Ubuntu Security Notice 4065-1 - It was discovered that Squid incorrectly handled Digest authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. It was discovered that Squid incorrectly handled Basic authentication. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.04. Various other issues were also addressed.
4f76b96ab8a7b06f1886fa584c06000cUbuntu Security Notice 4064-1 - A sandbox escape was discovered in Thunderbird. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same origin restrictions, conduct cross-site scripting attacks, spoof origin attributes, or execute arbitrary code. Various other issues were also addressed.
f7be91863a97abc792600ed7d274b78dUbuntu Security Notice 4063-1 - Nils Emmerich discovered that LibreOffice incorrectly handled LibreLogo scripts. If a user were tricked into opening a specially crafted document, a remote attacker could cause LibreOffice to execute arbitrary code. Matei "Mal" Badanoiu discovered that LibreOffice incorrectly handled stealth mode. Contrary to expectations, bullet graphics could be retrieved from remote locations when running in stealth mode. Various other issues were also addressed.
5c4a3cb496c551255388e2750ed2e624Ubuntu Security Notice 4061-1 - It was discovered that Redis incorrectly handled the hyperloglog data structure. An attacker could use this issue to cause Redis to crash, resulting in a denial of service, or possibly execute arbitrary code.
8b3193b03bab1bc31716f1268177203eDebian Linux Security Advisory 4482-1 - Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing, information disclosure, denial of service or cross-site request forgery.
98a6d07eeef8d662beb2fa0f236cb9d3Ubuntu Security Notice 4055-1 - Mike Salvatore discovered that FlightCrew improperly handled certain malformed EPUB files. An attacker could potentially use this vulnerability to cause a denial of service. Mike Salvatore discovered that FlightCrew mishandled certain malformed EPUB files. An attacker could use this vulnerability to write arbitrary files to the filesystem. Mike Salvatore discovered that the version of Zipios included in FlightCrew mishandled certain malformed ZIP files. An attacker could use this vulnerability to cause a denial of service or consume system resources. Various other issues were also addressed.
797b140c1d1b3f14e7a806b02c5bfedbRed Hat Security Advisory 2019-1774-01 - Vim is an updated and improved version of the vi editor. An arbitrary command execution vulnerability has been addressed.
1317e257c8088f1778bfcb6c002f50ebUbuntu Security Notice 4054-1 - A sandbox escape was discovered in Firefox. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass same origin restrictions, conduct cross-site scripting attacks, conduct cross-site request forgery attacks, spoof origin attributes, spoof the addressbar contents, bypass safebrowsing protections, or execute arbitrary code. Various other issues were also addressed.
8ea6959ed7ac020d5ddd786544d68258This Metasploit module exploits a command injection vulnerability in Xymon versions before 4.3.25 which allows authenticated users to execute arbitrary operating system commands as the web server user. When adding a new user to the system via the web interface with useradm.sh, the user's username and password are passed to htpasswd in a call to system() without validation. This module has been tested successfully on Xymon version 4.3.10 on Debian 6.
5d1fdb4c7a1abc1fbc3c13a84a4a2eefDebian Linux Security Advisory 4480-1 - Multiple vulnerabilities were discovered in the HyperLogLog implementation of Redis, a persistent key-value database, which could result in denial of service or potentially the execution of arbitrary code.
e5f6048460ebffda11af0a60dbde63a3Debian Linux Security Advisory 4479-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing, information disclosure, denial of service or cross-site request forgery.
1e90e6a1c90fc8275f2fadb11f5d1fc8Red Hat Security Advisory 2019-1762-01 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. An arbitrary file read/execution vulnerability was addressed.
e0b1a1c7d0875a0dcb56e2bf48d61d44Debian Linux Security Advisory 4478-1 - Two vulnerabilities were discovered in the DOSBox emulator, which could result in the execution of arbitrary code on the host running DOSBox when running a malicious executable in the emulator.
d2099dfe1b04d9593f8a45054f2331ddUbuntu Security Notice 4051-2 - USN-4051-1 fixed a vulnerability in apport. This update provides the corresponding update for Ubuntu 14.04 ESM. Kevin Backhouse discovered a race-condition when reading the user's local Apport configuration. This could be used by a local attacker to cause Apport to include arbitrary files in a resulting crash report. Various other issues were also addressed.
733b6aa2acd3d9fb477fc75c12b7e718Ubuntu Security Notice 4051-1 - Kevin Backhouse discovered a race-condition when reading the user's local Apport configuration. This could be used by a local attacker to cause Apport to include arbitrary files in a resulting crash report.
23144505a813252b7919bf5f1a86185fDebian Linux Security Advisory 4477-1 - Fang-Pen Lin discovered a stack-based buffer-overflow flaw in ZeroMQ, a lightweight messaging kernel library. A remote, unauthenticated client connecting to an application using the libzmq library, running with a socket listening with CURVE encryption/authentication enabled, can take advantage of this flaw to cause a denial of service or the execution of arbitrary code.
0975c0781cc125d9675f4d734f053aabUbuntu Security Notice 4050-1 - It was discovered that ZeroMQ incorrectly handled certain application metadata. A remote attacker could use this issue to cause ZeroMQ to crash, or possibly execute arbitrary code.
4d685491f2c5137cd9958f8dbcb03095Ubuntu Security Notice 4048-1 - Aleksa Sarai discovered that Docker was vulnerable to a directory traversal attack. An attacker could use this vulnerability to read and write arbitrary files on the host filesystem as root.
871c67e67ab749e19e22393b83603276Cisco Data Center Network Manager (DCNM) versions 11.1(1) and below suffer from authentication bypass, arbitrary file upload, arbitrary file download, and information disclosure vulnerabilities.
2bd84aa0b859d4eb5b1a69ff91efea19Ubuntu Security Notice 4047-1 - Matthias Gerstner and Ján Tomko discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to check for arbitrary files, or execute arbitrary binaries. In the default installation, attackers would be isolated by the libvirt AppArmor profile.
958c7958a85b06e378fab329bef5e1eaUbuntu Security Notice 4046-1 - It was discovered that Irssi incorrectly handled certain disconnections. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. It was discovered that Irssi incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Various other issues were also addressed.
1dfe43f222e448ed9f244002ac7dbb22Ubuntu Security Notice 4038-4 - USN-4038-1 fixed a vulnerability in bzip2. The update introduced a regression causing bzip2 to incorrect raises CRC errors for some files. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. It was discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.
d260322e9cd039be6d169d4bf7459ec9Ubuntu Security Notice 4038-3 - USN-4038-1 fixed a vulnerability in bzip2. The update introduced a regression causing bzip2 to incorrect raises CRC errors for some files. It was discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.
66af3c08c662baf1ba782281363a0d52Ubuntu Security Notice 4045-1 - A type confusion bug was discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could exploit this by causing a denial of service, or executing arbitrary code. It was discovered that a sandboxed child process could open arbitrary web content in the parent process via the Prompt:Open IPC message. When combined with another vulnerability, an attacker could potentially exploit this to execute arbitrary code. Various other issues were also addressed.
9fa133151559c278017a960cc0132070Red Hat Security Advisory 2019-1683-01 - openstack-tripleo-common contains the python library for code common to the Red Hat OpenStack Platform director CLI and GUI. An issue existed where openstack-tripleo-common allowed running new amphorae based on arbitrary images.
000b36778e35e0340bbc4cb0ca78a977
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed