Twenty Year Anniversary
Showing 76 - 100 of 69,118 RSS Feed

Advisory Files

Ubuntu Security Notice USN-3783-1
Posted Oct 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3783-1 - Robert Swiecki discovered that the Apache HTTP Server HTTP/2 module incorrectly destroyed certain streams. A remote attacker could possibly use this issue to cause the server to crash, leading to a denial of service. Craig Young discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2018-11763, CVE-2018-1302, CVE-2018-1333
MD5 | 39a2a20007776652cad0090cdc05afc8
Debian Security Advisory 4310-1
Posted Oct 4, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4310-1 - Two security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code inside the sandboxed content process.

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2018-12386, CVE-2018-12387
MD5 | b88ceaa2ffe174a5b82e94d946d662e0
Ubuntu Security Notice USN-3778-1
Posted Oct 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3778-1 - A crash was discovered in TransportSecurityInfo used for SSL, which could be triggered by data stored in the local cache directory. An attacker could potentially exploit this in combination with another vulnerability that allowed them to write data to the cache, to execute arbitrary code. A type confusion bug was discovered in JavaScript. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local, javascript
systems | linux, ubuntu
advisories | CVE-2018-12385, CVE-2018-12386, CVE-2018-12387
MD5 | c62ea9beea2ef5ac1b71a02d553818db
VMware Security Advisory 2018-0024
Posted Oct 4, 2018
Authored by VMware | Site vmware.com

VMware Security Advisory 2018-0024 - VMware Workspace ONE Unified Endpoint Management Console (A/W Console) updates resolve SAML authentication bypass vulnerability.

tags | advisory, bypass
advisories | CVE-2018-6979
MD5 | d7ad13c09ca3a2acd2fbe2f92a903bba
Ubuntu Security Notice USN-3785-1
Posted Oct 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3785-1 - Due to a large number of issues discovered in GhostScript that prevent it from being used by ImageMagick safely, this update includes a default policy change that disables support for the Postscript and PDF formats in ImageMagick. This policy can be overridden if necessary by using an alternate ImageMagick policy configuration. It was discovered that several memory leaks existed when handling certain images in ImageMagick. An attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, memory leak
systems | linux, ubuntu
advisories | CVE-2018-14434, CVE-2018-14437, CVE-2018-14551, CVE-2018-16323, CVE-2018-16640, CVE-2018-16642, CVE-2018-16643, CVE-2018-16644, CVE-2018-16645, CVE-2018-16749, CVE-2018-16750
MD5 | 21b59cbac0421b36e21afeb307c30831
Ubuntu Security Notice USN-3784-1
Posted Oct 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3784-1 - As a security improvement, this update adjusts the private-files abstraction to disallow writing to thumbnailer configuration files. Additionally adjust the private-files, private-files-strict and user-files abstractions to disallow writes on parent directories of sensitive files.

tags | advisory
systems | linux, ubuntu
MD5 | d8709d5df4c0b50fb59316796b9aa3e5
Red Hat Security Advisory 2018-2868-01
Posted Oct 3, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2868-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.0 Service Pack 1 serves as a replacement for Red Hat JBoss Web Server 5.0, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include an information leakage vulnerability.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2018-8037
MD5 | c7ef7eab42953ebab1c816b029115ddf
Red Hat Security Advisory 2018-2867-01
Posted Oct 3, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2867-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.0 Service Pack 1 serves as a replacement for Red Hat JBoss Web Server 5.0, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include an information leakage vulnerability.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2018-8037
MD5 | 4a60c4dfbc4ce4112d5fbd7c85c19701
Ubuntu Security Notice USN-3782-1
Posted Oct 3, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3782-1 - Henri Salo discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. It was discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-12085, CVE-2018-17294
MD5 | 9a34ad0773c5d4ae726d218ab924dedd
Ubuntu Security Notice USN-3781-1
Posted Oct 3, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3781-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2018-4191, CVE-2018-4209, CVE-2018-4299, CVE-2018-4312, CVE-2018-4317, CVE-2018-4328
MD5 | b9204d5224fba5ea1f9e172cb10b6dda
Slackware Security Advisory - mozilla-firefox Updates
Posted Oct 3, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2018-12387
MD5 | 7f98aa721388c5dcd0fd1d76ab08d71a
PTC ThingWorx Password Disclosure / Cross Site Scripting
Posted Oct 3, 2018
Authored by M. Tomaselli | Site sec-consult.com

PTC ThingWorx suffers from cross site scripting and password disclosure vulnerabilities. Versions affected include 6.5 through 7.4, 8.0.x, 8.1.x, and 8.2.x.

tags | advisory, vulnerability, xss
advisories | CVE-2018-17216, CVE-2018-17217, CVE-2018-17218
MD5 | cf3dfdaedc433d702cffb055aaf2357a
Debian Security Advisory 4309-1
Posted Oct 2, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4309-1 - Google's OSS-Fuzz revealed an exploitable bug in the gmp plugin caused by the patch that fixes CVE-2018-16151 and CVE-2018-16151 (DSA-4305-1).

tags | advisory
systems | linux, debian
advisories | CVE-2018-17540
MD5 | da84be61cf0df9d48949f7771d2671b5
Gentoo Linux Security Advisory 201810-01
Posted Oct 2, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201810-1 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. Versions less than 60.2.2 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-16541, CVE-2018-12358, CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12367, CVE-2018-12368, CVE-2018-12369, CVE-2018-12370, CVE-2018-12371, CVE-2018-12376, CVE-2018-12377, CVE-2018-12378, CVE-2018-12379, CVE-2018-12381, CVE-2018-12383, CVE-2018-12385, CVE-2018-12386, CVE-2018-12387, CVE-2018-5125, CVE-2018-5127
MD5 | 2ed8115633bd219ec3b7e1781a6f664a
Ubuntu Security Notice USN-3780-1
Posted Oct 2, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3780-1 - It was discovered that HAProxy incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2018-14645
MD5 | e400503547d952ef6d1d0f348bfb3641
Ubuntu Security Notice USN-3779-1
Posted Oct 2, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3779-1 - It was discovered that an integer overflow vulnerability existed in the Linux kernel when loading an executable to run. A local attacker could use this to gain administrative privileges. It was discovered that a stack-based buffer overflow existed in the iSCSI target implementation of the Linux kernel. A remote attacker could use this to cause a denial of service.

tags | advisory, remote, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-14633, CVE-2018-14634
MD5 | 7dc63fa243368cb42248ea232b1e8a86
Red Hat Security Advisory 2018-2840-01
Posted Oct 2, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2840-01 - Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. This patch is an update to Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the References section below. Security fix: A-MQ Console: HTTPOnly and Secure attributes not set on cookies.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-5183
MD5 | db2870696985d89adbb2105514cb030b
Red Hat Security Advisory 2018-2855-01
Posted Oct 2, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2855-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2017-18191
MD5 | b4f6ed34b733ef996f16dde828450861
Red Hat Security Advisory 2018-2857-01
Posted Oct 2, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2857-01 - memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. instack-undercloud provides a collection of scripts and elements that can be used to install an OpenStack undercloud. openstack-tripleo-heat-templates is a collection of OpenStack Orchestration templates and tools, which can be used to help deploy OpenStack. Issues addressed include a denial of service vulnerability.

tags | advisory, web, denial of service
systems | linux, redhat
advisories | CVE-2018-1000115
MD5 | 308fdb14dfd9c3b1cd49c526435d8b30
Ubuntu Security Notice USN-3777-2
Posted Oct 2, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3777-2 - USN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-10853, CVE-2018-14633, CVE-2018-15572, CVE-2018-15594, CVE-2018-17182, CVE-2018-6554, CVE-2018-6555
MD5 | 7ad405888628cb6f624337eff8a8f835
Ubuntu Security Notice USN-3777-1
Posted Oct 2, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3777-1 - Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-10853, CVE-2018-14633, CVE-2018-15572, CVE-2018-15594, CVE-2018-17182, CVE-2018-6554, CVE-2018-6555
MD5 | c89f1e278853e1551c8823435796499e
Ubuntu Security Notice USN-3776-2
Posted Oct 2, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3776-2 - USN-3776-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-18216, CVE-2018-10902, CVE-2018-14633, CVE-2018-15572, CVE-2018-15594, CVE-2018-16276, CVE-2018-17182, CVE-2018-6554, CVE-2018-6555
MD5 | 756be1d516df5a9777a07b3fe8971a35
Ubuntu Security Notice USN-3776-1
Posted Oct 2, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3776-1 - Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-18216, CVE-2018-10902, CVE-2018-14633, CVE-2018-15572, CVE-2018-15594, CVE-2018-16276, CVE-2018-17182, CVE-2018-6554, CVE-2018-6555
MD5 | 0fd4ffabf15eba8599f2deb0222a96ac
Ubuntu Security Notice USN-3775-2
Posted Oct 2, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3775-2 - USN-3775-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-14633, CVE-2018-14634, CVE-2018-15572, CVE-2018-15594, CVE-2018-6554, CVE-2018-6555
MD5 | 5a7a476899f737bedb1f0ed9d8c748e4
Ubuntu Security Notice USN-3775-1
Posted Oct 2, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3775-1 - It was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. A local attacker could use this to expose sensitive information. It was discovered that microprocessors utilizing speculative execution and prediction of return addresses via Return Stack Buffer may allow unauthorized memory reads via sidechannel attacks. An attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-14633, CVE-2018-14634, CVE-2018-15572, CVE-2018-15594, CVE-2018-6554, CVE-2018-6555
MD5 | 47abfae12c36a61e3b7f5e7eebb52ed5
Page 4 of 2,765
Back23456Next

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    16 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close