Twenty Year Anniversary
Showing 1 - 25 of 33,605 RSS Feed

Operating System: Linux

Ubuntu Security Notice USN-3691-1
Posted Jun 22, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3691-1 - It was discovered that the Security component of OpenJDK did not correctly perform merging of multiple sections for the same file listed in JAR archive file manifests. An attacker could possibly use this to modify attributes in a manifest without invalidating the signature. Francesco Palmarini, Marco Squarcina, Mauro Tempesta, and Riccardo Focardi discovered that the Security component of OpenJDK did not restrict which classes could be used when deserializing keys from the JCEKS key stores. An attacker could use this to specially craft a JCEKS key store to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-2790, CVE-2018-2794, CVE-2018-2795, CVE-2018-2796, CVE-2018-2797, CVE-2018-2798, CVE-2018-2799, CVE-2018-2800, CVE-2018-2814, CVE-2018-2815
MD5 | ae063cd3b9c6e04321f83b5de454d2e7
IPConfigure Orchid VMS 2.0.5 Directory Traversal / Information Disclosure
Posted Jun 21, 2018
Authored by Sanjiv Kawa | Site metasploit.com

Orchid Core VMS is vulnerable to a directory traversal attack. This affects Linux and Windows operating systems. This allows a remote, unauthenticated attacker to send crafted GET requests to the application, which results in the ability to read arbitrary files outside of the applications web directory. This issue is further compounded as the Linux version of Orchid Core VMS application is running in context of a user in the sudoers group. As such, any file on the underlying system, for which the location is known, can be read. This Metasploit module was tested against 2.0.5. This has been fixed in 2.0.6.

tags | exploit, remote, web, arbitrary, file inclusion
systems | linux, windows
advisories | CVE-2018-10956
MD5 | 3e04a3dc073e0a19729151e34ab842cb
Slackware Security Advisory - gnupg Updates
Posted Jun 20, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2018-12020
MD5 | 5f95b683f49143b20ca8b521cb2f50ce
Debian Security Advisory 4232-1
Posted Jun 20, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4232-1 - This update provides mitigations for the "lazy FPU" vulnerability affecting a range of Intel CPUs, which could result in leaking CPU register states belonging to another vCPU previously scheduled on the same CPU.

tags | advisory
systems | linux, debian
advisories | CVE-2018-3665
MD5 | a6b4e2a3380dbefdaab3f2a5274ae52b
Red Hat Security Advisory 2018-1954-01
Posted Jun 20, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1954-01 - GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system. Issues addressed include an access control issue.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-10841
MD5 | 1b453287b8ed5413c82d29332576df5c
Red Hat Security Advisory 2018-1955-01
Posted Jun 20, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1955-01 - GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system. Issues addressed include an access control issue.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-10841
MD5 | 41b04df9b4a1d1057bf67e2f8a47b7bb
Ubuntu Security Notice USN-3690-1
Posted Jun 20, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3690-1 - Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides the microcode updates for AMD 17H family processors required for the corresponding Linux kernel updates.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-5715
MD5 | ae1e073f1e15a74b2954bb007e352225
Red Hat Security Advisory 2018-1957-01
Posted Jun 20, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1957-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-11235
MD5 | 03093ce363c16c56dca16dd051bcd79d
Red Hat Security Advisory 2018-1932-01
Posted Jun 20, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1932-01 - The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell, but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions, a history mechanism, and more. Issues addressed include buffer overflow and code execution vulnerabilities.

tags | advisory, overflow, shell, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2014-10072, CVE-2017-18206, CVE-2018-1083, CVE-2018-1100
MD5 | 7df45b65507cdbd916c317251f366d7a
Red Hat Security Advisory 2018-1927-01
Posted Jun 20, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1927-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2018-1086
MD5 | 7112e04c59ef87b6bbc3e302c9a1745b
Red Hat Security Advisory 2018-1877-01
Posted Jun 20, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1877-01 - The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. The ding-libs packages contain a set of libraries used by the System Security Services Daemon as well as other projects, and provide functions to manipulate file system path names, a hash table to manage storage and access time properties, a data type to collect data in a hierarchical structure, a dynamically growing, reference-counted array, and a library to process configuration files in initialization format into a library collection data structure . Issues addressed include an unsanitized input vulnerability.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2017-12173
MD5 | 2b40fc9db63ce60127ed3d67d1de2764
Red Hat Security Advisory 2018-1883-01
Posted Jun 20, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1883-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Issues addressed include a null pointer vulnerability.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2018-1050
MD5 | 8269e528e88ef49981186fb4fe4be9ad
Red Hat Security Advisory 2018-1860-01
Posted Jun 20, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1860-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Issues addressed include a null pointer vulnerability.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2018-1050
MD5 | 4146ca026b00f147624a854db7da7ed8
Red Hat Security Advisory 2018-1929-01
Posted Jun 20, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1929-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a resource exhaustion vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-1064, CVE-2018-5748
MD5 | 6e803921daea584644384a9628e7c288
Red Hat Security Advisory 2018-1933-01
Posted Jun 20, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1933-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 67.0.3396.87. Issues addressed include an out of bounds write vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2018-6149
MD5 | 05538d185f22d9fbeac4321c4128a5e9
Ubuntu Security Notice USN-3689-2
Posted Jun 19, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3689-2 - USN-3689-1 fixed a vulnerability in Libgcrypt. This update provides the corresponding update for Ubuntu 12.04 ESM. Keegan Ryan discovered that Libgcrypt was susceptible to a side- channel attack. A local attacker could possibly use this attack to recover ECDSA private keys. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2018-0495
MD5 | 1bcad9aa93b3aefd025d12f27a5427a7
Ubuntu Security Notice USN-3689-1
Posted Jun 19, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3689-1 - Keegan Ryan discovered that Libgcrypt was susceptible to a side-channel attack. A local attacker could possibly use this attack to recover ECDSA private keys.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2018-0495
MD5 | 669d8760bbc286c2aa34f3be000a22d7
Ubuntu Security Notice USN-3688-1
Posted Jun 19, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3688-1 - Multiple memory safety issues were fixed in Spidermonkey. An attacker could potentially exploit these to cause a denial of service, or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-7810, CVE-2017-7826, CVE-2018-5089, CVE-2018-5125, CVE-2018-5150
MD5 | b4b407d424d805cebd29041d02ce7436
Gentoo Linux Security Advisory 201806-07
Posted Jun 19, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201806-7 - A vulnerability in Transmission could allow a remote attacker to execute arbitrary RPC commands. Versions less than 2.93 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2018-5702
MD5 | 363e09752d7859a754f442f0d640b45b
Gentoo Linux Security Advisory 201806-06
Posted Jun 19, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201806-6 - A vulnerability has been found in Chromium and Chrome that could allow a remote attacker to execute arbitrary code. Versions less than 67.0.3396.87 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2018-6149
MD5 | ef6f587086f28528b08b9773711c82e6
Gentoo Linux Security Advisory 201806-05
Posted Jun 19, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201806-5 - Multiple vulnerabilities have been found in cURL, the worst of which could result in a Denial of Service condition. Versions less than 7.60.0 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2018-1000300, CVE-2018-1000301
MD5 | bb6b32c72590b5a3d9811a12c1d7386b
Red Hat Security Advisory 2018-1854-01
Posted Jun 19, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1854-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass, denial of service, and null pointer vulnerabilities.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2012-6701, CVE-2015-8830, CVE-2016-8650, CVE-2017-12190, CVE-2017-15121, CVE-2017-18203, CVE-2017-2671, CVE-2017-6001, CVE-2017-7308, CVE-2017-7616, CVE-2017-7889, CVE-2017-8890, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2018-1130, CVE-2018-3639, CVE-2018-5803
MD5 | 735a86a96b8c149318b97e23daba46be
Red Hat Security Advisory 2018-1944-01
Posted Jun 19, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1944-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include an information leakage vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2018-3665
MD5 | 769c10853b79201fff02e005e12ff082
Red Hat Security Advisory 2018-1879-01
Posted Jun 19, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1879-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat, osx
advisories | CVE-2017-15670, CVE-2017-15804
MD5 | a1b7d783fcf7377a59aeaeab82f4881d
Red Hat Security Advisory 2018-1949-01
Posted Jun 19, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1949-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information leakage vulnerability.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2018-10855
MD5 | d387dece9bedeed11922b58ec59682ee
Page 1 of 1,345
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

June 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    14 Files
  • 2
    Jun 2nd
    1 Files
  • 3
    Jun 3rd
    3 Files
  • 4
    Jun 4th
    18 Files
  • 5
    Jun 5th
    21 Files
  • 6
    Jun 6th
    8 Files
  • 7
    Jun 7th
    16 Files
  • 8
    Jun 8th
    18 Files
  • 9
    Jun 9th
    5 Files
  • 10
    Jun 10th
    2 Files
  • 11
    Jun 11th
    21 Files
  • 12
    Jun 12th
    32 Files
  • 13
    Jun 13th
    15 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    4 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    2 Files
  • 18
    Jun 18th
    15 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    15 Files
  • 21
    Jun 21st
    15 Files
  • 22
    Jun 22nd
    7 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close