Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.
a47a9cdcef0ea14d5f70c390ab266f0333063ff96f3869a5f1609581a1d1ceb7
Ubuntu Security Notice 4110-4 - USN-4110-1 fixed a vulnerability in Dovecot. The update introduced a regression causing a wrong check. This update fixes the problem for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Various other issues were also addressed.
ba5b903c212775a3900d1f88e72486fb256e8202fa117e10525eaf3cbcd9a736
It was discovered that the USB video device class implementation in the Linux kernel did not properly validate control bits, resulting in an out of bounds buffer read. A local attacker could use this to possibly expose sensitive information (kernel memory). It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other vulnerabilities have also been addressed.
3bf6f3467455c33428751c5faf437aa7d6c64fe01342c90cc65e1d94808e2336
Ubuntu Security Notice 4110-3 - USN-4110-1 fixed a vulnerability in Dovecot. The update introduced a regression causing a wrong check. This update fixes the problem. Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Various other issues were also addressed.
ea497bd34cac8fb3ea8df64d24c03b963f18392532a993273d189149c06c84cc
Red Hat Security Advisory 2019-2579-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. A crash issue was addressed.
b7da198c2a2efed0d3ca88cd075ea9eba23338a7a304cf7bd020c4f906c05729
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
30482b56becb6135ed4b74bd4715906774f7c3f3302753985a5fde363f0cc713
Cisco UCS Director, Cisco Integrated Management Controller Supervisor and Cisco UCS Director Express for Big Data suffer from default password, authentication bypass, and command injection vulnerabilities.
38e7a01258bfec09b0882ac7dbf7cd123357ef8737f810d17b3e0ebf1d0c844e
Red Hat Security Advisory 2019-2548-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include a cross site request forgery vulnerability.
4345dc1d608a0488b324d4434e2cfb1c27a4314f6530857a03a16fd149420252
Red Hat Security Advisory 2019-2571-01 - Pango is a library for laying out and rendering of text, with an emphasis on internationalization. Pango forms the core of text and font handling for the GTK+ widget toolkit. Issues addressed include a buffer overflow vulnerability.
0faa131337ca5e32a57d48ec0ac89a3416c733ab208d593f8a65826cae68d0b0
Red Hat Security Advisory 2019-2577-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. A crash issue has been addressed.
e60f27e303aab7b3ce7bce56331be0d0c4fd9b703ea70eac7cdcd0d653aeeba9
Ubuntu Security Notice 4110-2 - USN-4110-1 fixed a vulnerability in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Various other issues were also addressed.
304d734f8346c73e85ea728a6b76429713959e68248569d54ebbdad82c84f68c
Debian Linux Security Advisory 4510-1 - Nick Roessler and Rafi Rubin discovered that the IMAP and ManageSieve protocol parsers in the Dovecot email server do not properly validate input (both pre- and post-login). A remote attacker can take advantage of this flaw to trigger out of bounds heap memory writes, leading to information leaks or potentially the execution of arbitrary code.
c04546fd005105ce0ea049041181543abc29468ef19bad67410168c397658f7d
Ubuntu Security Notice 4110-1 - Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
266fb9a4d88612b859b072db5fec419fd51c1b8f1685d5cfba9cc0a100abcb6b
Joomla version 2.5.28 with JomEstate component version 4.1 suffers from a remote SQL injection vulnerability.
61ab3acfecdebfd920fbaa36e2d768af550632f8eb37ce45974f6442d0ab958a
Joomla version 1.0.15 with Easy GuestBook component version 1.0 suffers from a remote SQL injection vulnerability.
e34ccc99cb63a7ae6256b9dfe2a8b822378741f20fa917534a05320da115dcc5
Outlook Password Recovery version 2.10 suffers from a denial of service vulnerability.
7def290697853aa29553f64be36b153e6a61f20c1e3faa6cdc4d1064a5f9eb71