Ubuntu Security Notice 4072-1 - It was discovered that Ansible failed to properly handle sensitive information. A local attacker could use those vulnerabilities to extract them. It was discovered that Ansible could load configuration files from the current working directory containing crafted commands. An attacker could run arbitrary code as result. Various other issues were also addressed.
067d7fa1810947a5a71e4e63c60c2cf15d329e2fb5336677d77831ac4b96d497
Ubuntu Security Notice 4074-1 - It was discovered that the VLC CAF demuxer incorrectly handled certain files. If a user were tricked into opening a specially-crafted CAF file, a remote attacker could use this issue to cause VLC to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. It was discovered that the VLC Matroska demuxer incorrectly handled certain files. If a user were tricked into opening a specially-crafted MKV file, a remote attacker could use this issue to cause VLC to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
93e928953531bb8b7bf488a1acef6c0184de960d3f44e339736aff9fbfce79e5
Red Hat Security Advisory 2019-1851-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include cross site scripting and denial of service vulnerabilities.
00cb28c3b08208132229ebe8054a9b8c4d8f618c66fe74f2f57958cdfda7f4fd
Zurmo version 3.2.6 suffers from reflective cross site scripting vulnerabilities.
272981387eb4c7d4e4980aa8c49a60c1bd14b31aa8ee2ab333760b0df2eacec1
Yahei-PHP Prober version 0.4.7 (speed) suffers from a remote html injection vulnerability.
8b1bffb824058dcb7a5c1639547cb117aa34809316b2f941a0b2c3fc01014440
FreeBSD Security Advisory - If a process attempts to transmit rights over a UNIX-domain socket and an error causes the attempt to fail, references acquired on the rights are not released and are leaked. This bug can be used to cause the reference counter to wrap around and free the corresponding file structure. A local user can exploit the bug to gain root privileges or escape from a jail.
ed0e020ba12b1dc01aa8d83590ac696a40d1fccad60067e1fb8300dfbb889466
Red Hat Security Advisory 2019-1852-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. An incomplete fix for CVE-2019-1002101 was addressed.
c2b47e34d49807392fd550c9925a7fcd990d35fc8f3a2292d2097009020812e4
Ubuntu Security Notice 4073-1 - It was discovered that libEBML incorrectly handled certain media files. If a user were tricked into opening a specially crafted media file, libEBML could possibly be made to crash, resulting in a denial of service.
01ea518490e9ca54bcdc4a67a0d42b41cdd557600790f8bdd7f0c9b3fd2c5984
FreeBSD Security Advisory - The pci_xhci_device_doorbell() function does not validate the 'epid' and 'streamid' provided by the guest, leading to an out-of-bounds read. A misbehaving bhyve guest could crash the system or access memory that it should not be able to.
22ddae49f77be04a48b0ef2c715801539b562f34653337c23b52f4f5dfa1668b
FreeBSD Security Advisory - System calls operating on file descriptors obtain a reference to relevant struct file which due to a programming error was not always put back, which in turn could be used to overflow the counter of affected struct file. A local user can use this flaw to obtain access to files, directories, sockets etc. opened by processes owned by other users. If obtained struct file represents a directory from outside of user's jail, it can be used to access files outside of the jail. If the user in question is a jailed root they can obtain root privileges on the host system.
489c8ae54e5e9d5645a9286ff4c958fe29ebf8eb10cfad1509a4f8ce2b45cf9e
Trend Micro Deep Discovery Inspector suffers from a percent encoding IDS bypass vulnerability.
ec40e8e4c37ffcdffc52766b407c3f23886bf51afda9cc17f1e5746fa1ddd54b
Ubuntu Security Notice 4071-2 - USN-4071-1 fixed several vulnerabilities in Patch. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that Patch incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. Various other issues were also addressed.
0b7c4a198db51cde30cce47cc6a0ae95e2c18bd207868b3dc0dab1fbed99adb0
FreeBSD Security Advisory - Due to insufficient initialization of memory copied to userland in the components listed above small amounts of kernel memory may be disclosed to userland processes. A user who can invoke 32-bit FreeBSD ioctls may be able to read the contents of small portions of kernel memory. Such memory might contain sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way; for example, a terminal buffer might include a user-entered password.
0e0df08026cdde81c94f8a176b172a71c19e15379445944e64ecdd04b7315690
FreeBSD Security Advisory - The code which handles a close(2) of a descriptor created by posix_openpt(2) fails to undo the configuration which causes SIGIO to be raised. This bug can lead to a write-after-free of kernel memory. The bug permits malicious code to trigger a write-after-free, which may be used to gain root privileges or escape a jail.
c20e2ba9892c896b4cdba0602e7caccb54edd10e2ab74a179baf8dc75414522d
Ubuntu Security Notice 4070-1 - Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.04 have been updated to MySQL 5.7.27. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
959176eb4c94921a33ff6997d4aac27b5b2619ea9f454ce8e1b171e35f9e1b56
Apple Security Advisory 2019-7-23-3 - iCloud for Windows 10.6 is now available and addresses code execution and cross site scripting vulnerabilities.
3ba30714719b00baca6259481a4bdfdefef12ce341e50648fc18c3d291519696
Tufin SecureChange uses Richfaces version 4.3.5 which suffers from a remote code execution vulnerability.
5f337d6d91cf5f5d0bc240b766525f3cc6b32105aaf6cf34e4c4de7124a9991c
Apple Security Advisory 2019-7-23-2 - iTunes for Windows 12.9.6 is now available and addresses code execution and cross site scripting vulnerabilities.
5b5d807d64b0dfb0586f4d295e67ecb8f10e14d1218c051ceb6b960ff5372731
Apple Security Advisory 2019-7-23-1 - iCloud for Windows 7.13 is now available and addresses code execution and cross site scripting vulnerabilities.
5039fc8df73b1169b6a519048f0e7a714c303fc19b3d39a7aa2f6b757d1abc9c
Ovidentia version 8.4.3 suffers from a cross site scripting vulnerability.
734799c00c7a895ec1bfc570d83de3f1eccab1b2b66715089278ee5b39f75a57
This whitepaper is a technical analysis of BlueKeep with a path for exploitation.
ffdeadc2f367f61101c6ab776714306ed8c3b691ec3ec119b2210036e68722b9
Ubuntu Security Notice 4071-1 - It was discovered that Patch incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. It was discovered that Patch incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code.
bb6be6ae6ab1c6d02ca25c70421ee7d9fb0267f22a1d62dae05ce539135a8dc1
Ovidentia version 8.4.3 suffers from a remote SQL injection vulnerability.
f243046f9355d0d590313f785bf796a155aa36652cf7d1ac356ad956d9739e0c
Red Hat Security Advisory 2019-1839-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Issues addressed include a deserialization vulnerability.
0a13367a5983baf5fd94b6e99fd1e90d4d62cd0e78706bd0f4e6b11c0feaa972
Red Hat Security Advisory 2019-1833-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. This update fixes various bugs and adds enhancements.
983ea931c7621104c1aa972f82be6812018d0337d9de311aa3b376963f662aad