Ubuntu Security Notice 3591-1 - James Davis discovered that Django incorrectly handled certain template filters. A remote attacker could possibly use this issue to cause Django to consume resources, resulting in a denial of service.
3b9c5f6dfb0058d9e800a5339c271172Red Hat Security Advisory 2018-0414-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: 389-ds-base: remote Denial of Service via search filters in SetUnicodeStringFromUTF_8 in collate.c 389-ds-base: Authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c.
6911139227365a53604641748be0ba4fDebian Linux Security Advisory 4128-1 - Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server. They could lead to the use of an incorrect upstream proxy, or allow a remote attacker to cause a denial-of-service by application crash.
9f749e62dd2b900735379f6dff507029Ubuntu Security Notice 3588-1 - Daniel Shapira discovered an integer overflow issue in Memcached. A remote attacker could use this to cause a denial of service. It was discovered that Memcached listened to UDP by default. A remote attacker could use this as part of a distributed denial of service attack.
d801359fde7a431a2661008a3f1439a6Ubuntu Security Notice 3587-1 - It was discovered that Dovecot incorrectly handled parsing certain email addresses. A remote attacker could use this issue to cause Dovecot to crash, resulting in a denial of service, or possibly obtain sensitive information. It was discovered that Dovecot incorrectly handled TLS SNI config lookups. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service. Various other issues were also addressed.
d950c50445bd3f0c41053e96a325ea91Ubuntu Security Notice 3575-2 - USN-3575-1 fixed vulnerabilities in QEMU. The fix for CVE-2017-11334 caused a regression in Xen environments. This update removes the problematic fix pending further investigation. It was discovered that QEMU incorrectly handled guest ram. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. David Buchanan discovered that QEMU incorrectly handled the VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 17.10. Thomas Garnier discovered that QEMU incorrectly handled multiboot. An attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Various other issues were also addressed.
8897bd653068b95fd874eb483496b3a5CloudMe Sync version 1.9.2 remote buffer overflow exploit. Tested on Win7 32b SP1.
0aad6d2a48bef8836345a0cdb5dad99cTor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
a8b8b3db93f87a5c061109dbd8cd5309OTRS versions 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1 suffer from remote code execution vulnerabilities.
ac1bc6a06bf339a083573a1b4efc681cTestLink Open Source Test Management versions prior to 1.9.16 suffer from a remote code execution vulnerability.
40910cbcf1e8ab75e88a90a24e42fce2Ubuntu Security Notice 3586-1 - Konstantin Orekhov discovered that the DHCP server incorrectly handled a large number of concurrent TCP sessions. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. It was discovered that the DHCP server incorrectly handled socket descriptors. A remote attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.
08aea38d77f392f613434bd52973ae94HP Security Bulletin MFSBGN03794 2 - A potential security vulnerabilities has been identified in Micro Focus Operations Agent. The vulnerabilities could be remotely exploited to Remote Disclosure of Information. At this time Micro Focus Alarm Manager uses a vulnerable encryption infrastructure. Revision 2 of this advisory.
afc9e132384c032fbf6de68ca14bef89Red Hat Security Advisory 2018-0378-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix: It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module.
91a96a35a620b9a34ddbe39a2533462cRed Hat Security Advisory 2018-0374-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Ansible Tower helps you scale IT automation, manage complex deployments and speed productivity. Centralize and control your IT infrastructure with a visual dashboard, role-based access control, job scheduling, integrated notifications and graphical inventory management. And Ansible Tower's REST API and CLI make it easy to embed Ansible Tower into existing tools and processes.
79b810e5c79927718ca56efc4f153d5eClipBucket versions prior to 4.0.0 Release 4902 suffer from OS command injection, arbitrary file upload, and remote SQL injection vulnerabilities.
5f01efc19d73b84eb391886d4efcadc7HP Security Bulletin HPESBHF03826 1 - A security vulnerability in HPE Integrated Lights-Out 3 (iLO 3) allows remote Denial of Service (DoS). Revision 1 of this advisory.
c56a899cce863475c8fa1639c39cb897School Management Script version 3.0.4 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
d390ad349e460d35d8493fd77e7a9e2dSchools Alert Management Script version 2.0.2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
5561cbf81e24d93f4a84037f9c7eb310Ubuntu Security Notice 3584-1 - Gabriel Corona discovered that sensible-utils incorrectly validated strings when launcher a browser with the sensible-browser tool. A remote attacker could possibly use this issue with a specially crafted URL to conduct an argument injection attack and execute arbitrary code.
0a5ec8a052d4762e3e8d7d30c9d77f5cCMS Made Simple version 2.1.6 suffers from a remote code execution vulnerability during install time.
374dbe5800d06fa2269f4be2af82aedbThe Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
9073336d6b6993677a5214631dc914edJoomla! OS Property Real Estate component version 3.12.7 suffers from a remote SQL injection vulnerability.
10c1e12862bd58e0615a8e888d05f32dJoomla! Proclaim component version 9.1.1 suffers from a remote shell upload vulnerability.
e4b3f4730e22f3b7318737ee5628509eJoomla! CheckList component version 1.1.1 suffers from a remote SQL injection vulnerability.
da40a67229d8a2554d96e24e8dd85c27Joomla! Alexandria Book Library component version 3.1.2 suffers from a remote SQL injection vulnerability.
7cc1ce6165302e8abb336073f066c668
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed