what you don't know can hurt you
Showing 1 - 25 of 79 RSS Feed

Files Date: 2019-08-06

Mandos Encrypted File System Unattended Reboot Utility 1.8.7
Posted Aug 6, 2019
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: In the client, always compile with LFS (Large File Support) has been enabled. In the server, a man page has been improved.
tags | tool, remote, root
systems | linux, unix
MD5 | 708b91f4a26f055ca2063c2aaee58a6f
Chrome blink::PresentationAvailabilityState::UpdateAvailability Heap Use-After-Free
Posted Aug 6, 2019
Authored by Google Security Research, Glazvunov

Chrome suffers from a heap use-after-free condition in blink::PresentationAvailabilityState::UpdateAvailability.

tags | exploit
MD5 | 10b023c0de6d6dc1fd2061aec8927a97
FreeBSD Security Advisory - FreeBSD-SA-19:21.bhyve
Posted Aug 6, 2019
Authored by Reno Robert | Site security.freebsd.org

FreeBSD Security Advisory - The e1000 network adapters permit a variety of modifications to an Ethernet packet when it is being transmitted. These include the insertion of IP and TCP checksums, insertion of an Ethernet VLAN header, and TCP segmentation offload ("TSO"). The e1000 device model uses an on-stack buffer to generate the modified packet header when simulating these modifications on transmitted packets. When TCP segmentation offload is requested for a transmitted packet, the e1000 device model used a guest-provided value to determine the size of the on-stack buffer without validation. The subsequent header generation could overflow an incorrectly sized buffer or indirect a pointer composed of stack garbage. A misbehaving bhyve guest could overwrite memory in the bhyve process on the host.

tags | advisory, overflow, tcp
systems | freebsd
advisories | CVE-2019-5609
MD5 | 26840b488f085103047559c3820eb233
FreeBSD Security Advisory - FreeBSD-SA-19:20.bsnmp
Posted Aug 6, 2019
Authored by Guido Vranken | Site security.freebsd.org

FreeBSD Security Advisory - A function extracting the length from type-length-value encoding is not properly validating the submitted length. A remote user could cause, for example, an out-of-bounds read, decoding of unrelated data, or trigger a crash of the software such as bsnmpd resulting in a denial of service.

tags | advisory, remote, denial of service
systems | freebsd, bsd
advisories | CVE-2019-5610
MD5 | 6ef4969cfc02cf46cf589e659797306b
FreeBSD Security Advisory - FreeBSD-SA-19:19.mldv2
Posted Aug 6, 2019
Authored by CJD of Apple | Site security.freebsd.org

FreeBSD Security Advisory - The ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. A remote attacker may be able to cause an out-of-bounds read or write that may cause the kernel to attempt to access an unmapped page and subsequently panic.

tags | advisory, remote, kernel
systems | freebsd
advisories | CVE-2019-5608
MD5 | 3dc4e82e186f7e320d7d6c4dfbf5493c
FreeBSD Security Advisory - FreeBSD-SA-19:18.bzip2
Posted Aug 6, 2019
Site security.freebsd.org

FreeBSD Security Advisory - The decompressor used in bzip2 contains a bug which can lead to an out-of-bounds write when processing a specially crafted bzip2(1) file. bzip2recover contains a heap use-after-free bug which can be triggered when processing a specially crafted bzip2(1) file. An attacker who can cause maliciously crafted input to be processed may trigger either of these bugs. The bzip2recover bug may cause a crash, permitting a denial-of-service. The bzip2 decompressor bug could potentially be exploited to execute arbitrary code. Note that some utilities, including the tar(1) archiver and the bspatch(1) binary patching utility (used in portsnap(8) and freebsd-update(8)) decompress bzip2(1)-compressed data internally; system administrators should assume that their systems will at some point decompress bzip2(1)-compressed data even if they never explicitly invoke the bunzip2(1) utility.

tags | advisory, arbitrary
systems | freebsd
advisories | CVE-2016-3189, CVE-2019-12900
MD5 | 76087cf6669372fbf8909cd8f5d7ed6d
Ubuntu Security Notice USN-4087-1
Posted Aug 6, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4087-1 - It was discovered that Burrows-Wheeler Aligner mishandled certain crafted .alt files. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-10269
MD5 | 4405d282bde1cb380a615aae03593dac
Ubuntu Security Notice USN-4086-1
Posted Aug 6, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4086-1 - It was discovered that Mercurial mishandled symlinks in subrepositories. An attacker could use this vulnerability to write arbitrary files to the target's filesystem.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-3902
MD5 | 229dedb36ae397d0831e6fcd1828c176
Red Hat Security Advisory 2019-2053-01
Posted Aug 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2053-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include buffer overflow, code execution, denial of service, and null pointer vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2016-3186, CVE-2018-10779, CVE-2018-10963, CVE-2018-12900, CVE-2018-17100, CVE-2018-17101, CVE-2018-18557, CVE-2018-18661, CVE-2018-7456, CVE-2018-8905
MD5 | 4c0aa03c9fdb09907dd7d5a529e5b7dd
Red Hat Security Advisory 2019-2101-01
Posted Aug 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2101-01 - The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. Issues addressed include denial of service, heap overflow, and null pointer vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2017-17724, CVE-2018-10772, CVE-2018-10958, CVE-2018-10998, CVE-2018-11037, CVE-2018-12264, CVE-2018-12265, CVE-2018-14046, CVE-2018-17282, CVE-2018-17581, CVE-2018-18915, CVE-2018-19107, CVE-2018-19108, CVE-2018-19535, CVE-2018-19607, CVE-2018-20096, CVE-2018-20097, CVE-2018-20098, CVE-2018-20099, CVE-2018-8976, CVE-2018-8977, CVE-2018-9305
MD5 | b48a8fb599269fd3b4f89cae92e38d67
Red Hat Security Advisory 2019-2078-01
Posted Aug 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2078-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include an information leakage vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2019-9824
MD5 | fb632dfb54b94ad96afd89dbde196961
Red Hat Security Advisory 2019-2281-01
Posted Aug 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2281-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-11645
MD5 | 96c0b71eb15953cbbd4c5a58ce4a80ea
Red Hat Security Advisory 2019-2166-01
Posted Aug 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2166-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures. An out-of-bounds access vulnerability was addressed.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2018-17963, CVE-2019-6501
MD5 | 51f7702450ffae0307e4c45847725f58
Red Hat Security Advisory 2019-2130-01
Posted Aug 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2130-01 - LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-16858
MD5 | 6efc9935bdfd1a055ba1e34b6c402b0b
Red Hat Security Advisory 2019-2308-01
Posted Aug 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2308-01 - The libguestfs-winsupport package adds support for Windows guests to libguestfs, a set of tools and libraries allowing users to access and modify virtual machine disk images. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat, windows
advisories | CVE-2019-9755
MD5 | 8b1f0b2bc530e9bb97d5fa7ef2412f8d
Red Hat Security Advisory 2019-2060-01
Posted Aug 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2060-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, protocol
systems | linux, redhat
advisories | CVE-2019-6470
MD5 | 6df6debc8ebc18232b86e9e58520cc63
Red Hat Security Advisory 2019-2169-01
Posted Aug 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2169-01 - The linux-firmware packages contain all of the firmware files that are required by various devices to operate. An insufficient validation vulnerability was addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-5383
MD5 | 94f6dc2dd86b96bbcd54254f9979aed8
Red Hat Security Advisory 2019-2110-01
Posted Aug 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2110-01 - The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, tcp
systems | linux, redhat
advisories | CVE-2018-16881
MD5 | 57b8b6292d978091bce5375e11953451
Red Hat Security Advisory 2019-2112-01
Posted Aug 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2112-01 - mod_auth_openidc enables an Apache 2.x web server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2017-6059, CVE-2017-6413
MD5 | e35d8b53150fc787e9884194a094b189
Red Hat Security Advisory 2019-2057-01
Posted Aug 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2057-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2018-5741
MD5 | 27315d8659bfc94427a0b68e35815455
Red Hat Security Advisory 2019-2332-01
Posted Aug 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2332-01 - AdvanceCOMP is a set of recompression utilities for .PNG, .MNG and .ZIP files. Issues addressed include denial of service and null pointer vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2019-8379, CVE-2019-8383
MD5 | 5783402b7a3aae9daa342c51a880de64
Red Hat Security Advisory 2019-2022-01
Posted Aug 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2022-01 - Poppler is a Portable Document Format rendering library, used by applications such as Evince or Okular. Issues addressed include buffer overflow and null pointer vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2018-16646, CVE-2018-18897, CVE-2018-19058, CVE-2018-19059, CVE-2018-19060, CVE-2018-19149, CVE-2018-20481, CVE-2018-20650, CVE-2018-20662, CVE-2019-7310, CVE-2019-9200, CVE-2019-9631
MD5 | c12b432c8ed9fcf1f0ae12201266f499
Red Hat Security Advisory 2019-2290-01
Posted Aug 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2290-01 - The libsolv packages provide a library for resolving package dependencies using a satisfiability algorithm. Issues addressed include a null pointer vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-20532, CVE-2018-20533, CVE-2018-20534
MD5 | ebc13656be7e51a7f638aa6d413f0172
Red Hat Security Advisory 2019-2097-01
Posted Aug 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2097-01 - The Archive::Tar module provides a mechanism for Perl scripts to manipulate tar archive files. Issues addressed include a traversal vulnerability.

tags | advisory, perl
systems | linux, redhat
advisories | CVE-2018-12015
MD5 | 0bdc642b7fdc1454e881cb9d1b1a1110
Red Hat Security Advisory 2019-2043-01
Posted Aug 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2043-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, denial of service, information leakage, null pointer, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2018-10853, CVE-2018-13053, CVE-2018-13093, CVE-2018-13094, CVE-2018-13095, CVE-2018-14625, CVE-2018-14734, CVE-2018-15594, CVE-2018-16658, CVE-2018-16885, CVE-2018-18281, CVE-2018-7755, CVE-2018-8087, CVE-2018-9363, CVE-2018-9516, CVE-2018-9517, CVE-2019-11599, CVE-2019-11810, CVE-2019-11833, CVE-2019-3459, CVE-2019-3460, CVE-2019-3882, CVE-2019-3900, CVE-2019-5489, CVE-2019-7222
MD5 | 396c021234e85bd85be4ed53ce333c58
Page 1 of 4
Back1234Next

File Archive:

December 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    1 Files
  • 2
    Dec 2nd
    16 Files
  • 3
    Dec 3rd
    17 Files
  • 4
    Dec 4th
    23 Files
  • 5
    Dec 5th
    11 Files
  • 6
    Dec 6th
    10 Files
  • 7
    Dec 7th
    1 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    15 Files
  • 10
    Dec 10th
    24 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close