Ubuntu Security Notice 3703-1 - It was discovered that the Archive Zip module incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information.
31d7425a12327c23bb9d8f2a84bbc316Ubuntu Security Notice 3702-1 - It was discovered that PHP incorrectly handled exif tags in certain images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.
91cf13f6abb86654377d8a466daabf9aDebian Linux Security Advisory 4239-1 - Fabian Henneke discovered a cross-site scripting vulnerability in the password change form of GOsa, a web-based LDAP administration program.
56086d082ca5d123804f4ef1df3e16f2Debian Linux Security Advisory 4238-1 - Several vulnerabilities have been discovered in Exiv2, a C++ library and a command line utility to manage image metadata which could result in denial of service or the execution of arbitrary code if a malformed file is parsed.
a420d05080680430bf4d1bf954fb1cfbUbuntu Security Notice 3701-1 - It was discovered that libsoup incorrectly handled certain cookie requests. An attacker could possibly use this to cause a denial of service.
b0c0579f7b3ca9e230cf94b9df86cbd0Ubuntu Security Notice 3700-1 - It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. It was discovered that Exiv2 incorrectly handled certain PNG files. An attacker could possibly use this to access sensitive information. It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. Various other issues were also addressed.
f90e6188ca493c98ad04b286dcdd3824Apache PDFBox versions 1.8.0 through 1.8.14 and 2.0.0 through 2.0.10 suffer from a denial of service vulnerability.
5406ad0a860326fc8d216333b6555570Ubuntu Security Notice 3699-1 - It was discovered that zziplib incorrectly handled certain malformed ZIP files. If a user or automated system were tricked into opening a specially crafted ZIP file, a remote attacker could cause zziplib to crash, resulting in a denial of service, or possibly execute arbitrary code.
e1a866e78af6bf136d61080d383115a1Red Hat Security Advisory 2018-2123-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a man-in-the-middle vulnerability.
bbaaaf50fafda3cb30530deaac90bbd0Ubuntu Security Notice 3698-2 - USN-3698-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the nested KVM implementation in the Linux kernel in some situations did not properly prevent second level guests from reading and writing the hardware CR8 register. A local attacker in a guest could use this to cause a denial of service. Various other issues were also addressed.
d99c9b1c8afb3fd3cbaf8db904a91c13Ubuntu Security Notice 3697-2 - It was discovered that a null pointer dereference vulnerability existed in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Jann Horn discovered that the 32 bit adjtimex syscall implementation for 64 bit Linux kernels did not properly initialize memory returned to user space in some situations. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
909cda7a29febac98e75c2d0765c11bbDebian Linux Security Advisory 4237-1 - Several vulnerabilities have been discovered in the chromium web browser.
1f3a8deb9c2129e5501e9f6a390ee7adUbuntu Security Notice 3696-2 - USN-3696-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that an integer overflow existed in the perf subsystem of the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
7232f498840627d5ecbea781d6ae2d03Ubuntu Security Notice 3697-1 - It was discovered that a null pointer dereference vulnerability existed in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Jann Horn discovered that the 32 bit adjtimex syscall implementation for 64 bit Linux kernels did not properly initialize memory returned to user space in some situations. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
54b7a600656fb446c5ec64068acbde8cUbuntu Security Notice 3698-1 - It was discovered that the nested KVM implementation in the Linux kernel in some situations did not properly prevent second level guests from reading and writing the hardware CR8 register. A local attacker in a guest could use this to cause a denial of service. Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array implementation in the Linux kernel sometimes did not properly handle adding a new entry. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
79e62f3c9db29224ec902903f92f2bffUbuntu Security Notice 3696-1 - It was discovered that an integer overflow existed in the perf subsystem of the Linux kernel. A local attacker could use this to cause a denial of service. Wei Fang discovered an integer overflow in the F2FS filesystem implementation in the Linux kernel. A local attacker could use this to cause a denial of service. It was discovered that an information leak existed in the generic SCSI driver in the Linux kernel. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
85ebc7f68fdfd1ec62e89e89a7199622Ubuntu Security Notice 3695-1 - Wen Xu discovered that the ext4 file system implementation in the Linux kernel did not properly initialize the crc32c checksum driver. A local attacker could use this to cause a denial of service. It was discovered that the cdrom driver in the Linux kernel contained an incorrect bounds check. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
1ab8575ad708cdc9ce2f92f0db75ae9fUbuntu Security Notice 3695-2 - USN-3695-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Wen Xu discovered that the ext4 file system implementation in the Linux kernel did not properly initialize the crc32c checksum driver. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
6208e9e136bfff7fc82ca98b30f85bdaMicrosoft Windows Kernel (win32k.sys) suffers from a local denial of service null pointer vulnerability in NtUserConsoleControl.
3fd18ac6710b6c0e6ed7b3cfb9170e55RSA Certificate Manager 6.9 contains a fix for a path traversal vulnerability that could potentially be exploited by malicious users to compromise the affected system. Affected versions include RSA Certificate Manager versions 6.9 build 560 through 6.9 build 564. Related CVE number: CVE-2018-11051.
cb86ed558d6ab052c2b1193c2d53c29dAn issue was discovered on D-Link DIR-890L A2 devices. Due to the predictability of the /docs/captcha_(number).jpeg URI, being local to the network, but unauthenticated to the administrator's panel, an attacker can disclose the CAPTCHAs used by the access point and can elect to load the CAPTCHA of their choosing, leading to unauthorized login attempts to the access point.
214b3494230a0438d386a6419d414c81extjs versions prior to 6.6.0 suffer from a cross site scripting vulnerability.
6918d7270bd31d8743adad33428062bcDell EMC ECS versions 3.2.0.0 and 3.2.0.1 contain an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to read and modify S3 objects by supplying specially crafted S3 requests.
2e3f16624ae92fac275cc03abf77df09VMware Security Advisory 2018-0011.1 - Unauthenticated Command Injection vulnerability in VMware NSX SD-WAN by VeloCloud.
33528556c724e88878d3cddd9df431a0VMware Security Advisory 2018-0016 - VMware ESXi, Workstation, and Fusion updates address multiple out-of-bounds read vulnerabilities.
9e77b1bff964e74c1f3bb1b38b506d8d
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed