what you don't know can hurt you
Showing 1 - 22 of 22 RSS Feed

Files Date: 2019-06-19

Ubuntu Security Notice USN-4022-1
Posted Jun 19, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4022-1 - It was discovered that gunicorn improperly handled certain input. An attacker could potentially use this issue execute a cross-site scripting attack.

tags | advisory, xss
systems | linux, ubuntu
advisories | CVE-2018-1000164
MD5 | 0db12f7d1c468f1bc9ef97ec3164eef3
Red Hat Security Advisory 2019-1553-01
Posted Jun 19, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1553-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 75.0.3770.90. Issues addressed include a use-after-free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2019-5842
MD5 | b02947342f1d4a954f3ee5192ec201cf
Ubuntu Security Notice USN-4024-1
Posted Jun 19, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4024-1 - As a security improvement, this update adjusts the AppArmor profile for the Evince thumbnailer to reduce access to the system and adjusts the AppArmor profile for Evince and Evince previewer to limit access to the DBus system bus. Additionally adjust the evince abstraction to disallow writes on parent directories of sensitive files.

tags | advisory
systems | linux, ubuntu
MD5 | 31b1bb15f2b2ba7916aa870f9b81d4ed
Ubuntu Security Notice USN-4019-2
Posted Jun 19, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4019-2 - USN-4019-1 fixed several vulnerabilities in sqlite3. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. It was discovered that SQLite incorrectly handled certain SQL files. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-6153, CVE-2017-10989, CVE-2017-13685, CVE-2017-2518, CVE-2018-20346, CVE-2019-8457
MD5 | 0c2478cd3b3cdd3448b43ca9493fb9eb
Ubuntu Security Notice USN-4020-1
Posted Jun 19, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4020-1 - A type confusion bug was discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit this by causing a denial of service, or executing arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-11707
MD5 | 76b4d5d9cbedc526395024c99cb24ee1
Ubuntu Security Notice USN-4021-1
Posted Jun 19, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4021-1 - Daniel P. Berrangé discovered that libvirt incorrectly handled socket permissions. A local attacker could possibly use this issue to access libvirt. It was discovered that libvirt incorrectly performed certain permission checks. A remote attacker could possibly use this issue to access the guest agent and cause a denial of service. This issue only affected Ubuntu 19.04. Various other issues were also addressed.

tags | advisory, remote, denial of service, local
systems | linux, ubuntu
advisories | CVE-2019-10132, CVE-2019-3886
MD5 | 86af14faf8c00a8bd9502479439a44ed
Ubuntu Security Notice USN-4019-1
Posted Jun 19, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4019-1 - It was discovered that SQLite incorrectly handled certain SQL files. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. This issue only affected Ubuntu 16.04 LTS. It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-6153, CVE-2017-10989, CVE-2017-13685, CVE-2017-2519, CVE-2018-20505, CVE-2018-20506, CVE-2019-8457, CVE-2019-9936, CVE-2019-9937
MD5 | 85de8fd111aa1b359244931eff4729a8
Cisco Prime Infrastructure Health Monitor TarArchive Directory Traversal
Posted Jun 19, 2019
Authored by mr_me, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in Cisco Prime Infrastructure. The issue is that the TarArchive Java class the HA Health Monitor component uses does not check for any directory traversals while unpacking a Tar file, which can be abused by a remote user to leverage the UploadServlet class to upload a JSP payload to the Apache Tomcat's web apps directory, and gain arbitrary remote code execution. Note that authentication is not required to exploit this vulnerability.

tags | exploit, java, remote, web, arbitrary, code execution
systems | cisco
advisories | CVE-2019-1821
MD5 | 6a669bb3bf795d44702236698b246f05
Cisco Prime Infrastructure Runrshell Privilege Escalation
Posted Jun 19, 2019
Authored by sinn3r, Pedro Ribeiro | Site metasploit.com

This Metasploit modules exploits a vulnerability in Cisco Prime Infrastructure's runrshell binary. The runrshell binary is meant to execute a shell script as root, but can be abused to inject extra commands in the argument, allowing you to execute anything as root.

tags | exploit, shell, root
systems | cisco
MD5 | ae94bd035bf58e74d4a44904a3f67d25
Kernel Live Patch Security Notice LSN-0052-1
Posted Jun 19, 2019
Authored by Benjamin M. Romer

Jonathan Looney discovered that an integer overflow existed in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service (system crash). Jonathan Looney discovered that the TCP retransmission queue implementation in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service.

tags | advisory, remote, denial of service, overflow, kernel, tcp
systems | linux
advisories | CVE-2019-11477, CVE-2019-11478
MD5 | 12a0c55fcb16b10cd0ab60c500a5dbda
Ubuntu Security Notice USN-4018-1
Posted Jun 19, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4018-1 - It was discovered that Samba incorrectly handled certain RPC messages. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. It was discovered that Samba incorrectly handled LDAP pages searches. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2019-12435, CVE-2019-12436
MD5 | f21eb2f45ebd1a547004a901c331774b
Red Hat Security Advisory 2019-1545-01
Posted Jun 19, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1545-01 - This release of Red Hat Fuse 7.3.1 serves as a replacement for Red Hat Fuse 7.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and deserialization vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2016-2510, CVE-2017-15691, CVE-2017-5645, CVE-2018-11798, CVE-2018-3258
MD5 | 7cf5db665bf646e1bb8e0961655f278b
Red Hat Security Advisory 2019-1543-01
Posted Jun 19, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1543-01 - This release adds the new Apache HTTP Server 2.4.29 Service Pack 2 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP1, and includes bug fixes and enhancements. Issues addressed include denial of service, null pointer, and out of bounds write vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2018-0495, CVE-2018-0732, CVE-2018-1000005, CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000122, CVE-2018-14404, CVE-2019-0211
MD5 | 014d05dc10107dd19f55f53e14cf431a
Red Hat Security Advisory 2019-1518-01
Posted Jun 19, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1518-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Multiple security issues have been addressed.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2019-2602, CVE-2019-2684
MD5 | 5a76bd0aa1541ee42bdef3cc1ba8eb00
Red Hat Security Advisory 2019-1519-01
Posted Jun 19, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1519-01 - The go-toolset:rhel8 module provides Go Toolset, a compiler toolset for building applications using the Go language and compiler suite. A CRLF injection vulnerability has been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-9741
MD5 | be9c343c2c661d59d323e3014346c9cf
Red Hat Security Advisory 2019-1529-01
Posted Jun 19, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1529-01 - The Public Key Infrastructure Deps module contains fundamental packages required as dependencies for the pki-core module by Red Hat Certificate System. An open redirection vulnerability among other things have been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-11784, CVE-2018-8014, CVE-2018-8034, CVE-2018-8037
MD5 | 98406d5ac4e158597c1aafddf0fee9fc
Red Hat Security Advisory 2019-1517-01
Posted Jun 19, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1517-01 - GVFS is the GNOME Desktop Virtual File System layer that allows users to easily access local and remote data using File Transfer Protocol, Secure Shell File Transfer Protocol, Web Distributed Authoring and Versioning, Common Internet File System, Server Message Block, and other protocols. GVFS integrates with the GNOME I/O abstraction layer. A file access vulnerability has been addressed.

tags | advisory, remote, web, shell, local, protocol
systems | linux, redhat
advisories | CVE-2019-3827
MD5 | 44ff7086c4d65b921692f456eef85006
Red Hat Security Advisory 2019-1527-01
Posted Jun 19, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1527-01 - The Windows Azure Linux Agent supports provisioning and running Linux virtual machines in the Microsoft Windows Azure cloud. A weak permissions issue was addressed.

tags | advisory
systems | linux, redhat, windows
advisories | CVE-2019-0804
MD5 | 1198e4999d63ce49032f564dbb35579e
Debian Security Advisory 4465-1
Posted Jun 19, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4465-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2019-10126, CVE-2019-11477, CVE-2019-11478, CVE-2019-11479, CVE-2019-11486, CVE-2019-11599, CVE-2019-11815, CVE-2019-11833, CVE-2019-11884, CVE-2019-3846, CVE-2019-5489, CVE-2019-9500, CVE-2019-9503
MD5 | a2e7d7ad8cd5265b8a90186bcd82ff4d
Red Hat Security Advisory 2019-1502-01
Posted Jun 19, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1502-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. An input validation was addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-6454
MD5 | 96e73e5fc8282d1ca61d8225e293c6d7
BlogEngine.NET 3.3.6 / 3.3.7 Theme Cookie Directory Traversal / Remote Code Execution
Posted Jun 19, 2019
Authored by Aaron Bishop

BlogEngine.NET versions 3.3.6 and 3.3.7 suffer from theme Cookie directory traversal and remote code execution vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion
advisories | CVE-2019-10720
MD5 | 888d7c169f3e6e9a215b1eceffb103b7
BlogEngine.NET 3.3.6 / 3.3.7 dirPath Directory Traversal / Remote Code Execution
Posted Jun 19, 2019
Authored by Aaron Bishop

BlogEngine.NET versions 3.3.6 and 3.3.7 suffer from dirPath directory traversal and remote code execution vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion
advisories | CVE-2019-10719
MD5 | f53272715e0e3639f8c26fa46102e350
Page 1 of 1
Back1Next

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close