Ubuntu Security Notice 4940-1 - It was discovered that PyYAML incorrectly handled untrusted YAML files with the FullLoader loader. A remote attacker could possibly use this issue to execute arbitrary code.
26cf20568e9046c31cde4f52b3870ffa8d590f4ecc4378cfff3a9ec384cb0f1c
Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.
f8c7b46222a857168a754a5cc329bb780504122b270018dda5304c98db28ae29
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
9de744fe0e51a03d42fa85e4b83340948baeaa7080427f90b0efd23e9106fece
The javascript terminal emulator used by AWS CloudShell handles certain terminal escape codes incorrectly. This can lead to remote code execution if attacker controlled data is displayed in a CloudShell instance.
f02320214893002ab2b97694c08e9e2330bbb20f2f2bada5f83933c577f951ef
Ubuntu Security Notice 4939-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
9808bdce300a9783018e8b90afd7130708b041ed1c748ae8fe4bb4d22a224efa
OpenNetAdmin versions 8.5.14 through 18.1.1 remote command execution exploit written in Ruby. This exploit was based on the original discovery of the issue by mattpascoe.
b82e6c61d40806f2604b1313677e7f7e64221c2886c94d83d210370a8aca9611
Human Resource Information System version 0.1 suffers from a persistent cross site scripting vulnerability.
ddb51fb8202a76c1f1909c82abbb4a55bf1080b4054cf8017b7fc8cd8799f20a
Microweber CMS versions 1.1.20 and below suffer from a remote code execution vulnerability.
a612c495257e9218a10262196d355c948092ecce519d2e6039de49d57d829f69
MikroTik RouterOS version 6.46.5 suffers from an assertion failure and multiple memory corruption vulnerabilities.
a64685676fca951c82952a48568cc23b987ea04f6128ac9fa93f1d10f7bfbe11
Backdoor.Win32.Antilam.13.a malware suffers from a code execution vulnerability.
d4d9790804f4aaa936d0e8f8677daa344a863454976e162e25e3eaf7eb0f6d5f
29 bytes small Linux/x86 shellcode that performs setreuid to 0 and then executes /bin/sh.
e6a46129d157e756ab079a8bd8c0b4fb71e4329d98e97809fa092cf1d9ec5876
Backdoor.Win32.MotivFTP.12 malware suffers from bypass and code execution vulnerabilities.
c42130ba76914e5d9d1d36d47d46f373aa705da2515d9ebf4fc32b2b4d39382a
TFTP Broadband version 4.3.0.1465 suffers from an unquoted service path vulnerability.
fa82717b2a4daf6f38e42a5d6faf3c0f6245580019a66ac9a5b41dcddeb6e0c1