Red Hat Security Advisory 2019-0374-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.1 ESR. Issues addressed include integer overflow and use-after-free vulnerabilities.
db823f1f9ba67018af64f3fbc3ef4353Red Hat Security Advisory 2019-0366-01 - This release adds the new Apache HTTP Server 2.4.29 Service Pack 1 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.29, and includes bug fixes and enhancements. Issues addressed include bypass, denial of service, null pointer, out of bounds write, traversal, and use-after-free vulnerabilities.
677751d5be68a0a89b505b85b6621cfdQuest NetVault Backup Server versions prior to 11.4.5 suffer from process manager service SQL injection and remote code execution vulnerabilities.
4f000d15da674df9aa20ea5e062d99c2Ubuntu Security Notice 3866-2 - USN-3866-1 fixed vulnerabilities in Ghostscript. The new Ghostscript version introduced a regression when printing certain page sizes. This update fixes the problem. Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Various other issues were also addressed.
77dd6ff7d1ee5ef8a4e5f5a8cfca6724WordPress Village theme version 5.0 suffers from cross site request forgery, backdoor access, and remote SQL injection vulnerabilities.
61b6dad4e62244a4d5b8f34bc2aebc83Joomla AdsManager component version 3.2.0 suffers from cross site request forgery, database disclosure, remote file inclusion, and remote SQL injection vulnerabilities.
5564752e65defdfd7b0020bd14875166Micro Focus Filr version 3.4.0.217 suffers from privilege escalation and path traversal vulnerabilities.
0f5f5a0a0c1393716974e1621adf95adTeracue ENC-400 suffers from hard-coded credential, missing authentication, and command injection vulnerabilities.
95463864b7547c7635d21323e2319460Kanboard version 1.2.7 contains multiple vulnerabilities. The vulnerabilities include CSV account import cross site request forgery which allows an unauthenticated attacker to create a new administrative user. Cross site request forgery 2FA deactivation, allowing an unauthenticated attacker to disable an account's 2FA configuration. A lack of integrity checking or transport layer encryption enforced on plugins enables remote code execution by a malicious admin. Other vulnerabilities include: session privilege retention, 2FA bypass, database user_id and pre-2FA information disclosure.
df69e7e6f136931b8bc524474d232e12Debian Linux Security Advisory 4396-1 - Several vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system.
e731970af38b8a949348da84d1ee14ecRed Hat Security Advisory 2019-0373-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.1 ESR. Issues addressed include integer overflow and use-after-free vulnerabilities.
aba5ff454a0a9d1052dd0d696c042c09WordPress WooCommerce plugin with GloBee cryptocurrency payment gateway versions 1.1.1 and below suffer from payment bypass and unauthorized order status spoofing vulnerabilities.
a070536b50a013c2522b2ed38c52ccccTypo3 CMS Realty Manager tx_realty_pi1 version 2.0.0 suffers from database disclosure and remote SQL injection vulnerabilities.
5d7dec2aefebceae6a65631a827f8e8bZoho ManageEngine Netflow Analyzer Professional version 7.0.0.2 suffers from cross site scripting and path traversal vulnerabilities.
724d1de0fd6158c59223ef6f56da9819XAMPP version 5.6.8 suffers from cross site scripting and remote SQL injection vulnerabilities.
d3b4abd8b214a98581afd33afc0e6e00Typo3 Calendar Base tx_pxkalender_pi1 version 2.0.0 suffers from database disclosure and remote SQL injection vulnerabilities.
808d418ea3800957d61bb00160dd00e9Joomla JWallPapers component version 2.0.1 suffers from cross site request forgery and remote shell upload vulnerabilities.
9aab6fcc8810d60727be6c9cea7da1d0eDirectory suffers from file disclosure and remote SQL injection vulnerabilities.
547830901be6ad48fca825663b4859f0Ask Expert Script version 3.0.5 suffers from cross site scripting and remote SQL injection vulnerabilities.
bdf465097feefbb3eb5ca2c3ba334370Debian Linux Security Advisory 4395-1 - Several vulnerabilities have been discovered in the chromium web browser.
0061c54a4714f406f941325fe4f93029Red Hat Security Advisory 2019-0367-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.29 Service Pack 1 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.29, and includes bug fixes for CVEs which are linked to in the References section. Issues addressed include bypass, denial of service, null pointer, out of bounds write, traversal, and use-after-free vulnerabilities.
5914e90114ef4f2c7081a8afaed30780Ubuntu Security Notice 3850-2 - USN-3850-1 fixed several vulnerabilities in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM. Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. Various other issues were also addressed.
550bd66bfce61ba6685d7549da716d49Red Hat Security Advisory 2019-0361-01 - The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal. Issues addressed include stack overflow vulnerabilities.
523f26d20691fc01d67553236bb8e3ebHTMLy version 2.7.4 suffers from multiple cross site scripting vulnerabilities.
9c2fae1f1a3125e338c33a0c3d901126Comodo Dome Firewall version 2.7.0 suffers from multiple cross site scripting vulnerabilities.
5e7745733f4787cab9bbbc7c018c2c42
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed