Debian Linux Security Advisory 4409-1 - Erik Olof Gunnar Andersson discovered that incorrect validation of port settings in the iptables security group driver of Neutron, the OpenStack virtual network service, could result in denial of service in a multi tenant setup.
d3a948ca8507d7cb3d99637b37eb392bDebian Linux Security Advisory 4408-1 - Multiple security issues were discovered in liveMedia, a set of C++ libraries for multimedia streaming which could result in the execution of arbitrary code or denial of service when parsing a malformed RTSP stream.
425b2b589d0ad63f13c2c1d76cedbb9eDebian Linux Security Advisory 4406-1 - Francis McBratney discovered that the Windows Azure Linux Agent created swap files with world-readable permissions, resulting in information disclosure.
17e85027c8b215cf2925edc737d2cdc5Debian Linux Security Advisory 4407-1 - Ross Geerlings discovered that the XMLTooling library didn't correctly handle exceptions on malformed XML declarations, which could result in denial of service against the application using XMLTooling.
38497d06e1832a59bcf2e4c1990dab40Debian Linux Security Advisory 4404-1 - Clement Lecigne discovered a use-after-free issue in chromium's file reader implementation. A maliciously crafted file could be used to remotely execute arbitrary code because of this problem.
f259f323229f50aeb91583a49ffac28bDebian Linux Security Advisory 4405-1 - Multiple vulnerabilities have been discovered in openjpeg2, the open-source JPEG 2000 codec, that could be leveraged to cause a denial of service or possibly remote code execution.
dd68b6adb0b142371c9fa559b22fea4aThis Metasploit module uses the Liferay CE Portal Groovy script console to execute OS commands. The Groovy script can execute commands on the system via a [command].execute() call. Valid credentials for an application administrator user account are required. This module has been tested successfully with Liferay CE Portal Tomcat 7.1.2 ga3 on Debian 4.9.18-1kali1 system.
33b80d5984e6de063d95e67d2750f386This Metasploit module allows the execution of remote commands on the server by creating a malicious JSP file. Module has been tested successfully with OpenKM DM between 6.3.2 and 6.3.7 on Debian 4.9.18-1kali1 system. There is also the possibility of working in lower versions.
f97d3b6ff4fa56c863ac3cc8e4e6f499Debian Linux Security Advisory 4403-1 - Multiple security issues were found in PHP, a widely-used open source of invalid memory access and rename() was implemented insecurely.
512d17d8b9ec07892087caa22453d92fDebian Linux Security Advisory 4402-1 - It was discovered that insufficient restrictions in the connection handling of Mumble, a low latency encrypted VoIP client, could result in denial of service.
f1fce2881c6f151f5471305cc4dae616Debian Linux Security Advisory 4387-2 - It was found that a security update (DSA-4387-1) of OpenSSH, an implementation of the SSH protocol suite, was incomplete. This update did not completely fix CVE-2019-6111, an arbitrary file overwrite vulnerability in the scp client implementing the SCP protocol.
88cea46d231b8279eecaac5b7333b593Debian Linux Security Advisory 4401-1 - Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting (XSS) and PHP injections attacks, delete files, leak potentially sensitive data, create posts of unauthorized types, or cause denial-of-service by application crash.
05b43b33e20c2931702e4ba73c03a7c2Debian Linux Security Advisory 4398-1 - Multiple security issues were found in PHP, a widely-used open source accesses were found in the xmlrpc, mbstring and phar extensions and the dns_get_record() function.
8c1bd1667e1294d949b291cba48d2f94Debian Linux Security Advisory 4400-1 - Juraj Somorovsky, Robert Merget and Nimrod Aviram discovered a padding oracle attack in OpenSSL.
3ae403132ce04513055ca44d9713a40dDebian Linux Security Advisory 4399-1 - Joey Hess discovered that the aggregate plugin of the Ikiwiki wiki compiler was susceptible to server-side request forgery, resulting in information disclosure or denial of service.
ddd88cecf467bffd0d7c9d1ed2dd16b4Debian Linux Security Advisory 4397-1 - Garming Sam reported an out-of-bounds read in the ldb_wildcard_compare() function of ldb, a LDAP-like embedded database, resulting in denial of service.
7e49bbc87f63e971fdd23fddb6bc4d3aDebian Linux Security Advisory 4395-2 - A regression was introduced in the previous chromium security update. The browser would always crash when launched in headless mode. This update fixes this problem.
cc946f6c1f560c4f209d64b0be55fa2dDebian Linux Security Advisory 4377-3 - The restrictions introduced in the security fix to address CVE-2019-1000018 also disallowed the -pf and -pt options which are used by the scp support in libssh2. This update restores support for those.
9cd4fbf3a326b0f62854a4c5892625c8Debian Linux Security Advisory 4396-1 - Several vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system.
e731970af38b8a949348da84d1ee14ecDebian Linux Security Advisory 4395-1 - Several vulnerabilities have been discovered in the chromium web browser.
0061c54a4714f406f941325fe4f93029Debian Linux Security Advisory 4394-1 - Multiple security issues were found in the rdesktop RDP client, which could result in denial of service, information disclosure and the execution of arbitrary code.
38e1585e6d210be9088a344d9a654c2eDebian Linux Security Advisory 4393-1 - Chris Coulson discovered a flaw in systemd leading to denial of service. An unprivileged user could take advantage of this issue to crash PID1 by sending a specially crafted D-Bus message on the system bus.
8a2de98f5a49a4f8f6f29e078bc82bb3Debian Linux Security Advisory 4388-2 - Kushal Kumaran reported that the update for mosquitto issued as DSA 4388-1 causes mosquitto to crash when reloading the persistent database. Updated packages are now available to correct this issue.
ef0a0b730868dfb57d273ff6d6fd0ca5Debian Linux Security Advisory 4392-1 - Multiple security issues have been found in the Thunderbird mail client, which could lead to the execution of arbitrary code, denial of service or spoofing of S/MIME signatures.
72eb49943de47e780e6bb6cc43b13415Debian Linux Security Advisory 4391-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
ae5044944624c06ea62f2b3d6e4c4b75
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed