FreeBSD Security Advisory - Insufficient validation of environment variables in the telnet client supplied in FreeBSD can lead to stack-based buffer overflows. A stack-based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers. This issue only affects the telnet client. Inbound telnet sessions to telnetd(8) are not affected by this issue. These buffer overflows may be triggered when connecting to a malicious server, or by an active attacker in the network path between the client and server. Specially crafted TELNET command sequences may cause the execution of arbitrary code with the privileges of the user invoking telnet(1).
a289c2b38135f9f6339c9294178d141344dcea0087e3ea2bfa204b3700f119d5Ubuntu Security Notice 4069-1 - It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Jann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service or expose sensitive information. Various other issues were also addressed.
59868a26f79be380a03153a4ef3d8b3c9a12618231d06c2df1d94cb0bd3be8f3WordPress Hybrid Composer plugin version 1.4.6 suffers from an unauthenticated configuration access vulnerability.
26db1d7c35ee5edb905075e3a14d1d9ddc5e8c47e9ee7f9411211033c28c5549155 bytes small Linux/x86_64 wget Linux enumeration script shellcode.
76049b8c912e7e199162cc07c3a9da9c5df541bbf9d35e76533d43a9e5ad772cMikrotik RouterOS versions prior to 6.44.5 and 6.45.1 suffer from stack and resource exhaustion vulnerabilities.
d3abfc481e4ff650ba817b959c8db1aeed9b4e0a9043efaf38c59c7dd9c780deUbuntu Security Notice 4068-2 - USN-4068-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 for Ubuntu 16.04 LTS. Adam Zabrocki discovered that the Intel i915 kernel mode graphics driver in the Linux kernel did not properly restrict mmap ranges in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
0c4bf61b72468fcd59a246b2fd84f8d7a3793a8a497b643ce532083fd7e116b5Red Hat Security Advisory 2019-1823-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.4.0 serves as an update to Red Hat Process Automation Manager 7.3.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and deserialization vulnerabilities.
0905137bd94aa14fc0a8a175a67fcbcc5702cd7d6cccb18e2d7096e7c2569cd1Red Hat Security Advisory 2019-1840-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Issues addressed include a deserialization vulnerability.
efe76a83a18f395a632251059095882c6835ea73f49af86d8e44dab14a216d65Apple Security Advisory 2019-7-22-5 - tvOS 12.4 is now available and addresses code execution, cross site scripting, and use-after-free vulnerabilities.
a073d5ed8110ce510716aaf1b4327d7e54f250576137583621a10b137bdd1d21Axway SecureTransport 5 suffers from an unauthenticated XML external entity injection vulnerability.
7ae144683e44ae643e28c83da54fe27287daee7e50a92c55a6932e7a99323e09Apple Security Advisory 2019-7-22-2 - macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra are now available and address bypass, code execution, and use-after-free vulnerabilities.
06edb784a4752aa4a94e3f66afb745716e5fc85ffa3efeaa7239483824f55009Cisco Wireless Controller version 3.6.10E suffers from a cross site request forgery vulnerability.
9d87c7999f6ffa9dd2fabd3fb997b5926a5fe0f4da7a6b3bc135f20fbdbf7946Jira Server and Data Center products suffer from a template injection vulnerability. Many versions are affected.
0670cac056ef0706c3b99c0a9a1c4c8f0c94e902d675559fb791d7a7720b2d35Ubuntu Security Notice 4068-1 - Adam Zabrocki discovered that the Intel i915 kernel mode graphics driver in the Linux kernel did not properly restrict mmap ranges in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets protocol implementation in the Linux kernel. The RDS protocol is blacklisted by default in Ubuntu. If enabled, a local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
02490b8df8309a7ab7a198abb51f67d20d6ceaf3205fe71ffb4771c1202d0d72Apple Security Advisory 2019-7-22-3 - Safari 12.1.2 is now available and addresses code execution and cross site scripting vulnerabilities.
c8b84d4552cf4b56b6845cf0a2b4dbd7a126756a66dc3c156e7dbadaf2a2b959Debian Linux Security Advisory 4487-1 - User "Arminius" discovered a vulnerability in Vim, an enhanced version of the standard UNIX editor Vi (Vi IMproved), which also affected the Neovim fork, an extensible editor focused on modern code and features.
c81f438b7fd400aee672d3c2ea89bf6ff929d6cd0199f2bb621e9a7fe546e09dNovismart CMS suffers from a remote SQL injection vulnerability.
67108566d3d5d666ec0b70de576074ba1d4edcff1fca0b5b5705a217f32fd67cUbuntu Security Notice 4067-1 - It was discovered that Evince incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service or to execute arbitrary code.
1fb8a2dc32cdecc66cd7c878fa153a85ef5b71e36d8afa5d4af881d222a2a0e7Apple Security Advisory 2019-7-22-4 - watchOS 5.3 is now available and addresses code execution, cross site scripting, denial of service, and use-after-free vulnerabilities.
05143da45f0a4a4a85ef183b070438591e5fb6f8ce9f083e0deaf3fa0438537cBACnet Stack version 0.8.6 suffers from a denial of service vulnerability.
a14fd5751f5725ff3f95639b94b6f4975db09b7879fa7b59efbb1b7252ee4996Apple Security Advisory 2019-7-22-1 - iOS 12.4 is now available and addresses code execution, cross site scripting, denial of service, and use-after-free vulnerabilities.
98652db38a2c68e39ff0f8a5d43718e1f059313953f3baf2ab01cbbceebec0b7Ubuntu Security Notice 4066-2 - USN-4066-1 fixed a vulnerability in libmspack. This update provides the corresponding update for ClamAV in Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that ClamAV incorrectly handled certain CHM files. A remote attacker could possibly use this issue to access sensitive information.
d135db86823ac76beaa2b812843872448f0a72b87d7214892af8351b025d4c4aRed Hat Security Advisory 2019-1819-01 - Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log. Issues addressed include a buffer overflow vulnerability.
068033d7e9edf14c5097a42fbafb515202c54c98af6038f7bed416e8f3220b05Red Hat Security Advisory 2019-1811-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a deserialization vulnerability.
1f26352062bc0ee29c1b17bd8159dd573ce3ba39da8123d3bb174812831a8048Red Hat Security Advisory 2019-1822-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.4.0 serves as an update to Red Hat Decision Manager 7.3.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and deserialization vulnerabilities.
e4838bd134ac47cc3dcbea7ee7a598dc437cc3c7da9002aab9c7e22679fa53fd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed