Slackware Security Advisory - New kernel packages are available for Slackware 14.2 to mitigate the speculative side channel attack known as Spectre variant 2.
cec4318e6170cf890d70887ea261d7b817e29df36602bfbfb364e75cb35456bbKaspersky Secure Mail Gateway version 1.1.0.379 suffers from code execution and cross site request forgery vulnerabilities.
1b0dff497ed1d448eeffc8af638a0c8fcc1b7926b370e7184cbf5c1126f956f6WINCVS 2009R2 suffers from a dll hijacking vulnerability.
8f24b2af32b71ac5cad26d01ac20c481556848daf3e3aafa9f3ff1d2ac88d55aThe keystore binder service ("android.security.IKeystoreService") allows users to issue several commands related to key management, including adding, removing, exporting and generating cryptographic keys. The service is accessible to many SELinux contexts, including application contexts, but also unprivileged daemons such as "media.codec". A permission bypass vulnerability exists in the KeyStore service due to getpidcon.
6ed0443148f7bc7399d221b938f4d9d513e62f7eb29fc37ea0cebb2f098bfa44Ubuntu Security Notice 3558-1 - Karim Hossen and Thomas Imbert and Nelson William Gamazo Sanchez independently discovered that systemd-resolved incorrectly handled certain DNS responses. A remote attacker could possibly use this issue to cause systemd to temporarily stop responding, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. It was discovered that systemd incorrectly handled automounted volumes. A local attacker could possibly use this issue to cause applications to hang, resulting in a denial of service. Various other issues were also addressed.
40ed4bd213d015adbf8700ceb28be23886b7e4626e9bc4280f7438442773262bUbuntu Security Notice 3550-2 - USN-3550-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that ClamAV incorrectly handled parsing certain mail messages. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
5918cb04624e965f38645c52470749fb78cd680dfe835943d724453aaf530d4eRed Hat Security Advisory 2018-0279-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a later upstream version: rh-mariadb100-mariadb. Security Fix: A flaw was found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use this flaw to escalate their privileges to root.
a10d4430b1563b65dc84a124006aca5c1d2734452706c7bcb08d3153a5a71b6dThe Grammarly chrome extension (approximately ~20M users) exposes it's auth tokens to all websites, therefore any website can login to grammarly.com as you and access all your documents, history, logs, and all other data.
38a9c89eebeb3e6644a94f0e937ee633297f223f24e55bd0ad56fef9c72d79e0Joomla! Zh GoogleMap component version 8.4.0.0 suffers from a remote SQL injection vulnerability.
156a0f30432833d2d13808081a86b78538af7bbfeedc0b3b7593d9f2505b4ec1Joomla! Zh YandexMap component version 6.2.1.0 suffers from a remote SQL injection vulnerability.
3d5a35cd6aab360d7b470fbb1dd739a5d2476b6bacee591c07a9a2da01a8b343Joomla! Zh BaiduMap component version 3.0.0.1 suffers from a remote SQL injection vulnerability.
a00f36cdfaab918e95944d358ef0516fd1d2d32dbdaaa1d255ce39aed539bf35Joomla! JSP Tickets component version 1.1 suffers from a remote SQL injection vulnerability.
6a7cf1d3a183c2f24dac40f52aaba18889b6f68de25ac61ebe7c7b16f2084a79WordPress load-scripts.php denial of service exploit.
4ff182338afde73dcc6721be907a2609bb13e9d8d91a21ef22853cc21b636785The Wall of Sheep would like to announce a call for presentations at DEF CON 26 at the Caesars Palace in Las Vegas, NV from Thursday, August 9th to Sunday, August 12th, 2018.
2030babf1e02f845127878477c4e58685b1612241b63eaa61139c1447eb61b0aEuskalHack Security Congress Third Edition is a new proposal from the EuskalHack Computer Security Association, with the aim to promote the community growth and the culture in the digital security field. As usual, in this new edition proximity to our public and technical quality will be our hallmarks. This exclusive conference is shaping up as the most relevant in Basque Country, with an estimated 180 attendees for this third edition. The participants include specialized companies, state security organizations, professionals, hobbyists and students in the area of security and Information Technology. This conference will be held June 22nd and 23rd, 2018 in Donostia, San Sebastian.
8ad7941f17ed9f8d6b63bfec3eff21a1f1284e0e24cce27188de1aeb55ab701c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed