Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
c8d1d3b6ce3d2a56577fca224424071afd921739d3859efc8a62229556d4beefBisonWare BisonFTP Server version 3.5 is prone to an overflow condition. This Metasploit module exploits a buffer overflow vulnerability in said application.
ad92db3f8a0dd8f3d603187873cbcc879f069b52034b56d5481e2bd22b4892ddEMC Isilon OneFS is affected by a privilege escalation vulnerability that may potentially be exploited by attackers to compromise the affected system. Affected versions include EMC Isilon OneFS 7.2.1.0, 7.2.0.0 through 7.2.0.2, 7.1.1.0 through 7.1.1.4, and 7.1.0.x.
e2d777f280c8f4de1b10b38abc67618b8e6a0f1c6a21b29eb62ce8ab802369f6Slackware Security Advisory - New pcre packages are available for Slackware 14.1 and -current to fix security issues.
6b622a8497108bd0b45667aa432a5e68a79cc42f3e823428ac3c4c7d028c898eDebian Linux Security Advisory 3403-1 - This update backports changes from the commons-collections 3.2.2 release which disable the deserialisation of the functors classes unless the system property org.apache.commons.collections.enableUnsafeSerialization is set to 'true'. This fixes a vulnerability in unsafe applications deserialising objects from untrusted sources without sanitizing the InstantiateFactory, InstantiateTransformer, InvokerTransformer, PrototypeCloneFactory, PrototypeSerializationFactory and WhileClosure.
adb69be65adb4f0344cb7814e5ad87030f8cc2266e9ab7f0c44f39ba3b02bcb2Ubuntu Security Notice 2816-1 - Ryan Butterfield discovered that Django incorrectly handled the date template filter. A remote attacker could possibly use this issue to obtain secrets from application settings.
da595e8eace605909d52fec9182fe2ce928c8f4eeb05c274314802dfc91845e8Ubuntu Security Notice 2817-1 - It was discovered that IcedTea Web incorrectly handled applet URLs. A remote attacker could possibly use this issue to inject applets into the .appletTrustSettings configuration file and bypass user approval. Andrea Palazzo discovered that IcedTea Web incorrectly determined the origin of unsigned applets. A remote attacker could possibly use this issue to bypass user approval, or to trick the user into approving applet execution. Various other issues were also addressed.
0c95df3ba385830931e81928cf6357437d5124af42b0969aee880229cde673d0SAP Sybase Adaptive Server Enterprise suffers from an XXE injection vulnerability.
eefc985f29a3508ca13dea522b15ac3c29c4c59a97887c2cc3fc596ee310c5aa
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed