Red Hat Security Advisory 2018-1997-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a bypass vulnerability.
6162841f8e56c68ab1cd4a6e5e2c440ec5e1f1a6e1a097e3a506319255f56ba4
Red Hat Security Advisory 2018-1965-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.
5625c726ca93dddc4f128e9505cbafd6e9a86b185e28f9e42a9db805ce8d6b15
Red Hat Security Advisory 2018-2003-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a bypass vulnerability.
3df03071d93422612d584b49a3fca361b78a54a69d4c0611dccd3bc4ede47b6e
Red Hat Security Advisory 2018-1979-01 - The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System. Issues addressed include a mishandled ACL configuration.
646ec53ff9052049e7f708ecd146f3966e311e18f1a173d05e21b532e225ec05
Red Hat Security Advisory 2018-2020-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. It includes bug fixes and enhancements, which are documented in the readme.txt file included with the patch files. Issues addressed include a file disclosure vulnerability.
134d8a5b2ddc7d417cababde0f0cac534b88c2372bb7e3c04258d447a81ea2bc
Red Hat Security Advisory 2018-2006-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a bypass vulnerability.
ca891c305b74f2203c8a71e33c2d143de883f420e647176863e7bde00ec4f911
Red Hat Security Advisory 2018-1967-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include a bypass vulnerability.
1f84086fb9dc926e9c6cbd7c89e97e3af1970709e492833edac35dbf5eb38a12
This Metasploit module exploits a command injection vulnerability in Quest KACE Systems Management Appliance version 8.0.318 (and possibly prior). The download_agent_installer.php file allows unauthenticated users to execute arbitrary commands as the web server user www. A valid Organization ID is required. The default value is 1. A valid Windows agent version number must also be provided. If file sharing is enabled, the agent versions are available within the \\kace.local\client\agent_provisioning\windows_platform Samba share. Additionally, various agent versions are listed on the KACE website. This Metasploit module has been tested successfully on Quest KACE Systems Management Appliance K1000 version 8.0 (Build 8.0.318).
0dbef74980c65246fdf8019f7b0a27a24a0c3431c8e7e457609a060b5a8fdf8d
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
9119ed3c11ecd8c470369c6242cc9620d6573fc301d66455a5689c613c31563d
Ubuntu Security Notice 3692-1 - Keegan Ryan discovered that OpenSSL incorrectly handled ECDSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. Guido Vranken discovered that OpenSSL incorrectly handled very large prime values during a key agreement. A remote attacker could possibly use this issue to consume resources, leading to a denial of service. Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia discovered that OpenSSL incorrectly handled RSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private RSA keys. Various other issues were also addressed.
64a55400d3928d560eed60fa189b3f16e104aacf734c115775b42e7ec6f162c5
HP Enterprise VAN SDN Controller version 2.7.18.0503 suffers from an unauthenticated remote root vulnerability. A hard-coded service token can be used to bypass authentication. Built-in functionality can be exploited to deploy and execute a malicious deb file containing a backdoor. A weak sudoers configuration can then be abused to escalate privileges to root. A second issue can be used to deny use of the appliance by continually rebooting it.
ca4e710786607c8db2b5551765fad05ea1626ff8a4bd00aa2997feded7590990
Polaris Office 2017 version 8.1 allows attackers to execute arbitrary code via a trojan horse "puiframeworkproresenu.dll" file in the current working directory, due to a search order flaw vulnerability.
988220d8a0264edc45ec0aa0ac0b56815a4ed2982e90beeed521161d2f094034
Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
04707f60cb28318bfb4aea0286bc9cf7aec27ce846234a72d84ec3b06a64c963
Ubuntu Security Notice 3692-2 - USN-3692-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for Ubuntu 12.04 ESM. Keegan Ryan discovered that OpenSSL incorrectly handled ECDSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. Various other issues were also addressed.
c9a4413cce1293192cef94ae1323f4ac3f80a693b84d4dd16582f330058c726d
Liferay Portal versions prior to 7.0.4 suffer from a server-side request forgery vulnerability.
9cd4a09a6913c2e09ea065cb580a2524d7a76aafcb6212597452862aa04d2d5b
PoDoFo version 0.9.5 suffers from a buffer overflow vulnerability.
d30e9bc2b87c725a0e7297e704ac0cfafb3e95d40de7cdeddb1838c6af802081
Microsoft Internet Explorer HTML Help Control version 4.74 local zone bypass exploit. Proof of concept code for an ancient vulnerability.
7901eefcb2e2143481c3b0627e4f0d79c45b046af2b80d84196dc6c15a0701af
GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.
89ae585973d5671dd7de7fce250978f6d6663739a8d09d6a194984018abf6165
Ecessa ShieldLink SL175EHQ version 10.7.4 suffers from an add superuser cross site request forgery vulnerability.
5cc4b074d5af1b150d7925eb5d77aa54a0146fc3c23b9644b4d72c74d23cc8aa
Ecessa WANWorx WVR-30 version 10.7.4 suffers from an add superuser cross site request forgery vulnerability.
62c07f7b254f3a6ce8a21457ddf801f96a6c3d50e43e8a0558fc0ffaeca24c4d
Ecessa Edge EV150 version 10.7.4 suffers from an add superuser cross site request forgery vulnerability.
4f74f98f4865e02f46d175bb9446106924075340a1808f6f2da019f58f0929a2
Red Hat Security Advisory 2018-1975-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP15. Issues addressed include a deserialization vulnerability.
8195fccd479514f27690fbfaf526994432154f6f8c773640850c17eae2361e26
Debian Linux Security Advisory 4234-1 - Two vulnerabilities were discovered in LAVA, a continuous integration system for deploying operating systems for running tests, which could result in information disclosure of files readable by the lavaserver system user or the execution of arbitrary code via a XMLRPC call.
4b36bb80b9eff7fda1252931c9c7609bbbf15d6d56fbd6dcf6993945219b4394
Digisol DG-BR4000NG suffers from a cross site scripting vulnerability.
403454afe70a151672a21b8cb3a9e4bf518534299f9b53c0bfd09f55fe0d1c54
Intex Router N-150 suffers from an add admin cross site request forgery vulnerability.
0cddaf5d95a9539a3cdef00fd49c5f4a82243e1b5830ec1c557016a7f9f09470