VMware Security Advisory 2018-0029 - vSphere Data Protection (VDP) updates address multiple security issues.
aacb4dd9106cc15bfa2907b119b7dd2200b2ee1142ba0840d5ada8a616b19feaThe 15th CarolinaCon will be hosted in Charlotte at the Renaissance Charlotte Suites April 26th through the 28th in 2019.
e03558c7fde29e8024e19e5ad9431825afdf3cb6342d6760a24a89515bbf78cbRichfaces version 3.x suffers from a remote code execution vulnerability.
5dfbb32d43674a8fbcf00a8b17109c6edc2aa21bc7c6922d64c36ba5c89fcce7Debian Linux Security Advisory 4341-1 - Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.1.37.
6012d6608a8e39d63c4780f2f51b5e411e53300f77e36d5d48c2b03f21fd8505Red Hat Security Advisory 2018-2908-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.9.51. Issues addressed include a crash vulnerability.
25b280602b240ceeef62c7dae530b2f48bab0276848c0915c3be3852168acec8The 26th ACM Conference on Computer and Communications Security will take place in London, UK, November 11th through the 15th, 2019. The Conference on Computer and Communications Security (CCS) seeks submissions presenting novel contributions related to all real-world aspects of computer security and privacy. Theoretical papers must make a convincing case for the relevance of their results to practice. Authors are encouraged to write the abstract and introduction of their paper in a way that makes the results accessible and compelling to a general computer-security researcher. In particular, authors should bear in mind that anyone on the program committee may be asked to give an opinion about any paper.
93cbddcc9c0541fe52d6729e094adee59128be4ab071d1d3bae6c3ae9887ad3bZoho ManageEngine OpManager versions 12.3 before build 123223 have a cross site scripting vulnerability via the updateWidget API.
4f3c08804393e70f710c96815caa8549c3dc5e71017eeb4012d2c44a6bb278d1Debian Linux Security Advisory 4340-1 - An out-of-bounds bounds memory access issue was discovered in chromium's v8 javascript library by cloudfuzzer.
3ead61ae2113a5574f5818ccb7a00c49dbd911e5317b2b6ffca4c438cd77e3c1ELBA5 Network Installation versions prior to 5.8.1 suffer from a remote code execution vulnerability.
2f87672da6e269f7bb6d0be7c8df2890794563b177a0b3ec39152e33c0cfe1e7Microsoft Windows 10 1803 and 1809 have an issue with unnamed kernel object creation. It's possible to default the security descriptor owner or mandatory label to the value from an Identification level impersonation token leading to elevation of privilege.
fb9584f4d9fbcd0538fdc2a5adb39ca01034b95d7ea2db9584cbde35e0f112aeMicrosoft Windows 10 1803 suffers from a DfMarshal unsafe unmarshaling elevation of privilege vulnerability.
f3d8b80ceebd239ef1a439cec5530651178de5ea0d7a4a0abe71c74e48185b64macOS version 10.13 workq_kernreturn denial of service proof of concept exploit.
c0d719627a62bd9c9a802343bdd5548be3f38127a565a13b3f7be80e85fae7caImageMagick versions prior to 7.0.8-9 suffers from a memory leak vulnerability.
0c129a7d0e1c74e1dec309a8b8bd9775dfd645ba0275f583fdec9c5ac60f5392Ticketly version 1.0 suffers from a cross site request forgery vulnerability.
735484e28b65b8a20cedc6bbdcd7daaeb7b21e1f2b3e42deede05f8211ad32b9Ubuntu Security Notice 3816-2 - USN-3816-1 fixed several vulnerabilities in systemd. However, the fix for CVE-2018-6954 was not sufficient. This update provides the remaining fixes. Jann Horn discovered that unit_deserialize incorrectly handled status messages above a certain length. A local attacker could potentially exploit this via NotifyAccess to inject arbitrary state across re-execution and obtain root privileges. Jann Horn discovered a race condition in chown_one. A local attacker could potentially exploit this by setting arbitrary permissions on certain files to obtain root privileges. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. It was discovered that systemd-tmpfiles mishandled symlinks in non-terminal path components. A local attacker could potentially exploit this by gaining ownership of certain files to obtain root privileges. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Various other issues were also addressed.
eb71de28a7d0a6a7812f411191e7266a1699b349c54bd396dd6e5120e7f392c4Ricoh myPrint suffers from hardcoded application credential and information disclosure vulnerabilities. The myPrint windows client version 2.9.2.4 and myPrint android client version 2.2.7 are both affected.
ecf580b9a434a73107f0ba5a72c008e086a0dd48d9c43c99626d47b2773c9b0d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed