Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
a2252c4bee6922e2499c15e2c1df90ffaa7fffa31092e81f7092dc64be6912f1
Qualys discovered a remote command execution vulnerability in Exim versions 4.87 to 4.91.
ccf81b809451dabd0ae35b330095955b9998319116314052fc75a06a7dd5e3e8
Debian Linux Security Advisory 4454-2 - Vincent Tondellier reported that the qemu update issued as DSA 4454-1 did not correctly backport the support to define the md-clear bit to allow mitigation of the MDS vulnerabilities. Updated qemu packages are now available to correct this issue.
8d3dce67654d724c57e2413fe5a1f9af78dbde8f6502f95c7fe80ce472fe164b
Gentoo Linux Security Advisory 201906-1 - A vulnerability in Exim could allow a remote attacker to execute arbitrary commands. Versions less than 4.92 are affected.
a3da7ce79662c13585cde53abd610ea317462f97afc3099957d04af79577eaa6
Red Hat Security Advisory 2019-1400-01 - The AMQ Client enables connecting, sending, and receiving messages over the AMQP 1.0 wire transport protocol.
7104802c061cb0b00d8eb2a6989436b45b655351b52a06d23b37692da3e11064
Red Hat Security Advisory 2019-1399-01 - The AMQ Client enables connecting, sending, and receiving messages over the AMQP 1.0 wire transport protocol. This update provides various bug fixes and enhancements in addition to the client package versions previously released on Red Hat Enterprise Linux 7.
f87378679ce5d5721468c329ea38e89d801d8e18118a4933792778f294b0bb84
Red Hat Security Advisory 2019-1398-01 - The AMQ Client enables connecting, sending, and receiving messages over the AMQP 1.0 wire transport protocol. This update provides various bug fixes and enhancements in addition to the client package versions previously released on Red Hat Enterprise Linux 7.
86ba6e27befdc014db770f1d5e106f016df8c7cfd540dee6a7050ae4999321da
Ubuntu Security Notice 4011-2 - USN-4011-1 fixed several vulnerabilities in Jinja2. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Olivier Dony discovered that Jinja incorrectly handled str.format. An attacker could possibly use this issue to escape the sandbox. Various other issues were also addressed.
16cfaa3e64480ac0a258651131028577af813ae90b7648d6be5ddd582e0f8829
Ubuntu Security Notice 4011-1 - Olivier Dony discovered that Jinja incorrectly handled str.format. An attacker could possibly use this issue to escape the sandbox. This issue only affected Ubuntu 16.04 LTS. Brian Welch discovered that Jinja incorrectly handled str.format_map. An attacker could possibly use this issue to escape the sandbox.
c913444dd32ed30587f5aab7e3218a0c7705b9d44a792724c1fde4c345788ea3
Supra Smart Cloud TV suffers from an openLiveURL() remote file inclusion vulnerability.
36d9b0b5cd1b087e4e8ad3e10950200b370a681e06ac888c6f0a7087cf752c68
Ubuntu Security Notice 4008-3 - USN-4008-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. Robert Swiecki discovered that the Linux kernel did not properly apply Address Space Layout Randomization in some situations for setuid elf binaries. A local attacker could use this to improve the chances of exploiting an existing vulnerability in a setuid elf binary. Various other issues were also addressed.
aa4cc845dcf7f973e16414a993cbab9ad894d59053308b8791cfaee4cab3ec45
Ubuntu Security Notice 3991-2 - USN-3991-1 fixed vulnerabilities in Firefox. The update caused a regression which resulted in issues when upgrading between Ubuntu releases. This update fixes the problem. Multiple security issues were discovered in Firefox.
fce0fd5359a0610ee51b72fd465faebffffb5cd18c3aad0415bf99f701eb6fea