388fceRed Hat Security Advisory 2018-3518-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for the RichFaces package in Red Hat JBoss Enterprise Application Platform 5.2. Issues addressed include a code execution vulnerability.
35c9c612e4336ae11c1cd24410f6f816Red Hat Security Advisory 2018-3517-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for the RichFaces package in Red Hat JBoss Enterprise Application Platform 5.2. Issues addressed include a code execution vulnerability.
02f8174afa222a00c5a275aaaff8aa54Ubuntu Security Notice 3810-1 - Ivan Gotovchits discovered that ppp incorrectly handled the EAP-TLS protocol. A remote attacker could use this issue to cause ppp to crash, resulting in a denial of service, or possibly bypass authentication.
bea0355887912e2020914ed77fd7dedfUbuntu Security Notice 3811-1 - It was discovered that SpamAssassin incorrectly handled certain unclosed tags in emails. A remote attacker could possibly use this issue to cause a denial of service. It was discovered that SpamAssassin incorrectly handled the PDFInfo plugin. A remote attacker could possibly use this issue to execute arbitrary code. It was discovered that SpamAssassin incorrectly handled meta rule syntax. A local attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.
7fcbfde9589d7977e424e44fe80a9ea7Red Hat Security Advisory 2018-3514-01 - Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Issues addressed include a stack overflow vulnerability.
c95e08fde277c8157ae54b83d2871475Ubuntu Security Notice 3786-2 - USN-3786-1 fixed several vulnerabilities in libxkbcommon. This update provides the corresponding update for Ubuntu 18.04 LTS. It was discovered that libxkbcommon incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.
f69ed867096c658c6b1c088943632808Red Hat Security Advisory 2018-3506-01 - Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Issues addressed include a stack overflow vulnerability.
290222918e1fb09ebb500ea31531084dRed Hat Security Advisory 2018-3505-01 - Red Hat Ansible Tower 3.3.1 is now available and contains a large amount of security fixes.
b7af30db27ef5f7b266ad41827d5a000Red Hat Security Advisory 2018-3507-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Issues addressed include a denial of service vulnerability.
af41ce9ebede880a01bb8822db4239b0Red Hat Security Advisory 2018-3459-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
3212d1c2d4198ef25ca413faab3789ddUbuntu Security Notice 3809-1 - Robert Swiecki discovered that OpenSSH incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. It was discovered that OpenSSH incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information. Various other issues were also addressed.
2475ee67475aa1d9b41d74d41231f44eSlackware Security Advisory - New mariadb packages are available for Slackware 14.1 and 14.2 to fix security issues.
f613205e96a7af8657f177ac749d6c32Ubuntu Security Notice 3808-1 - It was discovered that Ruby incorrectly handled certain X.509 certificates. An attacker could possibly use this issue to bypass the certificate check. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
40861160d83fcf2ea2b6534d3fc4fe66Blue Server version 1.1 suffers from a denial of service vulnerability.
f6ca8ccd7b94e85d7f38833158c22e28Grocery Crud version 1.6.1 suffers from a remote SQL injection vulnerability.
3e2d4a995a8a5d0d16a266b8c6e76be1OOP CMS BLOG version 1.0 suffers from a cross site request forgery vulnerability.
8fe00a1538650122bf9dc9552168ba0bCradlepoint routers suffer from password disclosure, weak password storage, and privilege escalation vulnerabilities.
04fdbf01a4b6b3dd328c299c5da76d7eThis Microsoft advisory notification includes advisories released or updated on November 6, 2018.
9bb4231285cec910f5c94126f01e658a
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed