Multiple bugs were found in the code handling fax page reception in JPEG format that allow arbitrary writes to an uninitialized pointer by remote parties dialing in. When processing an specially crafted input, the issue could lead to remote code execution. HylaFAX versions 6.0.6 and 5.6.0 are affected.
b13871247b7cf82557cf72c3c2ec0aa3Red Hat Security Advisory 2018-2731-01 - The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. The spice-gtk packages provide a GIMP Toolkit widget for Simple Protocol for Independent Computing Environments clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. Issues addressed include buffer overflow and denial of service vulnerabilities.
8d40cb7f1ced83a4f4b7bd544cba91fdRed Hat Security Advisory 2018-2732-01 - The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor or on Red Hat Enterprise Virtualization Hypervisors. The spice-gtk packages provide a GIMP Toolkit widget for Simple Protocol for Independent Computing Environments clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. Issues addressed include buffer overflow and denial of service vulnerabilities.
863d33eb921de55d54e521471f3d6064Ubuntu Security Notice 3769-1 - It was discovered that Bind incorrectly handled the deny-answer-aliases feature. If this feature is enabled, a remote attacker could use this issue to cause Bind to crash, resulting in a denial of service.
264b44ce038373718e871ebf65478accManageEngine OPManager version 12.3 suffers from a remote SQL injection vulnerability.
2038e67567ecd2a777571f2252fa6b92Ubuntu Security Notice 3766-2 - USN-3766-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. Various other issues were also addressed.
a6da1b13303103e6972312ac2ca98410Ubuntu Security Notice 3768-1 - Tavis Ormandy discovered multiple security issues in Ghostscript. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service.
d71aa36db910f03a65299778962f6b01CA Release Automation NiMi version 6.5 suffers from a remote command execution vulnerability.
ff45e0057873b44374cc8a9edbcfabbdMoodle versions 3.5.2, 3.4.5, 3.3.8, and 3.1.14 suffer from a remote php unserialize code execution vulnerability.
4230dd49813d98f84c6358427e417b39Ubisoft Uplay Desktop Client version 63.0.5699.0 suffers from a remote code execution vulnerability.
da07192d34e92e6da201a74d92766b6dUbuntu Security Notice 3722-6 - USN-3722-1 fixed vulnerabilities in ClamAV. The new package introduced an issue which caused dpkg-reconfigure to enter an infinite loop. This update fixes the problem. It was discovered that ClamAV incorrectly handled parsing certain HWP files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. Various other issues were also addressed.
ec7521f93e9159072a1a7b2ea975f236Ubuntu Security Notice 3766-1 - It was discovered that PHP incorrectly handled restarting certain child processes when php-fpm is used. A remote attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 18.04 LTS. It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. Various other issues were also addressed.
13f0348bda82b5ca1eba85e0d5b724d6Ubuntu Security Notice 3722-5 - USN-3722-1 fixed vulnerabilities in ClamAV. The new package introduced an issue which caused dpkg-reconfigure to enter an infinite loop. This update fixes the problem. It was discovered that ClamAV incorrectly handled parsing certain HWP files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. Various other issues were also addressed.
d68dff56e88be3c2285c478118e4ff05WordPress Arigato Autoresponder and Newsletter plugin version 2.5 suffers from cross site scripting and remote SQL injection vulnerabilities.
7d535ca7853080a8b831de38f014cd8aJoomla JCK Editor version 6.4.4 suffers from a remote SQL injection vulnerability.
bb4dcc781bf8291fcb89bca0e79c2be7Lone Wolf loadingDOCS allows remote attackers the ability to download confidential files via simply incrementing a value.
8cda6410750f939b9cd093860696d293Apache Syncope version 2.7 suffers from a remote code execution vulnerability.
3b2923f2352be61e2ec76c16f860726cWatchguard AP100/AP102/AP200 version 1.2.9.15 suffers from a remote code execution vulnerability.
72c4e1b8e713ea2450edc6acb51612d5WordPress Survey and Poll plugin version 1.5.7.3 suffers from a remote SQL injection vulnerability.
ec78593c5c35b39a6cdcccb35f3b890fApache Portals Pluto version 3.0.0 suffers from a remote code execution vulnerability.
43bf56e9644df59a9f07191ff83eb0cfTor Browser versions prior to 8.0 are affected by an information disclosure vulnerability that allows remote attackers to bypass the intended anonymity feature and discover a client IP address. The vulnerability affects Windows users only and needs user interaction to be exploited.
cf495bd49850c516bb8103c472dcfa4dIBM Identity Governance and Intelligence versions 5.2.3.2 and 5.2.4 suffer from a remote SQL injection vulnerability.
143ea4633be11aadac7f92dae35cfe22Ubuntu Security Notice 3763-1 - Juha-Matti Tilli discovered that the TCP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packets. A remote attacker could use this to cause a denial of service.
67c8344e6ac27fd52905ff9715d385a4Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
84497a248f49ed42c344612501bae934Easy File Sharing Web Server version 6.9 POST msg.ghp UserID remote buffer overflow SEH exploit with DEP bypass and ROP.
b31f7c399d1e719caf9218f318385547
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed