Moxa NPort W2x50A products with firmware version 2.1 Build_17112017 or lower are vulnerable to several authenticated OS command injection vulnerabilities.
4436fd2c5b6a885f437d69ae209cde47Gentoo Linux Security Advisory 201811-21 - Multiple vulnerabilities have been found in OpenSSL, the worst of which may lead to a Denial of Service condition. Versions less than 1.0.2o are affected.
c1102f7b8c5b3ed0dd1aed5afd6d2486Gentoo Linux Security Advisory 201811-22 - Multiple vulnerabilities have been found in RPM, the worst of which could allow a remote attacker to escalate privileges. Versions less than 4.14.1 are affected.
b2e28734ab3686f7eae98681d8c49d65Joomla Fabrik component version 3.9 suffers from cross site request forgery, local file inclusion, and remote shell upload vulnerabilities.
cee583e8df398e9f206f9451d94be1bdUbuntu Security Notice 3830-1 - USN-3804-1 fixed vulnerabilities in OpenJDK. Unfortunately, that update introduced a regression when validating JAR files that prevented Java applications from finding classes in some situations. This update fixes the problem.
7f51527c5d1533a10792a68047cda6daDebian Linux Security Advisory 4346-1 - Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed (despite the -dSAFER sandbox being enabled).
f89266c182d9b77cb78d4b9d1bb90820Debian Linux Security Advisory 4345-1 - Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix.
f3606a59eb6ee66c892dcf8acffd50a7Ubuntu Security Notice 3816-3 - USN-3816-1 fixed vulnerabilities in systemd. The fix for CVE-2018-6954 caused a regression in systemd-tmpfiles when running Ubuntu inside a container on some older kernels. This issue only affected Ubuntu 16.04 LTS. In order to continue to support this configuration, the fixes for CVE-2018-6954 have been reverted. Various other issues were also addressed.
be578aeb1bec867e87d540b182304d00Red Hat Security Advisory 2018-3676-01 - .NET Core is a managed software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. A new version of .NET Core that addresses a security vulnerability is now available. The updated version is .NET Core 2.1.5. Issues addressed include arbitrary file read and directory creation vulnerabilities.
e981ce78e4a0afd6cf2cbabf1c48e2e0Gentoo Linux Security Advisory 201811-19 - Multiple vulnerabilities have been found in Libav, the worst of which may allow a Denial of Service condition. Versions less than 12.3 are affected.
bd854710a74492af81414b741424dc83Gentoo Linux Security Advisory 201811-17 - Multiple vulnerabilities have been found in Binutils, the worst of which may allow remote attackers to cause a Denial of Service condition. Versions less than 2.30-r2 are affected.
d8e8baa92ebfb2bb81facc138d90d25eRed Hat Security Advisory 2018-3666-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, denial of service, and null pointer vulnerabilities.
e2ca62529c03a74b642860ad9fede87eRed Hat Security Advisory 2018-3651-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, denial of service, and null pointer vulnerabilities.
64b13d003c3622e75f9798ff85218583Gentoo Linux Security Advisory 201811-16 - Multiple vulnerabilities have been found in strongSwan, the worst of which could lead to a Denial of Service condition. Versions less than 5.7.1 are affected.
f0812b132a970063b6aa457aa950cf4fRed Hat Security Advisory 2018-3655-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. Issues addressed include a ridiculous amount of unspecified vulnerabilities.
ff4036efcb3f269858015663ddf6e8f3Gentoo Linux Security Advisory 201811-15 - Multiple vulnerabilities have been found in MuPDF, the worst of which could allow the remote execution of arbitrary code. Versions less than 1.13.0 are affected.
d99ae59c335b49929df51daf1bcd909bGentoo Linux Security Advisory 201811-14 - Multiple vulnerabilities have been found in Exiv2, the worst of which could result in a Denial of Service condition. Versions less than 0.26_p20180811-r3 are affected.
023dbb50bd8ff7c00d31aa2fd55f3b56Gentoo Linux Security Advisory 201811-11 - Multiple vulnerabilities have been found in Asterisk, the worst of which could result in a Denial of Service condition. Versions less than 13.23.1 are affected.
a2021f8e6c449d50f4e1d02b2054578aGentoo Linux Security Advisory 201811-13 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. Versions less than 60.3.0 are affected.
cb3a08958b6999e989e4f477c4399834Gentoo Linux Security Advisory 201811-12 - Multiple vulnerabilities have been found in GPL Ghostscript, the worst of which could result in the execution of arbitrary code. Versions prior to 9.26 are affected.
f0a3d2703790af5e30aed7740e306f75Ubuntu Security Notice 3801-2 - USN-3801-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass CSP restrictions, spoof the protocol registration notification bar, leak SameSite cookies, bypass mixed content warnings, or execute arbitrary code. Multiple security issues were discovered with WebExtensions in Firefox. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to bypass domain restrictions, gain additional privileges, or run content scripts in local pages without permission. Various other issues were also addressed.
811a5ef0a3ce8b51d96d4535e884c045Gentoo Linux Security Advisory 201811-10 - Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which allows remote attackers to execute arbitrary code. Versions less than 70.0.3538.67 are affected.
00c4f95e347d6f0a2bd371ca23b08e9bOracle Secure Global Desktop Administration Console version 4.4 build 20080807152602 suffers from cross site scripting vulnerabilities.
a5443f6a608013f6471a48f2e19d1862WebKitGTK+ and WPE WebKit suffer from code execution, cross site scripting, and various other vulnerabilities.
4c0dbc848117ab6a612ba029815f2d9fMiss Marple Enterprise Edition versions prior to 2.0 suffer from arbitrary file upload, hardcoded AES key, validation bypass, and other vulnerabilities.
5fc5d23b1a1b5d01c8a5758c57afca63
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed