Ubuntu Security Notice 3774-1 - It was discovered that strongSwan incorrectly handled signature validation in the gmp plugin. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly execute arbitrary code.
fd3e961b1e177ab4aee967a666727b35Debian Linux Security Advisory 4308-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
a1995d1e6eb105061c1bda57627f1054Ivanti Workspace Control contains a flaw where it is possible to access folders that should be protected by Data Security. A local attacker can bypass these restrictions using localhost UNC paths. Depending on the NTFS permissions it may be possible for local users to access files and folders that should be protected using Data Protection. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1 and 10.2.950.0.
148e251d9ddfd0423ac5e26fca7cc59aA flaw was found in Workspace Control that allows a local unprivileged user to retrieve the database or Relay server credentials from the Windows Registry. These credentials are encrypted, however the encryption that is used is reversible. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1 and 10.2.950.0.
40fda4c2a16f2e00046340df84539054It was found that Ivanti Workspace Control allows a local (unprivileged) attacker to run arbitrary commands with Administrator privileges. This issue can be exploited by spawning a new Composer process, injecting a malicious thread in this process. This thread connects to a Named Pipe and sends an instruction to a service to launch an attacker-defined application with elevated privileges. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1 and 10.2.950.0.
7ee90d03763dd9d1bf3d0ff765a7bab3Red Hat Security Advisory 2018-2837-01 - ceph-iscsi-cli provides a CLI interface similar to the targetcli tool used to interact with the kernel LIO subsystem. Issues addressed include code execution and privilege escalation vulnerabilities.
9e09c8f83771273500cc9d41fa1d98f5Red Hat Security Advisory 2018-2838-01 - ceph-iscsi-cli provides a CLI interface similar to the targetcli tool used to interact with the kernel LIO subsystem. Issues addressed include code execution and privilege escalation vulnerabilities.
83bb53084d2d734cdf0373a138ada6daUbuntu Security Notice 3769-2 - USN-3769-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Bind incorrectly handled the deny-answer- aliases feature. If this feature is enabled, a remote attacker could use this issue to cause Bind to crash, resulting in a denial of service. Various other issues were also addressed.
370e86743a28c073a6434d3ab804b00bUbuntu Security Notice 3773-1 - It was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service.
66d7dd75858c2507bc4d9c78964b1c62WebKitGTK+ and WPE WebKit suffers from code execution and assertion vulnerabilities.
ad55a7e2b216d2b0a62e4e888a704435Debian Linux Security Advisory 4307-1 - to initialize Expat's hash salt, two denial of service issues were found in difflib and poplib and a buffer overflow in PyString_DecodeEscape.
acf1f4f8778776ac275f78fc6fabea12Dell EMC Unity requires an update to address an Incorrect File Permissions vulnerability with multiple files. This vulnerability may potentially be exploited by malicious local users to compromise the affected system. Dell EMC Unity Operating Environment (OE) versions 4.3.0.x and 4.3.1.x and Dell EMC UnityVSA Operating Environment (OE) versions 4.3.0.x and 4.3.1.x are affected.
938d0e334e16f3d61be4cc3ffcb624ffDebian Linux Security Advisory 4306-1 - Multiple security issues were discovered in Python: ElementTree failed to initialize Expat's hash salt, two denial of service issues were found in difflib and poplib and the shutil module was affected by a command injection vulnerability.
59ac7d08f42ae08ee8581f5c3f9f8e4eUbuntu Security Notice 3719-3 - USN-3719-1 fixed vulnerabilities in Mutt. Unfortunately, the fixes were not correctly applied to the packaging for Mutt in Ubuntu 16.04 LTS. This update corrects the oversight. It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this to execute arbitrary code. Various other issues were also addressed.
c5de7c36c1c7844cd0a691144c17c95dSkype on Debian automatically installs apt configuration that adds Microsoft's apt repo to the system's package sources. That way, Microsoft (or anybody holding their repo's private key) can easily inject malicious packages via regular update and replace distro packages w/ their own manipulated ones.
29907a8788a851294654cf6bba1d66acRed Hat Security Advisory 2018-2835-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.1 ESR. Issues addressed include a crash.
8f9c83d61cb277d76f94999c085df60bRed Hat Security Advisory 2018-2834-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.1 ESR. Issues addressed include a crash.
b69b990087b2042ffe81272b960516abRed Hat Security Advisory 2018-2822-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include a buffer overflow vulnerability.
1677bdde8f0e5bc598d02229208feb61Red Hat Security Advisory 2018-2826-01 - Mod_perl incorporates a Perl interpreter into the Apache web server, such that the Apache HTTP server can directly execute Perl code. Issues addressed include a code execution vulnerability.
68d78740d4e091cea9d2b974a51f106cRed Hat Security Advisory 2018-2825-01 - Mod_perl incorporates a Perl interpreter into the Apache web server, such that the Apache HTTP server can directly execute Perl code. Issues addressed include a code execution vulnerability.
7cd8146c3ec61901eb3a054b2a7a3399Red Hat Security Advisory 2018-2745-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Issues addressed include code execution and traversal vulnerabilities.
71d921baf1c377550682429bed433a41Ubuntu Security Notice 3772-1 - It was discovered that UDisks incorrectly handled format strings when logging. A local attacker could possibly use this issue to cause a denial of service or obtain sensitive information.
d24bffacaa4e7d3682c8398bbd27b95dRed Hat Security Advisory 2018-2818-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 69.0.3497.100. Issues addressed include a signature mismatch.
74028d113271274ad3d47ad40021870aRed Hat Security Advisory 2018-2654-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.6.173.0.130. Issues addressed include a crash.
6fd727ab1f638495671391e1d40f3d13Red Hat Security Advisory 2018-2785-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass, denial of service, and use-after-free vulnerabilities.
b0f2102ce191b6ffb6d113c1478432d1
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed