Ubuntu Security Notice 4072-1 - It was discovered that Ansible failed to properly handle sensitive information. A local attacker could use those vulnerabilities to extract them. It was discovered that Ansible could load configuration files from the current working directory containing crafted commands. An attacker could run arbitrary code as result. Various other issues were also addressed.
067d7fa1810947a5a71e4e63c60c2cf15d329e2fb5336677d77831ac4b96d497Ubuntu Security Notice 4074-1 - It was discovered that the VLC CAF demuxer incorrectly handled certain files. If a user were tricked into opening a specially-crafted CAF file, a remote attacker could use this issue to cause VLC to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. It was discovered that the VLC Matroska demuxer incorrectly handled certain files. If a user were tricked into opening a specially-crafted MKV file, a remote attacker could use this issue to cause VLC to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
93e928953531bb8b7bf488a1acef6c0184de960d3f44e339736aff9fbfce79e5Red Hat Security Advisory 2019-1851-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include cross site scripting and denial of service vulnerabilities.
00cb28c3b08208132229ebe8054a9b8c4d8f618c66fe74f2f57958cdfda7f4fdZurmo version 3.2.6 suffers from reflective cross site scripting vulnerabilities.
272981387eb4c7d4e4980aa8c49a60c1bd14b31aa8ee2ab333760b0df2eacec1Yahei-PHP Prober version 0.4.7 (speed) suffers from a remote html injection vulnerability.
8b1bffb824058dcb7a5c1639547cb117aa34809316b2f941a0b2c3fc01014440FreeBSD Security Advisory - If a process attempts to transmit rights over a UNIX-domain socket and an error causes the attempt to fail, references acquired on the rights are not released and are leaked. This bug can be used to cause the reference counter to wrap around and free the corresponding file structure. A local user can exploit the bug to gain root privileges or escape from a jail.
ed0e020ba12b1dc01aa8d83590ac696a40d1fccad60067e1fb8300dfbb889466Red Hat Security Advisory 2019-1852-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. An incomplete fix for CVE-2019-1002101 was addressed.
c2b47e34d49807392fd550c9925a7fcd990d35fc8f3a2292d2097009020812e4Ubuntu Security Notice 4073-1 - It was discovered that libEBML incorrectly handled certain media files. If a user were tricked into opening a specially crafted media file, libEBML could possibly be made to crash, resulting in a denial of service.
01ea518490e9ca54bcdc4a67a0d42b41cdd557600790f8bdd7f0c9b3fd2c5984FreeBSD Security Advisory - The pci_xhci_device_doorbell() function does not validate the 'epid' and 'streamid' provided by the guest, leading to an out-of-bounds read. A misbehaving bhyve guest could crash the system or access memory that it should not be able to.
22ddae49f77be04a48b0ef2c715801539b562f34653337c23b52f4f5dfa1668bFreeBSD Security Advisory - System calls operating on file descriptors obtain a reference to relevant struct file which due to a programming error was not always put back, which in turn could be used to overflow the counter of affected struct file. A local user can use this flaw to obtain access to files, directories, sockets etc. opened by processes owned by other users. If obtained struct file represents a directory from outside of user's jail, it can be used to access files outside of the jail. If the user in question is a jailed root they can obtain root privileges on the host system.
489c8ae54e5e9d5645a9286ff4c958fe29ebf8eb10cfad1509a4f8ce2b45cf9eTrend Micro Deep Discovery Inspector suffers from a percent encoding IDS bypass vulnerability.
ec40e8e4c37ffcdffc52766b407c3f23886bf51afda9cc17f1e5746fa1ddd54bUbuntu Security Notice 4071-2 - USN-4071-1 fixed several vulnerabilities in Patch. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that Patch incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. Various other issues were also addressed.
0b7c4a198db51cde30cce47cc6a0ae95e2c18bd207868b3dc0dab1fbed99adb0FreeBSD Security Advisory - Due to insufficient initialization of memory copied to userland in the components listed above small amounts of kernel memory may be disclosed to userland processes. A user who can invoke 32-bit FreeBSD ioctls may be able to read the contents of small portions of kernel memory. Such memory might contain sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way; for example, a terminal buffer might include a user-entered password.
0e0df08026cdde81c94f8a176b172a71c19e15379445944e64ecdd04b7315690FreeBSD Security Advisory - The code which handles a close(2) of a descriptor created by posix_openpt(2) fails to undo the configuration which causes SIGIO to be raised. This bug can lead to a write-after-free of kernel memory. The bug permits malicious code to trigger a write-after-free, which may be used to gain root privileges or escape a jail.
c20e2ba9892c896b4cdba0602e7caccb54edd10e2ab74a179baf8dc75414522dUbuntu Security Notice 4070-1 - Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.04 have been updated to MySQL 5.7.27. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
959176eb4c94921a33ff6997d4aac27b5b2619ea9f454ce8e1b171e35f9e1b56Apple Security Advisory 2019-7-23-3 - iCloud for Windows 10.6 is now available and addresses code execution and cross site scripting vulnerabilities.
3ba30714719b00baca6259481a4bdfdefef12ce341e50648fc18c3d291519696Tufin SecureChange uses Richfaces version 4.3.5 which suffers from a remote code execution vulnerability.
5f337d6d91cf5f5d0bc240b766525f3cc6b32105aaf6cf34e4c4de7124a9991cApple Security Advisory 2019-7-23-2 - iTunes for Windows 12.9.6 is now available and addresses code execution and cross site scripting vulnerabilities.
5b5d807d64b0dfb0586f4d295e67ecb8f10e14d1218c051ceb6b960ff5372731Apple Security Advisory 2019-7-23-1 - iCloud for Windows 7.13 is now available and addresses code execution and cross site scripting vulnerabilities.
5039fc8df73b1169b6a519048f0e7a714c303fc19b3d39a7aa2f6b757d1abc9cOvidentia version 8.4.3 suffers from a cross site scripting vulnerability.
734799c00c7a895ec1bfc570d83de3f1eccab1b2b66715089278ee5b39f75a57This whitepaper is a technical analysis of BlueKeep with a path for exploitation.
ffdeadc2f367f61101c6ab776714306ed8c3b691ec3ec119b2210036e68722b9Ubuntu Security Notice 4071-1 - It was discovered that Patch incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. It was discovered that Patch incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code.
bb6be6ae6ab1c6d02ca25c70421ee7d9fb0267f22a1d62dae05ce539135a8dc1Ovidentia version 8.4.3 suffers from a remote SQL injection vulnerability.
f243046f9355d0d590313f785bf796a155aa36652cf7d1ac356ad956d9739e0cRed Hat Security Advisory 2019-1839-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Issues addressed include a deserialization vulnerability.
0a13367a5983baf5fd94b6e99fd1e90d4d62cd0e78706bd0f4e6b11c0feaa972Red Hat Security Advisory 2019-1833-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. This update fixes various bugs and adds enhancements.
983ea931c7621104c1aa972f82be6812018d0337d9de311aa3b376963f662aad
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed