reSIProcate version 1.10.2 suffers from a heap overflow vulnerability.
5c2be7bac5354f5c1cdfff544718f4c3man-cgi versions prior to 1.16 suffer from a local file inclusion vulnerability.
bca0e6274252ccbf0017f77e91d0f04eHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.
e55a3235e87612b449cf2d9bc47a96edHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.
e0c04565eb1fec521f55b5d25b235983CMS BUZZ version 2.9 suffers from a cross site scripting vulnerability.
3914dd04f55396a818c59fa0cff37941Ubuntu Security Notice 3732-2 - USN-3732-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Juha-Matti Tilli discovered that the TCP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packets. A remote attacker could use this to cause a denial of service. Various other issues were also addressed.
802eb3abdd14bdadb5da2e1595870840FreeBSD Security Advisory - One of the data structures that holds TCP segments uses an inefficient algorithm to reassemble the data. This causes the CPU time spent on segment processing to grow linearly with the number of segments in the reassembly queue. An attacker who has the ability to send TCP traffic to a victim system can degrade the victim system's network performance and/or consume excessive CPU by exploiting the inefficiency of TCP reassembly handling, with relatively small bandwidth cost.
0bdd64abf1fb28bb2f9ee045a5e2a080WebKitGTK+ and WPE WebKit suffers from buffer overflow, code execution, and denial of service vulnerabilities.
62e067ffa9acced01f46f39957628987OpenEMR version 5.0.1.3 remote code execution exploit.
214119ee9c04f9480c280b81d78d0e9dUbuntu Security Notice 3733-1 - Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and Yuval Yarom discovered that GnuPG is vulnerable to a cache side-channel attack. A local attacker could use this attack to recover RSA private keys.
1e04040a0f99386a8b56262eec323ea2QNap QVR Client version 5.0.3.23100 suffers from a denial of service vulnerability.
281de684cf56ed58a2d37f60a71996c8VMware Security Advisory 2018-0019 - Horizon 6, 7, and Horizon Client for Windows updates address an out-of-bounds read vulnerability.
b40331424283676a792f9c3b3bfd9373Red Hat Security Advisory 2018-2363-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. Issues addressed include a bypass vulnerability.
f39789c1cbfeacc275583986ae3ef016Debian Linux Security Advisory 4266-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service.
fd149235f5f3d7399795b4610222711dUbuntu Security Notice 3732-1 - Juha-Matti Tilli discovered that the TCP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packets. A remote attacker could use this to cause a denial of service.
43c84ca28d83281850c44600f89423eeUbuntu Security Notice 3731-2 - USN-3731-1 fixed a vulnerability in LFTP. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that LFTP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.
6381138d09500c7d91c40b39caea7b5bRed Hat Security Advisory 2018-2364-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. Issues addressed include a bypass vulnerability.
4ba2017bc1278237736dec4c2ebc3323cgit suffers from a directory traversal vulnerability in cgit_clone_objects().
f306e9c0fb056a4bc0fe47e73bb69b90Ubuntu Security Notice 3731-1 - It was discovered that LFTP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service.
a8de898a21fc0c7256fa96e9770dcf1bOCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted.
f671f8d4d1775a87dfdb4e245c86573aOpen-AudIT Community version 2.2.6 suffers from a cross site scripting vulnerability.
b63b5e92b84bb9d132ea06a01ab61ab9Dell EMC Data Protection Advisor, versions 6.4 through 6.5, contains a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request.
66b403365b7c8ab139a4ef411025c4a5Ubuntu Security Notice 3730-1 - Matthias Gerstner discovered that LXC incorrectly handled the lxc-user-nic utility. A local attacker could possibly use this issue to open arbitrary files.
2d49f90b6beba33820201e89a4784c25Ubuntu Security Notice 3729-1 - It was discovered that libxcursor incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service.
fc34494033b154bb7345e72a057068beDebian Linux Security Advisory 4262-1 - Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to open redirects, cross-site request forgery, information disclosure, session fixation or denial of service.
9d90561cb123024abe81fc4647a6aff3
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed