Twenty Year Anniversary
Showing 101 - 125 of 69,118 RSS Feed

Advisory Files

Ubuntu Security Notice USN-3774-1
Posted Oct 2, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3774-1 - It was discovered that strongSwan incorrectly handled signature validation in the gmp plugin. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-17540
MD5 | fd3e961b1e177ab4aee967a666727b35
Debian Security Advisory 4308-1
Posted Oct 2, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4308-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2018-10902, CVE-2018-10938, CVE-2018-13099, CVE-2018-14609, CVE-2018-14617, CVE-2018-14633, CVE-2018-14678, CVE-2018-14734, CVE-2018-15572, CVE-2018-15594, CVE-2018-16276, CVE-2018-16658, CVE-2018-17182, CVE-2018-6554, CVE-2018-6555, CVE-2018-7755, CVE-2018-9363, CVE-2018-9516
MD5 | a1995d1e6eb105061c1bda57627f1054
Ivanti Workspace Control UNC Path Data Security Bypass
Posted Oct 1, 2018
Authored by Yorick Koster, Securify B.V.

Ivanti Workspace Control contains a flaw where it is possible to access folders that should be protected by Data Security. A local attacker can bypass these restrictions using localhost UNC paths. Depending on the NTFS permissions it may be possible for local users to access files and folders that should be protected using Data Protection. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1 and 10.2.950.0.

tags | advisory, local, bypass
MD5 | 148e251d9ddfd0423ac5e26fca7cc59a
Ivanti Workspace Control Registry Stored Credentials
Posted Oct 1, 2018
Authored by Yorick Koster, Securify B.V.

A flaw was found in Workspace Control that allows a local unprivileged user to retrieve the database or Relay server credentials from the Windows Registry. These credentials are encrypted, however the encryption that is used is reversible. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1 and 10.2.950.0.

tags | advisory, local, registry
systems | windows
MD5 | 40fda4c2a16f2e00046340df84539054
Ivanti Workspace Control Named Pipe Privilege Escalation
Posted Oct 1, 2018
Authored by Yorick Koster, Securify B.V.

It was found that Ivanti Workspace Control allows a local (unprivileged) attacker to run arbitrary commands with Administrator privileges. This issue can be exploited by spawning a new Composer process, injecting a malicious thread in this process. This thread connects to a Named Pipe and sends an instruction to a service to launch an attacker-defined application with elevated privileges. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1 and 10.2.950.0.

tags | advisory, arbitrary, local
MD5 | 7ee90d03763dd9d1bf3d0ff765a7bab3
Red Hat Security Advisory 2018-2837-01
Posted Oct 1, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2837-01 - ceph-iscsi-cli provides a CLI interface similar to the targetcli tool used to interact with the kernel LIO subsystem. Issues addressed include code execution and privilege escalation vulnerabilities.

tags | advisory, kernel, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2018-14649
MD5 | 9e09c8f83771273500cc9d41fa1d98f5
Red Hat Security Advisory 2018-2838-01
Posted Oct 1, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2838-01 - ceph-iscsi-cli provides a CLI interface similar to the targetcli tool used to interact with the kernel LIO subsystem. Issues addressed include code execution and privilege escalation vulnerabilities.

tags | advisory, kernel, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2018-14649
MD5 | 83bb53084d2d734cdf0373a138ada6da
Ubuntu Security Notice USN-3769-2
Posted Oct 1, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3769-2 - USN-3769-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Bind incorrectly handled the deny-answer- aliases feature. If this feature is enabled, a remote attacker could use this issue to cause Bind to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2018-5740
MD5 | 370e86743a28c073a6434d3ab804b00b
Ubuntu Security Notice USN-3773-1
Posted Oct 1, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3773-1 - It was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-16510
MD5 | 66d7dd75858c2507bc4d9c78964b1c62
WebKitGTK+ / WPE WebKit Code Execution / Assertion Failures
Posted Oct 1, 2018
Authored by WebKitGTK+ Team

WebKitGTK+ and WPE WebKit suffers from code execution and assertion vulnerabilities.

tags | advisory, vulnerability, code execution
advisories | CVE-2018-4191, CVE-2018-4197, CVE-2018-4207, CVE-2018-4208, CVE-2018-4209, CVE-2018-4210, CVE-2018-4212, CVE-2018-4213, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4311, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361
MD5 | ad55a7e2b216d2b0a62e4e888a704435
Debian Security Advisory 4307-1
Posted Sep 30, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4307-1 - to initialize Expat's hash salt, two denial of service issues were found in difflib and poplib and a buffer overflow in PyString_DecodeEscape.

tags | advisory, denial of service, overflow
systems | linux, debian
advisories | CVE-2017-1000158, CVE-2018-1060, CVE-2018-1061, CVE-2018-14647
MD5 | acf1f4f8778776ac275f78fc6fabea12
Dell EMC Unity Family 4.3.0.x / 4.3.1.x Incorrect File Permissions
Posted Sep 28, 2018
Site emc.com

Dell EMC Unity requires an update to address an Incorrect File Permissions vulnerability with multiple files. This vulnerability may potentially be exploited by malicious local users to compromise the affected system. Dell EMC Unity Operating Environment (OE) versions 4.3.0.x and 4.3.1.x and Dell EMC UnityVSA Operating Environment (OE) versions 4.3.0.x and 4.3.1.x are affected.

tags | advisory, local
advisories | CVE-2018-11064
MD5 | 938d0e334e16f3d61be4cc3ffcb624ff
Debian Security Advisory 4306-1
Posted Sep 28, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4306-1 - Multiple security issues were discovered in Python: ElementTree failed to initialize Expat's hash salt, two denial of service issues were found in difflib and poplib and the shutil module was affected by a command injection vulnerability.

tags | advisory, denial of service, python
systems | linux, debian
advisories | CVE-2018-1000802, CVE-2018-1060, CVE-2018-1061, CVE-2018-14647
MD5 | 59ac7d08f42ae08ee8581f5c3f9f8e4e
Ubuntu Security Notice USN-3719-3
Posted Sep 28, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3719-3 - USN-3719-1 fixed vulnerabilities in Mutt. Unfortunately, the fixes were not correctly applied to the packaging for Mutt in Ubuntu 16.04 LTS. This update corrects the oversight. It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-14349, CVE-2018-14353, CVE-2018-14357, CVE-2018-14358, CVE-2018-14362
MD5 | c5de7c36c1c7844cd0a691144c17c95d
Skype On Debian Microsoft Apt Repo Addition
Posted Sep 28, 2018
Authored by Enrico Weigelt

Skype on Debian automatically installs apt configuration that adds Microsoft's apt repo to the system's package sources. That way, Microsoft (or anybody holding their repo's private key) can easily inject malicious packages via regular update and replace distro packages w/ their own manipulated ones.

tags | advisory
systems | linux, debian
MD5 | 29907a8788a851294654cf6bba1d66ac
Red Hat Security Advisory 2018-2835-01
Posted Sep 28, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2835-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.1 ESR. Issues addressed include a crash.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2018-12383, CVE-2018-12385
MD5 | 8f9c83d61cb277d76f94999c085df60b
Red Hat Security Advisory 2018-2834-01
Posted Sep 28, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2834-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.1 ESR. Issues addressed include a crash.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2018-12383, CVE-2018-12385
MD5 | b69b990087b2042ffe81272b960516ab
Red Hat Security Advisory 2018-2822-01
Posted Sep 28, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2822-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2018-11806
MD5 | 1677bdde8f0e5bc598d02229208feb61
Red Hat Security Advisory 2018-2826-01
Posted Sep 27, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2826-01 - Mod_perl incorporates a Perl interpreter into the Apache web server, such that the Apache HTTP server can directly execute Perl code. Issues addressed include a code execution vulnerability.

tags | advisory, web, perl, code execution
systems | linux, redhat
advisories | CVE-2011-2767
MD5 | 68d78740d4e091cea9d2b974a51f106c
Red Hat Security Advisory 2018-2825-01
Posted Sep 27, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2825-01 - Mod_perl incorporates a Perl interpreter into the Apache web server, such that the Apache HTTP server can directly execute Perl code. Issues addressed include a code execution vulnerability.

tags | advisory, web, perl, code execution
systems | linux, redhat
advisories | CVE-2011-2767
MD5 | 7cd8146c3ec61901eb3a054b2a7a3399
Red Hat Security Advisory 2018-2745-01
Posted Sep 26, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2745-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Issues addressed include code execution and traversal vulnerabilities.

tags | advisory, web, vulnerability, code execution, ruby
systems | linux, redhat
advisories | CVE-2018-10905, CVE-2018-3760
MD5 | 71d921baf1c377550682429bed433a41
Ubuntu Security Notice USN-3772-1
Posted Sep 26, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3772-1 - It was discovered that UDisks incorrectly handled format strings when logging. A local attacker could possibly use this issue to cause a denial of service or obtain sensitive information.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2018-17336
MD5 | d24bffacaa4e7d3682c8398bbd27b95d
Red Hat Security Advisory 2018-2818-01
Posted Sep 26, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2818-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 69.0.3497.100. Issues addressed include a signature mismatch.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2018-17458, CVE-2018-17459
MD5 | 74028d113271274ad3d47ad40021870a
Red Hat Security Advisory 2018-2654-01
Posted Sep 26, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2654-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.6.173.0.130. Issues addressed include a crash.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-14632
MD5 | 6fd727ab1f638495671391e1d40f3d13
Red Hat Security Advisory 2018-2785-01
Posted Sep 25, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2785-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass, denial of service, and use-after-free vulnerabilities.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2018-10675, CVE-2018-5390, CVE-2018-5391
MD5 | b0f2102ce191b6ffb6d113c1478432d1
Page 5 of 2,765
Back34567Next

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    16 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close