Silver Peak EdgeConnect version 8.1.4.9_65644 suffers from brute force, information leakage, cross site request forgery, cross site scripting, denial of service, default SNMP community string, and path traversal vulnerabilities.
e4ddd8331675dc38b057e9a9e7378699Debian Linux Security Advisory 4276-1 - Fariskhi Vidyan and Thomas Jarosch discovered several vulnerabilities in php-horde-image, the image processing library for the Horde groupware suite. They would allow an attacker to cause a denial-of-service or execute arbitrary code.
84275deef406d84c7f82d6c07a2ae031Red Hat Security Advisory 2018-2486-01 - This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Issues addressed include buffer overflow, heap overflow, and use-after-free vulnerabilities.
4ed8879f71a593f7de2299931bf8ea6fRed Hat Security Advisory 2018-2439-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Issues addressed include a silly amount of unspecified vulnerabilities.
37b1f1d1280149862b03b5c7a5432951Pimcore versions 5.2.3 and below suffer from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
d808a938be664e7caf308aa18e9de8b5Red Hat Security Advisory 2018-2435-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 30.0.0.154. Issues addressed include bypass and information leakage vulnerabilities.
1ade2950ca8e91daf2400b4965357ff9OpenEMR version 5.0.1.3 suffers from arbitrary file read, write, and delete vulnerabilities.
8c5ed52e9a7bf67bc17c83f353a1e80fRed Hat Security Advisory 2018-2423-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include denial of service and traversal vulnerabilities.
9843df3e66ede978c76604198232e007Red Hat Security Advisory 2018-2424-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include denial of service and traversal vulnerabilities.
e475746c5e8e9707f900b45689524423Red Hat Security Advisory 2018-2428-01 - Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.2.4 serves as a replacement for Red Hat Single Sign-On 7.2.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include denial of service and traversal vulnerabilities.
b7f5e94b3fe341dd249dd5e53290aa95Red Hat Security Advisory 2018-2425-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on Wildfly. This release of Red Hat JBoss Enterprise Application Platform 7.1.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include denial of service and traversal vulnerabilities.
be58e752dc451b593fcfa44af7aa47b1Ubuntu Security Notice 3742-2 - USN-3742-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 for Ubuntu 12.04 ESM. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker in a guest virtual machine could use this to expose sensitive information. Various other issues were also addressed.
8765eb216afec68e03e4729f603e2423Ubuntu Security Notice 3741-2 - USN-3741-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker in a guest virtual machine could use this to expose sensitive information. Various other issues were also addressed.
a0d39dbb79e2f19019b21e3f47cfbceeUbuntu Security Notice 3740-2 - USN-3740-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker in a guest virtual machine could use this to expose sensitive information. Various other issues were also addressed.
af22cc41875cbf38e938fba21964205aRed Hat Security Advisory 2018-2395-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include bypass, denial of service, and use-after-free vulnerabilities.
dd0004dd825e5ff2095aeec5aa67d5fbRed Hat Security Advisory 2018-2405-01 - Red Hat Fuse Integration Services provides a set of tools and containerized xPaaS images that enable development, deployment, and management of integration microservices within OpenShift. Security fix: undertow: Client can use bogus uri in Digest authentication spring-boot: Malicious PATCH requests submitted to servers can use specially crafted JSON data to run arbitrary Java code Issues addressed include bypass, deserialization, and file disclosure vulnerabilities.
fcabf1b9ef2071fef346c21156d2e61cRed Hat Security Advisory 2018-2384-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass, denial of service, and use-after-free vulnerabilities.
dced325f9f28c5902430e74c00b89b10Red Hat Security Advisory 2018-2390-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass, denial of service, and use-after-free vulnerabilities.
f607a3b41764ef32fcaa2cc5d8d10a54Debian Linux Security Advisory 4271-1 - Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix.
2af05a2b97ffe360a280e8abf1ef54c4Yubico version 0.1.9 libykneomgr suffers from out of bounds read and write vulnerabilities.
18095da83af4eeb2ebecbbde25a9bb78Attackers with local access can exploit security issues in the smartcard driver. These result in memory corruptions, which might lead to code execution. Since smartcards can be used for authentication, the vulnerabilities may allow an attacker to login to the system without valid credentials as any user.
ecc75d2e3e4e765c8de7001179ad0ec1On August 14, fixes for CVE-2018-3620 and CVE-2018-3646 were released into the Ubuntu Xenial and Bionic kernels. These CVEs are security vulnerabilities caused by flaws in the design of speculative execution hardware in the computer's CPU. Researchers discovered that memory present in the L1 data cache of an Intel CPU core may be visible to other processes running on the same core.
dfbdb00734352df26fe57ac4d26bfeacASUSTOR NAS ADM version 3.1.0 suffers from code execution and remote SQL injection vulnerabilities.
2cbb9fa8f1740ec14856c26142f6ffd4Red Hat Security Advisory 2018-2373-01 - The redhat-certification package provides partners with a unified web-based user interface to certify their products for use on Red Hat Infrastructure. It can currently be used in the latest releases of Red Hat Certified Cloud and Service Provider Certification, Red Hat OpenStack Certification and Red Hat Hardware Certification Programs. Issues addressed include writeable and downloadable file vulnerabilities.
9011f0406b503eef4d0a261e2e5b7cb2fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
5b5850ab8684ce0bdf52ef400a83065c
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed