Ubuntu Security Notice 3569-1 - It was discovered that libvorbis incorrectly handled certain sound files. An attacker could possibly use this to execute arbitrary code. It was discovered that libvorbis incorrectly handled certain sound files. An attacker could use this to cause a denial of service.
7637d44087725a3233537de489217a990a2f1060c897ef61c57f51e0fb5a5d60Compass Security discovered a design weakness in Microsoft Intune's app protection. This weakness allows a malicious user that gets hold of an employee's iOS device to access company data even without knowing the app PIN.
9eb901ef1974be004d63aa35bd969efac3bd77a0a761e1cbabb90340bf37e26cRed Hat Security Advisory 2018-0316-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. Security Fix: An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak.
e1cc28df9a26e3301163ec3e56fda9d23a4ab581b5e20d04a73374952885c150Red Hat Security Advisory 2018-0314-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. Security Fix: By rebuilding an instance using a new image, an authenticated user may be able to circumvent the Filter Scheduler, bypassing imposed filters.
d2148ee0af832b65143d3303d49c8448eed122707a31ce971c68a256bc243920This Microsoft bulletin summary holds additional information regarding Microsoft security advisory ADV180002.
795066723e2bd1bf4719632777fd082a7f6f5761ffcf3500d8d52391048e1f9aDell EMC VMAX Virtual Appliance (vApp) Manager suffers from file upload and hardcoded password vulnerabilities. Affected includes Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.18, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.21, Dell EMC VASA Virtual Appliance versions prior to 8.4.0.514, and Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier).
b67e73ba361780e5a95761dac19951d3508d6b73386b185134e50c10e7ed146eThis Microsoft bulletin summary holds information regarding Microsoft security updates for February 13, 2018.
26cad5e97d7ec8fb96db990d1fa06d174708753ec5a721ebd79b253c96d08601Red Hat Security Advisory 2018-0315-01 - openstack-aodh provides the ability to trigger actions based on defined rules against metric or event data collected by OpenStack Telemetry or Time-Series-Database-as-a-Service. openstack-aodh has been rebased to the upstream 4.0.2-3 version. Security Fix: A verification flaw was found in openstack-aodh. As part of an HTTP alarm action, a user could pass in a trust ID. However, the trust could be from anyone because it was not verified. Because the trust was then used by openstack-aodh to obtain a keystone token for the alarm action, a malicious user could pass in another person's trust ID and obtain a keystone token containing the delegated authority of that user.
7039101b6915bf3c41b7aeb8cf08eac9bad2aef2238c96db165daf070b84f2fcRed Hat Security Advisory 2018-0303-01 - Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Security Fix: An erlang TLS server configured with cipher suites using RSA key exchange, may be vulnerable to an Adaptive Chosen Ciphertext attack against RSA. This may result in plain-text recovery of encrypted messages and/or a man-in-the-middle attack, despite the attacker not having gained access to the serveras private key itself.
bf64648688c5cc77e5c976bff6f7a5dc3e51d89818d6d8d52670e04aaeba0d0aMicro Focus Security Bulletin MFSBGN03800 1 - A potential vulnerability has been identified in Micro Focus Performance Center. The vulnerability could be exploited to Remote Arbitrary File Modification or Remote Arbitrary Code Execution. Revision 1 of this advisory.
99104f1ddfae6234ae0e977e713869ea89100014039bd064e82cabb131d1784cRed Hat Security Advisory 2018-0299-01 - collectd is a small C-language daemon, which reads various system metrics periodically and updates RRD files. Because the daemon does not start up each time it updates files, it has a low system footprint. Security Fix: A double-free vulnerability was found in the csnmp_read_table function in the SNMP plugin of collectd. A network-based attacker could exploit this by sending malformed data, causing collectd to crash or possibly other impact.
c0229ddfb0d3bf536f8958e1b3158596e4ca0a34bd41110811624e39a6f6fa64Whitepaper called From APK to Golden Ticket.
a1249e0b74a266b510254ebea110ed1332a92f740722f6a7a1e7057ebe872032TypeSetter CMS version 5.1 suffers from a host header injection vulnerability.
5ddf7bb4059237ee85076bdaa41db7a28052f263b065e894cd031ed97d137a23News Website Script version 2.0.4 suffers from a remote SQL injection vulnerability.
92af168d259661fb20c9fcf1c6b53349bce0aea3a8f3be7c394bb588e10317b3dotCMS versions prior to 4.1.1 suffer from remote SQL injection vulnerabilities.
2ef6211acd43254ff086ea4b5c0fc2e1e58d4c393813f4848d7027c88d8aaacd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed