FreeBSD Security Advisory - Insufficient validation of environment variables in the telnet client supplied in FreeBSD can lead to stack-based buffer overflows. A stack-based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers. This issue only affects the telnet client. Inbound telnet sessions to telnetd(8) are not affected by this issue. These buffer overflows may be triggered when connecting to a malicious server, or by an active attacker in the network path between the client and server. Specially crafted TELNET command sequences may cause the execution of arbitrary code with the privileges of the user invoking telnet(1).
a289c2b38135f9f6339c9294178d141344dcea0087e3ea2bfa204b3700f119d5
Ubuntu Security Notice 4069-1 - It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Jann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service or expose sensitive information. Various other issues were also addressed.
59868a26f79be380a03153a4ef3d8b3c9a12618231d06c2df1d94cb0bd3be8f3
WordPress Hybrid Composer plugin version 1.4.6 suffers from an unauthenticated configuration access vulnerability.
26db1d7c35ee5edb905075e3a14d1d9ddc5e8c47e9ee7f9411211033c28c5549
155 bytes small Linux/x86_64 wget Linux enumeration script shellcode.
76049b8c912e7e199162cc07c3a9da9c5df541bbf9d35e76533d43a9e5ad772c
Mikrotik RouterOS versions prior to 6.44.5 and 6.45.1 suffer from stack and resource exhaustion vulnerabilities.
d3abfc481e4ff650ba817b959c8db1aeed9b4e0a9043efaf38c59c7dd9c780de
Ubuntu Security Notice 4068-2 - USN-4068-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 for Ubuntu 16.04 LTS. Adam Zabrocki discovered that the Intel i915 kernel mode graphics driver in the Linux kernel did not properly restrict mmap ranges in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
0c4bf61b72468fcd59a246b2fd84f8d7a3793a8a497b643ce532083fd7e116b5
Red Hat Security Advisory 2019-1823-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.4.0 serves as an update to Red Hat Process Automation Manager 7.3.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and deserialization vulnerabilities.
0905137bd94aa14fc0a8a175a67fcbcc5702cd7d6cccb18e2d7096e7c2569cd1
Red Hat Security Advisory 2019-1840-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Issues addressed include a deserialization vulnerability.
efe76a83a18f395a632251059095882c6835ea73f49af86d8e44dab14a216d65
Apple Security Advisory 2019-7-22-5 - tvOS 12.4 is now available and addresses code execution, cross site scripting, and use-after-free vulnerabilities.
a073d5ed8110ce510716aaf1b4327d7e54f250576137583621a10b137bdd1d21
Axway SecureTransport 5 suffers from an unauthenticated XML external entity injection vulnerability.
7ae144683e44ae643e28c83da54fe27287daee7e50a92c55a6932e7a99323e09
Apple Security Advisory 2019-7-22-2 - macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra are now available and address bypass, code execution, and use-after-free vulnerabilities.
06edb784a4752aa4a94e3f66afb745716e5fc85ffa3efeaa7239483824f55009
Cisco Wireless Controller version 3.6.10E suffers from a cross site request forgery vulnerability.
9d87c7999f6ffa9dd2fabd3fb997b5926a5fe0f4da7a6b3bc135f20fbdbf7946
Jira Server and Data Center products suffer from a template injection vulnerability. Many versions are affected.
0670cac056ef0706c3b99c0a9a1c4c8f0c94e902d675559fb791d7a7720b2d35
Ubuntu Security Notice 4068-1 - Adam Zabrocki discovered that the Intel i915 kernel mode graphics driver in the Linux kernel did not properly restrict mmap ranges in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets protocol implementation in the Linux kernel. The RDS protocol is blacklisted by default in Ubuntu. If enabled, a local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
02490b8df8309a7ab7a198abb51f67d20d6ceaf3205fe71ffb4771c1202d0d72
Apple Security Advisory 2019-7-22-3 - Safari 12.1.2 is now available and addresses code execution and cross site scripting vulnerabilities.
c8b84d4552cf4b56b6845cf0a2b4dbd7a126756a66dc3c156e7dbadaf2a2b959
Debian Linux Security Advisory 4487-1 - User "Arminius" discovered a vulnerability in Vim, an enhanced version of the standard UNIX editor Vi (Vi IMproved), which also affected the Neovim fork, an extensible editor focused on modern code and features.
c81f438b7fd400aee672d3c2ea89bf6ff929d6cd0199f2bb621e9a7fe546e09d
Novismart CMS suffers from a remote SQL injection vulnerability.
67108566d3d5d666ec0b70de576074ba1d4edcff1fca0b5b5705a217f32fd67c
Ubuntu Security Notice 4067-1 - It was discovered that Evince incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service or to execute arbitrary code.
1fb8a2dc32cdecc66cd7c878fa153a85ef5b71e36d8afa5d4af881d222a2a0e7
Apple Security Advisory 2019-7-22-4 - watchOS 5.3 is now available and addresses code execution, cross site scripting, denial of service, and use-after-free vulnerabilities.
05143da45f0a4a4a85ef183b070438591e5fb6f8ce9f083e0deaf3fa0438537c
BACnet Stack version 0.8.6 suffers from a denial of service vulnerability.
a14fd5751f5725ff3f95639b94b6f4975db09b7879fa7b59efbb1b7252ee4996
Apple Security Advisory 2019-7-22-1 - iOS 12.4 is now available and addresses code execution, cross site scripting, denial of service, and use-after-free vulnerabilities.
98652db38a2c68e39ff0f8a5d43718e1f059313953f3baf2ab01cbbceebec0b7
Ubuntu Security Notice 4066-2 - USN-4066-1 fixed a vulnerability in libmspack. This update provides the corresponding update for ClamAV in Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that ClamAV incorrectly handled certain CHM files. A remote attacker could possibly use this issue to access sensitive information.
d135db86823ac76beaa2b812843872448f0a72b87d7214892af8351b025d4c4a
Red Hat Security Advisory 2019-1819-01 - Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log. Issues addressed include a buffer overflow vulnerability.
068033d7e9edf14c5097a42fbafb515202c54c98af6038f7bed416e8f3220b05
Red Hat Security Advisory 2019-1811-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a deserialization vulnerability.
1f26352062bc0ee29c1b17bd8159dd573ce3ba39da8123d3bb174812831a8048
Red Hat Security Advisory 2019-1822-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.4.0 serves as an update to Red Hat Decision Manager 7.3.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and deserialization vulnerabilities.
e4838bd134ac47cc3dcbea7ee7a598dc437cc3c7da9002aab9c7e22679fa53fd