Red Hat Security Advisory 2019-1268-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include wrong permissions in systemd admin-sock due to a missing SocketMode parameter.
c7f0d660142b57ece86ba530c3d999faRed Hat Security Advisory 2019-1269-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.
425d5423e580dbfd5416ae1a3c86ff5cRed Hat Security Advisory 2019-1264-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include wrong permissions in systemd admin-sock due to a missing SocketMode parameter.
4c0f215935c8811f8ae661e6936de997Red Hat Security Advisory 2019-1267-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.
e73ac7e2d27531b4bb229fecc5310833Red Hat Security Advisory 2019-1265-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.
665a4248296acddccf6877f808db5ba8Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
e344675283d6329a4bc213b621d7f46aGRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.
87a3550dd2e53c167e769f14e87dd007Quest KACE Systems Management Appliance versions 9.0 and below suffer from a cross site scripting vulnerability.
6e4257cec5ce63b2a13ee85f7cc0f5b9Bitbucket Data Center had a path traversal vulnerability in the Data Center migration tool. A remote attacker with authenticated user with admin permissions can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Bitbucket Data Center. Bitbucket Server versions without a Data Center license are not vulnerable to this vulnerability. Versions of Bitbucket Server starting with 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.13.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) are affected by this vulnerability.
657e273aa3e0e9c381f5de0e31630a90Slackware Security Advisory - New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
7de7e6dc7a9b1db2e5d3c236a0dab575Debian Linux Security Advisory 4449-1 - Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.
22da8d2aeb5c71c9d95d9a6968d0cb4dUbuntu Security Notice 3977-2 - USN-3977-1 provided mitigations for Microarchitectural Data Sampling vulnerabilities in Intel Microcode for a large number of Intel processor families. This update provides the corresponding updated microcode mitigations for Intel Cherry Trail and Bay Trail processor families. Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
297ce249a55bb6a9f1b348e0dfd86bc7Opencart versions 3.0.3.2 and below extension/feed/google_base remote denial of service proof of concept exploit.
8f7d02198514d6db4dfef8e0e72e0139Security issues have been found in the Anviz M3 RFID Access Control device when working in standalone mode connected to a TCP/IP network that could lead to access control bypass and private information leakage and alteration.
d287a6a5ec4c66808bc02415ae2ea2e4Nagios XI version 5.6.1 suffers from a remote SQL injection vulnerability.
6a81223d724b2e54b0d9646abba4f855Proof of concept exploit for an elevation of privilege vulnerability that exists in Windows when the Win32k component fails to properly handle objects in memory.
91e99823c59717f23a26ea09901bf4fbInterspire Email Marketer version 6.20 suffers from a remote code execution vulnerability in surveys_submit.php.
b195e66a0ac9e8901e18bb374e2f4d7aInternet Explorer 11 exploit that allows attackers to execute JavaScript with higher system access than is normally permitted by the browser sandbox.
935c249a0cf1e2fa49afb683f0e4aa80Angry Polar Bear 2 is a Microsoft Windows error reporting privilege escalation exploit.
e2a7c2229624d5b912617778c52d6a08NetAware version 1.20 Share Name and Add Block denial of service proof of concept exploits.
a38547dd80a67a5d5a0b40a2186404d3WordPress Tigin theme version 1.0.5 suffers from an open redirection vulnerability.
0fec1a909100ac7db30532316b491f05WordPress Xunjin theme version 4.6 suffers from an open redirection vulnerability.
e45743269242f64043bc0c9a8fa8c2b4WordPress Divi-Child theme version 1.0 suffers from an open redirection vulnerability.
9a984ef85d6284ff498080d2c37f6099WordPress Howsci theme version 1.8 suffers from an open redirection vulnerability.
89ca9eeada2e95e2e61bc601d84407b0WordPress Antena_Ri Institute theme version 2.0 suffers from an open redirection vulnerability.
561e2e314ba4ff379bfa92174e10714c
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed