The ZeroNights 2019 Call For Papers has been announced. It will be held in Saint-Petersburg, Russia November 12th through the 13th, 2019.
f92f44b00e3803c85b3c8c0764b6b5bd
One Identity Defender version 5.9.3 suffers from an insecure cryptographic storage vulnerability.
8468fed0a43e9e49979ae592bcf56b4d
Totaljs CMS version 12.0 suffers from a broken access control on an API call.
1174a2d9a236e5d9d48612db561d2db1
Totaljs CMS version 12.0 suffers from an authenticated code injection vulnerability during widget creation.
5a2beed48db8d3b90204e1dc4c6cc04d
WordPress Portrait-Archiv.com Photostore plugin version 5.0.4 suffers from a cross site scripting vulnerability.
757f93a2b8eac55efc4c8eba36c42744
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
356cbbdc77fb60ea96b50927743f53b1
Totaljs CMS version 12.0 mints an insecure cookie that can be used to crack the administrator password.
0a2cad24207433d59726009fe65b6983
Totaljs CMS version 12.0 suffers from a path traversal vulnerability.
dbe07b4aa6634e2d9dc4eaab18f61c18
FileThingie version 2.5.7 suffers from a remote shell upload vulnerability.
6d9ec5722ce5ba1f24346ee0dacfcb96
Ubuntu Security Notice 4120-1 - It was discovered that the systemd-resolved D-Bus interface did not enforce appropriate access controls. A local unprivileged user could exploit this to modify a system's DNS resolver settings.
7234aab1bef208f524e07f03bf6b1160
Ubuntu Security Notice 4121-1 - Stefan Metzmacher discovered that the Samba SMB server did not properly prevent clients from escaping outside the share root directory in some situations. An attacker could use this to gain access to files outside of the Samba share, where allowed by the permissions of the underlying filesystem.
4b05b9c5a19a953a70914e515056f3d5
Red Hat Security Advisory 2019-2600-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a buffer overflow vulnerability.
3d07240914815e2d5c01fb25c1d429c3
Red Hat Security Advisory 2019-2606-01 - The K Desktop Environment is a graphical desktop environment for the X Window System. The kdelibs packages include core libraries for the K Desktop Environment. Issues addressed include a code execution vulnerability.
c0fd7cd4644ee70416a85a3645541475
Red Hat Security Advisory 2019-2607-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include a null pointer vulnerability.
78fd21a1c64f7c0113f47359f7fdd274
Red Hat Security Advisory 2019-2609-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a buffer overflow vulnerability.
1cc605fbcb01058812c65af759304ec7
Red Hat Security Advisory 2019-2622-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. Issues addressed include an exception leak.
e27d4d0c22c0013944c61cad1289ae18
Red Hat Security Advisory 2019-2628-01 - Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log. Issues addressed include a buffer overflow vulnerability.
3e77c914415d27054a35d8c2b0577763
Red Hat Security Advisory 2019-2631-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. Issues addressed include an exception leak.
e63d362567cb7a755ab3a486ab4d4265
Red Hat Security Advisory 2019-2630-01 - Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log. Issues addressed include a buffer overflow vulnerability.
580db8777e011d94db6d7e4f8db544c6
Ubuntu Security Notice 4119-1 - It was discovered that Irssi incorrectly handled certain CAP requests. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
7a79170187a645785673ca67cf0aae67
Red Hat Security Advisory 2019-2621-01 - Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log. Issues addressed include a buffer overflow vulnerability.
1240bf11a98d6fc23143440f3d5893f2
Ubuntu Security Notice 4118-1 - It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. Various other issues were also addressed.
606239d761ad7f615ccb6ead5cc82c96
Microsoft Outlook Web Access version 14.3.224.2 remote host header injection exploit.
738d54f00f2797e0ac5db6ac6d2d1ef7
Cisco IronPort C350 remote host header injection exploit.
5d3d449bc480bc3b9513a64b866d4390
Cisco Email Security Virtual Appliance C370 IronPort remote host header injection exploit.
250531d59b2fbec5011f1896e26b6647