Ubuntu Security Notice 3850-1 - Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. It was discovered that NSS incorrectly handled certain v2-compatible ClientHello messages. A remote attacker could possibly use this issue to perform a replay attack. It was discovered that NSS incorrectly handled certain padding oracles. A remote attacker could possibly use this issue to perform a variant of the Bleichenbacher attack. Various other issues were also addressed.
33dfd212dff4b39a5b8a3ffb081d43f4f2201ce71c47312b15edcf37961cf627This is a thorough analysis of how Qualys approached exploiting three vulnerabilities in systemd-journald. Although they have not released formal exploits yet, they detail in here is useful in understanding the flaws.
19a689d664d755e0625285bb3e35b7cb5791449a424da89709b8ef0bf6fdcb91THC-IPV6 is a toolkit that attacks the inherent protocol weaknesses of IPv6 and ICMP6 and it includes an easy to use packet factory library.
ac3570564999e55c8e8d7aea8b67c398a3b7059f6d03235ab851af9497c38e68ZTE MF65 BD_HDV6MF65V1.0.0B05 suffers from a cross site scripting vulnerability.
a1f4305ed80b1edad0ddf850cf89f3031a689bfb87af746b3f5f87da6a50f8afAmpache version 3.8.6 suffers from multiple cross site scripting vulnerabilities.
0df6202d2e2ba7b2b3a388c00adfd7cc731f5b2afe54c067226bae1ab49cf904BlogEngine version 3.3 suffers from an XML external entity injection vulnerability.
81c346a488af94a4a6e50a7ba4ba5ee7fc1f737b31b6ae0ecbd0220b1a149de6OrangeForum version 1.4.0 suffers from open redirection vulnerabilities.
52a54e8dac487a6ef87bc3446a9760fe33265a5c204260d27a24499f6d1144b7Red Hat Security Advisory 2019-0040-01 - .NET Core is a managed software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 2.1.5 and 2.2.1. Issues addressed include a denial of service vulnerability.
60dc7ea683aed6ff8f8819789e86b7deaa6ab6d423b8691994f39f1071023fc7Debian Linux Security Advisory 4364-1 - It was discovered that ruby-loofah, a general library for manipulating and transforming HTML/XML documents and fragments, performed insufficient sanitising of SVG elements.
fbbb51e620d1c0eb3b989fd23a9cffa84aeaadf79ae04a75f02355665e687999WordPress User Registration plugin version 1.5.3 suffers from a cross site scripting vulnerability.
3309833067b6b1a7338dcfae2aaeec5cc34d8bd17c8a20fdb77f6ebcc85a9ba8Angry Polar Bear is a Microsoft Windows error reporting privilege escalation exploit.
6ba1825663dc4af4d5138e171b80cce360a1ec36f1429feee694aefc93ee3e1bHeatmiser Wifi Thermostat version 1.7 suffers from a cross site request forgery vulnerability.
5c0a3afcac35f1c064c628c8b72b11b9a1f6642d72f3ec2af2e154d0b3a4c717Various web design firms such as EstudioNeoFilms, Grupo LosGrobo, IdeaSeven, Informatica Icarus Diteh, and Netical24 all have produced sites that are susceptible to SQL injection vulnerabilities.
8a24a48061ed53679c9fcdf369ebc64c50e199f5ef7a6a1492a2fce505973ce0Google Chrome V8 JavaScript Engine version 71.0.3578.98 suffers from a denial of service vulnerability.
7781839e4640b9828af8bca354d5f2ff391d8d4eb54a5a33da6fbde72bcc0dc5A vulnerability in Microsoft SharePoint Server could allow a remote attacker to make the server unavailable. The vulnerability is a result of the dependency SharePoint has in Microsoft.Data.OData library which was vulnerable to remote DOS.
ce47058025f34b12c16191be810750851781cf4964d5249ddcd7414cb84b5b2dWifi-soft Unibox Controllers versions 0.x through 0.2 suffer from code execution and command injection vulnerabilities.
36f5d2b153128e27aabad7c25baee2bcb915f00a7492e1146d3c7d27e1c7dd0dMDwiki versions prior to 0.6.2 suffer from a cross site scripting vulnerability.
c05cfb7d7709a95e18157203ac396954bbd15aeca5d3482be2b4066a920700c0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed