Apple Security Advisory 2018-7-23-2 - 2018-003 Sierra, Security Update 2018-003 El Capitan addresses buffer overflow, code execution, denial of service, and information leakage vulnerabilities.
40ab18846fd839375f4ed6a0867906b19120c108c6f84988f596010072b08773
Apple Security Advisory 2018-7-23-1 - Security Update 2018-004 El Capitan addresses information leakage vulnerabilities.
8d5d4a0cf1bafff8ea22afa6dccb87b30ebb52e9ca81c76f5d2098f4f3efd6fc
Red Hat Security Advisory 2018-2242-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an insufficient validation vulnerability.
25a8fd427b7fef8d5f6dd969c318abb05dff5515f61f7e5987e80f54d6069f16
Gentoo Linux Security Advisory 201807-2 - Multiple vulnerabilities have been found in Passenger, the worst of which could result in the execution of arbitrary code. Versions less than 5.3.2 are affected.
483dd30a5ffe44e609e9e2685f457648ca98e8ec5baef6bf3fe2722dabeb81b7
Ubuntu Security Notice 3718-2 - USN-3695-2 fixed vulnerabilities in the Linux Hardware Enablement Kernel kernel for Ubuntu 16.04 LTS. Unfortunately, the fix for CVE-2018-1108 introduced a regression where insufficient early entropy prevented services from starting, leading in some situations to a failure to boot, This update addresses the issue. Various other issues were also addressed.
7352a11c02a1bd3ca1dde166137417760b084a8e80b91bc68a912cda66fc39c8
Ubuntu Security Notice 3718-1 - USN-3695-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. Unfortunately, the fix for CVE-2018-1108 introduced a regression where insufficient early entropy prevented services from starting, leading in some situations to a failure to boot, This update addresses the issue. Various other issues were also addressed.
8b5aff682a7fe0dc91801054a3fa777ee05cd873429b047eb282b97fc691e598
Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
809fb62e16627153ccfb4caf2917e57addd3114952d7c9346a9909bb06edc666
Ubuntu Security Notice 3720-1 - It was discovered that python-cryptography incorrectly handled certain inputs. An attacker could possibly use this to get access to sensitive information.
d8b44664302f10984ac85d8e97b0556cc9e634645ffdba8f2bb2f87b340bb898
Ubuntu Security Notice 3719-2 - USN-3719-1 fixed a vulnerability in Mutt. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this to execute arbitrary code. Various other issues were also addressed.
9a28d624f2e96faa3ee17d41d9b77c77dad8d3a0ee8208365120742a6294b0cc
Whitepaper called File Upload Restrictions Bypass.
ecdc7e311c189addfccc427be028ffc44cae8e359d45a96d8cb873b10efe1626
Red Hat Security Advisory 2018-2241-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include insufficient validation.
bc692a1a8f111e5b455543226f90d96c145a91e355c72ddbcb69faff11c3df3a
Ubuntu Security Notice 3719-1 - It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this to execute arbitrary code. It was discovered that Mutt incorrectly handled certain inputs. An attacker could possibly use this to access or expose sensitive information. Various other issues were also addressed.
60424cdb2741db11e3df3f89cb3530be6b1c868901345d560877b2a2b2064626
Windows Speech Recognition version 4.0.4.2512 suffers from a buffer overflow vulnerability.
c7dc05427b041d97547d77a5672cded71da1622b321a1da3659df4e8e2cfb279
Whitepaper called Protecting Apps Against Jailbreaking And Rooting. Written in Arabic.
a8328bd85768b6fd09641ed177fbcc166a7c93147dd6e340ecd03511dc10b4d1
Linksys.com suffers from a cross site scripting vulnerability.
277fce00d69a11ebe93c5dbe29b716a34e3d3c0b6bc82d5e1e02f2178b4090cb
Splinterware System Scheduler Pro version 5.12 suffers from a buffer overflow vulnerability.
8d4d5274d57e6b6e2ac18d146600988c5a911438495615b4a0bfbe69a602d3ed
Zoho ManageEngine version 13 (13790 build) suffers from file read, file deletion, and cross site scripting vulnerabilities.
7e104ae844204dc955d15a1c23019f6b920c3cdeab666aaef62446efa56ed789
WordPress LimoLabs plugin version 1.0.0 suffers from a remote password disclosure vulnerability.
c40690f5e335f45bc0805e208c82b793e9896cc0d72026902b51b0c076eaf08a
PDFunite version 0.62.0 suffers from a buffer overflow vulnerability.
0d1b333f27e5cc595bc145ae16d2aeeef3d68dc3a5b3572a16b60b337215a2d9
SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.
6c4cbc42cd7fb023fed75b82a436d8c1c4beaeb317a2ef41c00403684e0885dd
Microsoft's dnslint.exe tool does not verify domain names when parsing DNS text-files using the "/ql" switch making it prone to forced drive-by downloads, providing an end user is tricked into using a server text-file containing a script/binary reference instead of a normally expected domain name.
960a25eea990a9902d14efab4e3a34f0474b74b37170712fc6197db3c937a15e
Secunia Research has discovered multiple vulnerabilities in Oracle Outside In Technology, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service). An error in the vsxl5.dll when processing GelFrame objects can be exploited to cause a out-of-bounds read memory access. An integer underflow error in the vsxl5.dll can be exploited to cause an out-of-bounds read memory access. An error when processing "Body" element of HTML file can be exploited to cause a null pointer dereference. An error within the "readChartStyles()" function (vswk6.dll) can be exploited to cause a null pointer dereference. An error in the vswk6.dll can be exploited to cause an out-of-bounds read memory access. An error within the "readChartStyles()" function (vswk6.dll) can be exploited to trigger an infinite loop. An error within the vswk6.dll can be exploited to disclose uninitialized memory or cause a crash. Another error within the vswk6.dll can be exploited to disclose uninitialized memory or cause a crash. Another error within the vswk6.dll can be exploited to disclose uninitialized memory or cause a crash. Another error within the vswk6.dll can be exploited to disclose uninitialized memory or cause a crash. The vulnerabilities are confirmed in version 8.5.3. Other versions may also be affected.
473015367ef0eea0a25f5af5e93b268a8c2b94f4c278fb37d6fab71b2071ad79
Secunia Research has discovered multiple vulnerabilities in Oracle Outside In Technology, which can be exploited by malicious people to compromise a vulnerable system. An error within the "VwStreamRead()" function (vsdrw.dll) can be exploited to cause a heap-based buffer overflow. A boundary error in the vsxl5.dll can be exploited to cause a heap-based buffer overflow. Another boundary error in the vsxl5.dll can be exploited to cause a heap-based buffer overflow. An integer underflow error within the "VwStreamOpen()" function (vswk6.dll) can be exploited to cause an out-of-bounds write memory access. The vulnerabilities are confirmed in version 8.5.3. Other versions may also be affected.
6083d4b0f7e6c245ac2afcefff040394406e2fbaf871dd15e639d6e22aa2d867
Secunia Research has discovered a vulnerability in LibRaw, which can be exploited by malicious people to cause a DoS (Denial of Service). An error within the "parse_minolta()" function (dcraw/dcraw.c) can be exploited to trigger an infinite loop via a specially crafted file. The vulnerability is confirmed in version 0.18.10. Prior versions may also be affected.
bcd48fc6eb4e40963e7ce2ee323443dc05561563d89e833840cc165dc0babb83
Secunia Research has discovered multiple vulnerabilities in LibRaw, which can be exploited by malicious people to cause a DoS (Denial of Service). An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file. An integer overflow error within the "identify()" function (internal/dcraw_common.cpp) can be exploited to trigger a division by zero via specially crafted NOKIARAW file. The vulnerabilities are confirmed in version 0.18.11. Prior versions may also be affected.
4613e82ee83759da6d65852d98e41add198de465ce0b423e487854f90211db04