The ZeroNights 2019 Call For Papers has been announced. It will be held in Saint-Petersburg, Russia November 12th through the 13th, 2019.
af2c83c5c7172588650ad2baca14249cbe1d7004b12a19169a652bb1ef5e5720One Identity Defender version 5.9.3 suffers from an insecure cryptographic storage vulnerability.
9bb141d528570df3943c8ddfc6a63680c19bb6c1237f2e20c977ef5160ca426dTotaljs CMS version 12.0 suffers from a broken access control on an API call.
fdf156b531b1d3da98ee95bbd5364b284446474608142fd65919a9598d6d86a7Totaljs CMS version 12.0 suffers from an authenticated code injection vulnerability during widget creation.
e84a3b40aad34be56be0995eaa9961a7ed8b23cec1171398351a1e261546a2b6WordPress Portrait-Archiv.com Photostore plugin version 5.0.4 suffers from a cross site scripting vulnerability.
e2df683a37c9e917380fcfae1c64e51f9d4d40bf4ff0b4148abae1368864fc91The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
9bec9f41b429fe9f554092719127b710a379003641d17aeb01189eb51dcf3debTotaljs CMS version 12.0 mints an insecure cookie that can be used to crack the administrator password.
6df69239605e353638050aa0d99b6229a04afd43b2e3d8b39f3f681e5e2d1305Totaljs CMS version 12.0 suffers from a path traversal vulnerability.
9b5f7333d390a6dfbc2864452ec1c372bb2acd344d08dc82ae02bfc49c40aae5FileThingie version 2.5.7 suffers from a remote shell upload vulnerability.
aae960486af85882de11fa5806bb54d18154a4ffe010539eb31f70fb9650558fUbuntu Security Notice 4120-1 - It was discovered that the systemd-resolved D-Bus interface did not enforce appropriate access controls. A local unprivileged user could exploit this to modify a system's DNS resolver settings.
c86f578cb209c9dd585d96bb0fc7af8226aa79a63c36f9a84d3f1e26a081c040Ubuntu Security Notice 4121-1 - Stefan Metzmacher discovered that the Samba SMB server did not properly prevent clients from escaping outside the share root directory in some situations. An attacker could use this to gain access to files outside of the Samba share, where allowed by the permissions of the underlying filesystem.
1367c76bd694c824968013e80840ec4423f8c145a8687f47480c0f08138b555dRed Hat Security Advisory 2019-2600-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a buffer overflow vulnerability.
a1c1aecbf9dcc5c9530c098a822b5f85a70020531244b0e148c3e99138917e2eRed Hat Security Advisory 2019-2606-01 - The K Desktop Environment is a graphical desktop environment for the X Window System. The kdelibs packages include core libraries for the K Desktop Environment. Issues addressed include a code execution vulnerability.
02b63b8a2f7fb8a8aad16a025ce384a5871d50f08e63d4bc9589b940af7f2df9Red Hat Security Advisory 2019-2607-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include a null pointer vulnerability.
3b7318010bd2f9c32d82e1e5ab546e84395552a828afcca099adc00d3e9036f5Red Hat Security Advisory 2019-2609-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a buffer overflow vulnerability.
41606b2d3b0d107064d793ba6ec7fc2f5c1fd026af72002f13b849c32000714bRed Hat Security Advisory 2019-2622-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. Issues addressed include an exception leak.
4af42562dba77f7bcdbe1e7e6df56f1d25665424b7d3a21813ac16f7a7a3f0d3Red Hat Security Advisory 2019-2628-01 - Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log. Issues addressed include a buffer overflow vulnerability.
106b1f1b5e56f5698a42594260a21f70b42ea234ffb8221bb183f78969c74396Red Hat Security Advisory 2019-2631-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. Issues addressed include an exception leak.
0874933e6667ea1a22b92eae657624c759b17062369a36bf01c00aa1f70fbd17Red Hat Security Advisory 2019-2630-01 - Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log. Issues addressed include a buffer overflow vulnerability.
622a6ee42399aa8c9113df81ba4a22f49cf8aca260f06ca6cc599516f5e9871fUbuntu Security Notice 4119-1 - It was discovered that Irssi incorrectly handled certain CAP requests. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
61003b4454ac65afee62a78a0371c61147fe6641339aa401d1988120b16a1474Red Hat Security Advisory 2019-2621-01 - Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log. Issues addressed include a buffer overflow vulnerability.
9eb568a780b889c7e7d3bc91f1456a926fbecbd04250250e2a87fb8a4cbc82fcUbuntu Security Notice 4118-1 - It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. Various other issues were also addressed.
4f908bb81d9ebb9dd129fad885aa16a8ad89f97c5c09adc998aefff895ea8268Microsoft Outlook Web Access version 14.3.224.2 remote host header injection exploit.
2a045a798379ed94af70c8ea6473d9a34de7eb79dd2b3dbfe41c7f40f2643fb1Cisco IronPort C350 remote host header injection exploit.
46aa6ec3a6ceb2fb7831a82b780d522b93acdd23c01e01fdc83b7da4ec5aefa9Cisco Email Security Virtual Appliance C370 IronPort remote host header injection exploit.
36b762978c34e1f16ed9d93334f8184be045b42ea6fd1fe3f627d000b31db178
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed