Debian Linux Security Advisory 4289-1 - Several vulnerabilities have been discovered in the chromium web browser.
432b3a7c247732970055d96ca8d676d1Debian Linux Security Advisory 4288-1 - Tavis Ormandy discovered multiple vulnerabilities in Ghostscript, an interpreter for the PostScript language, which could result in denial of service, the creation of files or the execution of arbitrary code if a malformed Postscript file is processed (despite the dSAFER sandbox being enabled).
10e2c7e46f6ca39a6c5ea6ea84540da4KONE KGC versions 4.6.4 and below suffer from unauthenticated remote code execution, denial of service, local file inclusion, and missing FTP access control vulnerabilities.
1ea70d967952d609d0b2793be81f9417VMware Security Advisory 2018-0023 - AirWatch Agent and VMware Content Locker updates resolve data protection vulnerabilities.
d9129080eb942fb3be69ed15e131da6bsqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
001dd095cf0009c79d3e957e256abc10Opsview Monitor versions 5.2, 5.3, and 5.4 suffer from cross site scripting and multiple remote command execution vulnerabilities.
bfca5d508c2cc0dae73d25b180e60694Red Hat Security Advisory 2018-2561-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include code execution and traversal vulnerabilities.
b9be0002e51a4672521b2f07d2e5bf6fRed Hat Security Advisory 2018-2643-01 - The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal. Issues addressed include denial of service and traversal vulnerabilities.
0af466be7b8ece10badd17353a6cd6d5Red Hat Security Advisory 2018-2607-01 - GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system. Issues addressed include buffer overflow, denial of service, deserialization, local file inclusion, and remote file inclusion vulnerabilities.
8d6bb6d7cca228e5f559c645afc38ceaRed Hat Security Advisory 2018-2608-01 - GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system. Issues addressed include buffer overflow, denial of service, and deserialization vulnerabilities.
66b716a851143f3719724f28dc3fdadaDebian Linux Security Advisory 4282-1 - Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service, cache poisoning or information disclosure.
9d6a9c8fd94e07d03970ae36dfdb1c0cCA Technologies Support is alerting customers to multiple potential risks with CA PPM (formerly CA Clarity PPM). Multiple vulnerabilities exist that can allow an attacker to conduct a variety of attacks. The first vulnerability has a medium risk rating and concerns an SSL password being stored in plain text, which can allow an attacker to access sensitive information. The second vulnerability has a high risk rating and concerns an XML external entity vulnerability in the XOG functionality, which can allow a remote attacker to access sensitive information. The third vulnerability has a high risk rating and concerns two parameters that fail to properly sanitize input, which can allow a remote attacker to execute SQL injection attacks. The fourth vulnerability has a high risk rating and concerns improper input validation by the gridExcelExport functionality, which can allow a remote attacker to execute reflected cross-site scripting attacks. The fifth vulnerability has a medium risk rating and concerns an XML external entity vulnerability in the XOG functionality, which can allow a remote attacker to conduct server side request forgery attacks.
1994691a99dbf07449b0f2c84758dbcaCA Technologies Support is alerting customers to multiple potential risks with CA Unified Infrastructure Management. Multiple vulnerabilities exist that can allow an attacker, who has access to the network on which CA UIM is running, to run arbitrary CA UIM commands on machines where the CA UIM probes are running. An attacker can also gain access to other machines running CA UIM and access the filesystems of those machines. The first vulnerability, has a medium risk rating and concerns a hardcoded secret key, which can allow an attacker to access sensitive information. The second vulnerability has a medium risk rating and concerns a hardcoded passphrase, which can allow an attacker to access sensitive information. The third vulnerability has a high risk rating and concerns a lack of authentication, which can allow a remote attacker to conduct a variety of attacks, including file reading/writing. Affected versions include 8.5.1, 8.5, and 8.4.7.
6e99f3fdbc87760f71a42c271a8fbbfbHP Security Bulletin MFSBGN03818 1 - A potential vulnerability has been identified in Micro FocusContainer Deployment Foundation (CDF) available as part of Micro Focus Operations Bridge containerized suite. The vulnerabilities could be exploited to Remote Code Execution. Revision 1 of this advisory.
ad7932e8ee455e160f20632b64de8b71HP Security Bulletin MFSBGN03815 1 - A potential vulnerabilities has been identified in Micro Focus Autopass License Server (APLS) and Container Deployment Foundation (CDF) available as part of Micro Focus Data Center Automation Containerized (DCA) suite. The vulnerabilities could be exploited to remote code execution. Revision 1 of this advisory.
f34319e77175fc711033cd4b69e9c77bHP Security Bulletin MFSBGN03814 1 - A potential vulnerabilities has been identified in Micro Focus Autopass License Server (APLS) and Container Deployment Foundation (CDF) available as part of Micro Focus Service Management Automation (SMA) containerized suites. The vulnerabilities could be exploited to Remote Code Execution. Revision 1 of this advisory.
8509dd0281c75c81c9dc11afd957346dHP Security Bulletin MFSBGN03817 1 - A potential vulnerability has been identified in Micro Focus Autopass License Server (APLS) available as part of Micro Focus Operations Bridge containerized suite. The vulnerabilities could be exploited to Remote Code Execution. Revision 1 of this advisory.
4191c53cd951928dfe6f0d1598a40876HP Security Bulletin MFSBGN03813 1 - A potential vulnerabilities has been identified in Micro Focus Autopass License Server (APLS) and Container Deployment Foundation (CDF) available as part of Micro Focus Network Operations Management (NOM) Suite CDF. The vulnerabilities could be exploited to Remote Code Execution. Revision 1 of this advisory.
c7849e736e6f976e74d340c006204e82Ubuntu Security Notice 3758-2 - USN-3758-1 fixed several vulnerabilities in libx11. This update provides the corresponding update for Ubuntu 12.04 ESM. Tobias Stoeckmann discovered that libx11 incorrectly handled certain images. An attacker could possibly use this issue to access sensitive information Various other issues were also addressed.
b14e615638a1467f6f7b8dc4eb9cbeb3Red Hat Security Advisory 2018-2602-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include memory vulnerabilities.
63470689b69ed53eeda0b6f2c3c15438Red Hat Security Advisory 2018-2603-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include memory vulnerabilities.
3cdec497fa605c547651f469691a0e91Red Hat Security Advisory 2018-2585-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include code execution and information leakage vulnerabilities.
38877723c006274973145d6e4810d71fArgus Surveillance DVR version 4.0.0.0 suffers from file disclosure and traversal vulnerabilities.
236a5ef23b5453a2a50a23ab72a165afRSA BSAFE Micro Edition Suite and Crypto-C Micro Edition suffer from resource exhaustion, integer overflow, improper clearing of heap memory, covert timing channel, and buffer over-read vulnerabilities.
7f36cb3747b5ff6824d98003f1658462Red Hat Security Advisory 2018-2576-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP30. Issues addressed include denial of service and traversal vulnerabilities.
cfff90d44585315edf69552de27be42c
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed