Apple Security Advisory 2018-7-23-2 - 2018-003 Sierra, Security Update 2018-003 El Capitan addresses buffer overflow, code execution, denial of service, and information leakage vulnerabilities.
40ab18846fd839375f4ed6a0867906b19120c108c6f84988f596010072b08773Apple Security Advisory 2018-7-23-1 - Security Update 2018-004 El Capitan addresses information leakage vulnerabilities.
8d5d4a0cf1bafff8ea22afa6dccb87b30ebb52e9ca81c76f5d2098f4f3efd6fcRed Hat Security Advisory 2018-2242-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an insufficient validation vulnerability.
25a8fd427b7fef8d5f6dd969c318abb05dff5515f61f7e5987e80f54d6069f16Gentoo Linux Security Advisory 201807-2 - Multiple vulnerabilities have been found in Passenger, the worst of which could result in the execution of arbitrary code. Versions less than 5.3.2 are affected.
483dd30a5ffe44e609e9e2685f457648ca98e8ec5baef6bf3fe2722dabeb81b7Ubuntu Security Notice 3718-2 - USN-3695-2 fixed vulnerabilities in the Linux Hardware Enablement Kernel kernel for Ubuntu 16.04 LTS. Unfortunately, the fix for CVE-2018-1108 introduced a regression where insufficient early entropy prevented services from starting, leading in some situations to a failure to boot, This update addresses the issue. Various other issues were also addressed.
7352a11c02a1bd3ca1dde166137417760b084a8e80b91bc68a912cda66fc39c8Ubuntu Security Notice 3718-1 - USN-3695-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. Unfortunately, the fix for CVE-2018-1108 introduced a regression where insufficient early entropy prevented services from starting, leading in some situations to a failure to boot, This update addresses the issue. Various other issues were also addressed.
8b5aff682a7fe0dc91801054a3fa777ee05cd873429b047eb282b97fc691e598Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
809fb62e16627153ccfb4caf2917e57addd3114952d7c9346a9909bb06edc666Ubuntu Security Notice 3720-1 - It was discovered that python-cryptography incorrectly handled certain inputs. An attacker could possibly use this to get access to sensitive information.
d8b44664302f10984ac85d8e97b0556cc9e634645ffdba8f2bb2f87b340bb898Ubuntu Security Notice 3719-2 - USN-3719-1 fixed a vulnerability in Mutt. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this to execute arbitrary code. Various other issues were also addressed.
9a28d624f2e96faa3ee17d41d9b77c77dad8d3a0ee8208365120742a6294b0ccWhitepaper called File Upload Restrictions Bypass.
ecdc7e311c189addfccc427be028ffc44cae8e359d45a96d8cb873b10efe1626Red Hat Security Advisory 2018-2241-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include insufficient validation.
bc692a1a8f111e5b455543226f90d96c145a91e355c72ddbcb69faff11c3df3aUbuntu Security Notice 3719-1 - It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this to execute arbitrary code. It was discovered that Mutt incorrectly handled certain inputs. An attacker could possibly use this to access or expose sensitive information. Various other issues were also addressed.
60424cdb2741db11e3df3f89cb3530be6b1c868901345d560877b2a2b2064626Windows Speech Recognition version 4.0.4.2512 suffers from a buffer overflow vulnerability.
c7dc05427b041d97547d77a5672cded71da1622b321a1da3659df4e8e2cfb279Whitepaper called Protecting Apps Against Jailbreaking And Rooting. Written in Arabic.
a8328bd85768b6fd09641ed177fbcc166a7c93147dd6e340ecd03511dc10b4d1Linksys.com suffers from a cross site scripting vulnerability.
277fce00d69a11ebe93c5dbe29b716a34e3d3c0b6bc82d5e1e02f2178b4090cbSplinterware System Scheduler Pro version 5.12 suffers from a buffer overflow vulnerability.
8d4d5274d57e6b6e2ac18d146600988c5a911438495615b4a0bfbe69a602d3edZoho ManageEngine version 13 (13790 build) suffers from file read, file deletion, and cross site scripting vulnerabilities.
7e104ae844204dc955d15a1c23019f6b920c3cdeab666aaef62446efa56ed789WordPress LimoLabs plugin version 1.0.0 suffers from a remote password disclosure vulnerability.
c40690f5e335f45bc0805e208c82b793e9896cc0d72026902b51b0c076eaf08aPDFunite version 0.62.0 suffers from a buffer overflow vulnerability.
0d1b333f27e5cc595bc145ae16d2aeeef3d68dc3a5b3572a16b60b337215a2d9SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.
6c4cbc42cd7fb023fed75b82a436d8c1c4beaeb317a2ef41c00403684e0885ddMicrosoft's dnslint.exe tool does not verify domain names when parsing DNS text-files using the "/ql" switch making it prone to forced drive-by downloads, providing an end user is tricked into using a server text-file containing a script/binary reference instead of a normally expected domain name.
960a25eea990a9902d14efab4e3a34f0474b74b37170712fc6197db3c937a15eSecunia Research has discovered multiple vulnerabilities in Oracle Outside In Technology, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service). An error in the vsxl5.dll when processing GelFrame objects can be exploited to cause a out-of-bounds read memory access. An integer underflow error in the vsxl5.dll can be exploited to cause an out-of-bounds read memory access. An error when processing "Body" element of HTML file can be exploited to cause a null pointer dereference. An error within the "readChartStyles()" function (vswk6.dll) can be exploited to cause a null pointer dereference. An error in the vswk6.dll can be exploited to cause an out-of-bounds read memory access. An error within the "readChartStyles()" function (vswk6.dll) can be exploited to trigger an infinite loop. An error within the vswk6.dll can be exploited to disclose uninitialized memory or cause a crash. Another error within the vswk6.dll can be exploited to disclose uninitialized memory or cause a crash. Another error within the vswk6.dll can be exploited to disclose uninitialized memory or cause a crash. Another error within the vswk6.dll can be exploited to disclose uninitialized memory or cause a crash. The vulnerabilities are confirmed in version 8.5.3. Other versions may also be affected.
473015367ef0eea0a25f5af5e93b268a8c2b94f4c278fb37d6fab71b2071ad79Secunia Research has discovered multiple vulnerabilities in Oracle Outside In Technology, which can be exploited by malicious people to compromise a vulnerable system. An error within the "VwStreamRead()" function (vsdrw.dll) can be exploited to cause a heap-based buffer overflow. A boundary error in the vsxl5.dll can be exploited to cause a heap-based buffer overflow. Another boundary error in the vsxl5.dll can be exploited to cause a heap-based buffer overflow. An integer underflow error within the "VwStreamOpen()" function (vswk6.dll) can be exploited to cause an out-of-bounds write memory access. The vulnerabilities are confirmed in version 8.5.3. Other versions may also be affected.
6083d4b0f7e6c245ac2afcefff040394406e2fbaf871dd15e639d6e22aa2d867Secunia Research has discovered a vulnerability in LibRaw, which can be exploited by malicious people to cause a DoS (Denial of Service). An error within the "parse_minolta()" function (dcraw/dcraw.c) can be exploited to trigger an infinite loop via a specially crafted file. The vulnerability is confirmed in version 0.18.10. Prior versions may also be affected.
bcd48fc6eb4e40963e7ce2ee323443dc05561563d89e833840cc165dc0babb83Secunia Research has discovered multiple vulnerabilities in LibRaw, which can be exploited by malicious people to cause a DoS (Denial of Service). An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file. An integer overflow error within the "identify()" function (internal/dcraw_common.cpp) can be exploited to trigger a division by zero via specially crafted NOKIARAW file. The vulnerabilities are confirmed in version 0.18.11. Prior versions may also be affected.
4613e82ee83759da6d65852d98e41add198de465ce0b423e487854f90211db04
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed