Red Hat Security Advisory 2018-1225-01 - Librelp is an easy-to-use library for the Reliable Event Logging Protocol protocol. RELP is a general-purpose, extensible logging protocol. Issues addressed include a buffer overflow vulnerability.
1d70e77c17e16d48b5238d2141e5a149e0f2474621a26761041a4e0331511f99
Quixplorer version 2.1 Beta suffers from a cross site scripting vulnerability.
8dfa2fb8fa4f0779d83d51b898bf52ee631acc99cc012faf09e50194adcf2557
This Microsoft bulletin summary provides guidance to mitigate speculative execution side-channel vulnerabilities.
ea8560e8fde6886666127d50bf54c9aee2f62b560b240b4d88c7a8a975a3d3d4
gif2apng version 1.9 .gif stack buffer overflow exploit.
8e1abeb43166ce5d0a4f2a149fe8523066a6f11087c0c76ec8deebda9e5e6c49
Ericsson-LG iPECS NMS version A.1Ac suffers from a cleartext credential disclosure vulnerabilities.
02081288fc648eaaeeb274610aae7b09cfe7d719772c0e4c4636a43414f88188
nterspire Email Marketer versions prior to 6.1.6 suffer from a remote administrative authentication bypass vulnerability.
a5db3eb4e74afa8c20ae63f5607245d703f01f23a16579068c63d26a035d3647
Red Hat Security Advisory 2018-1223-01 - Librelp is an easy-to-use library for the Reliable Event Logging Protocol protocol. RELP is a general-purpose, extensible logging protocol. Issues addressed include a buffer overflow vulnerability.
bad40f1069556c46ee31c795a38680bc48875b8a9f3da2347e66b8be78979765
Monstra CMS version 3.0.4 suffers from an arbitrary folder deletion vulnerability.
e84ce0123a3343cda6034f2f7b0c6e111449fdaa05af925027ce175111568638
Red Hat Security Advisory 2018-1216-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.
787f01f91487f70fd1cfbbd12d529c0ecb62490cb61b99d73bf7be4a1b33cce5
Open-AudIT version 2.1 suffers from a CSV macro injection vulnerability.
d1a45b9038f5a4edf08c69f278d3302c4a424d66f7a6932706adcf09f45fc4b3
44 bytes small Linux/x86 execve /bin/sh encoded shellcode using ROT-13 + RShift-2 + XOR.
03a85af339f403d606be6acd748ccfd76016c2294871b5e9a2d3e0cc921a660c
Debian Linux Security Advisory 4179-1 - This update doesn't fix a vulnerability in linux-tools, but provides support for building Linux kernel modules with the "retpoline" mitigation for CVE-2017-5715 (Spectre variant 2).
e29587414760c63eeb7cf858b2e6b01daa6dc707328f9c69d310f296e1f5a324
Whitepaper that shows how easy you can build a fuzzer for the MQTT protocol by using the Polymorph framework.
08c5ab2ad5f854437afe7515216244845ac796c7dae4ab83db7966b2c5810898
Red Hat Security Advisory 2018-1224-01 - PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distribution, cross-architecture API. Issues addressed include a bypass vulnerability.
bad710e17201049c5319f02471a51b4c1cb154a5e6001c710ddad4784dd532bf
Allok Video to DVD Burner version 2.6.1217 suffers from a buffer overflow vulnerability.
8901ee721d781e1fd0a856549d7129ba2ac82247d4649a08ad4868f126920ae9
WordPress Woo Import Export plugin version 1.0 suffers from an arbitrary file deletion vulnerability.
415d9978fdf0f28a062fa30021e625eaa7abb1680f6ca29af05bc9eb3d49434d
Easy File Sharing Web Server version 7.2 UserID remote buffer overflow exploit with DEP bypass.
4921ef9c36be40af22b9321dd08429c158a520e6f64cea812a68495053776355
VLC Media Player/Kodi/PopcornTime versions prior to 2.2.5 Red Chimera memory corruption proof of concept exploit.
073a715dedfca9fc8d37477886c92074525cfc2bbaa16ec36747c4c85515e2ac
This paper documents a minor but somewhat easy way to compromise air gapped systems that share a kvm.
6294f7c7ccaeb2b6e4ec63378230b7fa7a831884b254b64da4282f5734847e6c
Zyxel ZyWALL ZLD versions 4.30 and below suffer from a cross site scripting vulnerability.
70cc9aaccabd73574249df6071fa934b5a0458febf8117a3a9555126bb2a51d1
WSO2 Identity Sever version 5.3.0 suffers from multiple persistent cross site scripting vulnerabilities.
4990846341d76b6fb9e53aeae7fb7c68f1253c3a015c256315cf5ff03976dd38
Red Hat Security Advisory 2018-1213-02 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Issues addressed include a bypass vulnerability.
1df1649f7680fb00e771e7c01cd1480e5c94068d2c416d51b43ef7b2c6a5ba1c
Ubuntu Security Notice 3633-1 - Jann Horn discovered that the Berkeley Packet Filter implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
d3de2ae1cc871a46858dde71234bd3509254083fcd27c016ea8f204362973d8e
Ubuntu Security Notice 3632-1 - It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service in the host OS. Various other issues were also addressed.
f8553fc2b1fbe9a47e2b4b2ce0f11da61f2c04cd45e5a0719d72c05c601fef36
Ubuntu Security Notice 3631-2 - USN-3631-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a buffer overread vulnerability existed in the keyring subsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information. Various other issues were also addressed.
8c11dde9cfc9285201a93a634d7dc7a7c852023b641bd9ef89d596e787a65db5