Red Hat Security Advisory 2018-3665-01 - NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband, and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. Issues addressed include an out-of-bounds heap write.
931c94c499dac21904afc66a5700e4de49fdf7295724f9dfb38c90a85d1657e6
Red Hat Security Advisory 2018-3663-01 - sos-collector is a utility that gathers sosreports from multi-node environments. sos-collector facilitates data collection for support cases and it can be run from either a node or from an administrator's local workstation that has network access to the environment. Issues addressed include incorrect permissions.
fe979cf7307d73939c41d907efdc14c6ab25afb04488e4335efe9d5fecd63411
Red Hat Security Advisory 2018-3651-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, denial of service, and null pointer vulnerabilities.
0d4ad75e1c0c0488c5fb0adc68d8e4c2c04aae6be649e37a8ba52aa3d7c799ba
Red Hat Security Advisory 2018-3650-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Issues addressed include a file permission vulnerability.
28914afeb0062811d3d1b40491a6e1a5af3b6a78b6677f4f2d6e8b173636b5aa
Gentoo Linux Security Advisory 201811-16 - Multiple vulnerabilities have been found in strongSwan, the worst of which could lead to a Denial of Service condition. Versions less than 5.7.1 are affected.
90b2c65ae66ecb8393798be16d494aeac84b63c0e80ade4bc9082323fe2ace84
Red Hat Security Advisory 2018-3656-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include an use-after-free vulnerability.
138d3b2eb90b7429ef67ed1169a8e658e887b799fbbaab3eeed73288fade789c
phpMyAdmin version 4.8.1 authenticated local file inclusion proof of concept exploits.
99adf4308fa706903d75dfc6e085c7ba2d9885c407bb3424f26d594818c0460a
Red Hat Security Advisory 2018-3655-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. Issues addressed include a ridiculous amount of unspecified vulnerabilities.
dfcc00ca751525154904480761efc7b9132aeacc330cada2b5b82e472c7fe96e
Red Hat Security Advisory 2018-3671-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP35. Issues addressed include a denial of service vulnerability.
b9e101d4654d1ee487628b0854b423e6a5e72265a863ae854851e88b704f39d0
Red Hat Security Advisory 2018-3672-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP35. Issues addressed include a denial of service vulnerability.
de9a35cc190a2af10e419079bbc8309b996a09cfe811621caa087d3d2b12cfa2
Ubuntu Security Notice 3826-1 - Daniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled NE2000 device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. It was discovered that QEMU incorrectly handled the Slirp networking back-end. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Various other issues were also addressed.
4e4c876bb878a34b2dd16b55e3b1d2a08ed115428511e04586ecb54058caa47b
Gentoo Linux Security Advisory 201811-15 - Multiple vulnerabilities have been found in MuPDF, the worst of which could allow the remote execution of arbitrary code. Versions less than 1.13.0 are affected.
84fc1bb2dacd392565404ca0665e2a21baa49ee8d248356babe74470a83a9a3a
Red Hat Security Advisory 2018-3653-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a denial of service vulnerability.
cdf8832a2ee43f362646287957e86d0a848865e5cbce03448952aedf3e742e46
No-Cms version 1.0 suffers from a remote SQL injection vulnerability.
70c8dc45a5d1b796fb3ea69e6b5f19f4feddf01fdbbd17933705d365bbd73ddd
Debian Linux Security Advisory 4344-1 - Aidan Marlin discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, is prone to a cross-site scripting vulnerability in handling invalid style tag content.
61088ba4c1524225f61aba788ca2db36974325e1503cca823eabfc5a0b66ce79
MariaDB Client version 10.1.26 suffers from a denial of service vulnerability.
a054d0e347263826f67fc89d81e52aa27f6e3a54105a83b36e41a5afcc238e9c
WordPress Easy Testimonials version 3.2 suffers from a cross site scripting vulnerability.
ca72b4de993e05684b5aade461f5c5d0c3aaccf69110cfee697d504c773fc1e9
Zyxel VMG1312-B10D 5.13AAXA.8 suffers from a directory traversal vulnerability.
60c8e9a5e09699dcc7795a645cfb7557da62d34304af0a5f585f8638ad3a1365
Red Hat Security Advisory 2018-3652-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a denial of service vulnerability.
13d4d0dbcb52c25e093c1a22ae583ea2870ab00c6e2cac59c54802f4b830fccc
Arm Whois version 3.11 suffers from a buffer overflow vulnerability.
a49cb25efda24f3cfb28adf894e9afdd88945abc5c1b68d5f86a2ba3a21f6906
Red Hat Security Advisory 2018-3648-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 70.0.3538.110. Issues addressed include an use-after-free vulnerability.
c03fc5ca2a56763a4889075cf695caab0284cdb260e9b4c61ee185bdae126268
Debian Linux Security Advisory 4343-1 - It was discovered that a buffer overflow in liveMedia, a set of C++ libraries for multimedia streaming could result in the execution of arbitrary code when parsing a malformed RTSP stream.
2a657e6e38cb5cf8947b1dab8cdb89fdc98f0ab6a0750b9ac6895379d8ba8f24
This Metasploit module attempts to gain root privileges with SUID Xorg X11 server versions 1.19.0 up to 1.20.3. A permission check flaw exists for -modulepath and -logfile options when starting Xorg. This allows unprivileged users that can start the server the ability to elevate privileges and run arbitrary code under root privileges. This Metasploit module has been tested with OpenBSD 6.3, 6.4, and CentOS 7 (1708). CentOS default install will require console auth for the users session. Cron launches the payload so if Selinux is enforcing exploitation may still be possible, but the module will bail. Xorg must have SUID permissions and may not start if running. On exploitation a crontab.old backup file will be created by Xorg. This Metasploit module will remove the .old file and restore crontab after successful exploitation. Failed exploitation may result in a corrupted crontab. On successful exploitation artifacts will be created consistent with starting Xorg and running a cron.
720e628b35284931ff0424715e648634cd3ec31db1a89c8b1fff88eddfb6f4ab
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
49e3afed0405da7500e76bab416a443a15f2e568167d0093f29c0574bcc959d1
Gentoo Linux Security Advisory 201811-14 - Multiple vulnerabilities have been found in Exiv2, the worst of which could result in a Denial of Service condition. Versions less than 0.26_p20180811-r3 are affected.
ee5e076345c3013fb9bb4e7700361e743a480b23a91f3f44b3e6c71e0abaa72f