Gentoo Linux Security Advisory 201801-18 - Insufficient input validation in Newsbeuter may allow remote attackers to execute arbitrary shell commands. Versions less than 2.9-r3 are affected.
4866b556dae1699096f48ecd4f1ce53d0bd37e1adf012517d700256724a096d2Gentoo Linux Security Advisory 201801-17 - Multiple vulnerabilities have been found in Poppler, the worst of which could allow the execution of arbitrary code. Versions less than 0.57.0-r1 are affected.
32c97f70373b10ad1732c8ddab720d22e3ec22762a1a20dd7ec1f0ea8014016aUbuntu Security Notice 3535-1 - Jayachandran Palanisamy discovered that the Bind resolver incorrectly handled fetch cleanup sequencing. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service.
51cbdd5000d09ef343d1f6641f1fe10c0de19873986000a48eb860679a3bbd68Ubuntu Security Notice 3534-1 - It was discovered that the GNU C library did not properly handle all of the possible return values from the kernel getcwd syscall. A local attacker could potentially exploit this to execute arbitrary code in setuid programs and gain administrative privileges. A memory leak was discovered in the _dl_init_paths function in the GNU C library dynamic loader. A local attacker could potentially exploit this with a specially crafted value in the LD_HWCAP_MASK environment variable, in combination with CVE-2017-1000409 and another vulnerability on a system with hardlink protections disabled, in order to gain administrative privileges. Various other issues were also addressed.
b93b27e39dcc8e45fb3868d7d816bfc00ea67297dafc2734a0cec988cd371f26SugarCRM version 3.5.1 suffers from a cross site scripting vulnerability.
80cc6f2ccc162a9ba9dd0c6d33a6aa1a814c652ef9d0b6dac17a648dbc70e6f7Microsoft Edge Chakra suffers from an incorrect scope handling vulnerability.
4ca74358ba02f965f602b3248f2892c43dff8cda26201ab58168fbbe9c7741b4Microsoft Edge Chakra suffers from a JavascriptGeneratorFunction::GetPropertyBuiltIns exposure of scriptFunction.
a04483e5669a880865f4508ed68f91f3b72e39a678077e3a1ca62368d0ed242eMicrosoft Edge Chakra JIT suffers from an out-of-bounds write vulnerability.
4691b0182336e7253e8361f9f37fbd027c01401a73155856b34cc4569bde91d4Gentoo Linux Security Advisory 201801-16 - Multiple vulnerabilities have been found in rsync, the worst of which could allow remote attackers to bypass access restrictions. Versions less than 3.1.2-r2 are affected.
831d1d38637b56df23136f76f6a2bfc1533753d716c4268ea9413e0b6e062222Belkin N600DB suffers from password disclosure, a backdoor shell, server-side request forgery, and command injection vulnerabilities.
ad4deef8559fe9859dfa5db5bd48616568ccaac8491f724ab6019aa6c952893cReservo Image Hosting Script version 1.5 suffers from a cross site scripting vulnerability.
6c1678cb8ccd1983da0bd98d5303f02682971f3d234b8e13a623c781136eb443Red Hat Security Advisory 2018-0093-01 - The microcode_ctl packages provide microcode updates for Intel and AMD processors. This update supersedes microcode provided by Red Hat with the CVE-2017-5715 CPU branch injection vulnerability mitigation. Further testing has uncovered problems with the microcode provided along with the aSpectrea mitigation that could lead to system instabilities. As a result, Red Hat is providing an microcode update that reverts to the last known good microcode version dated before 03 January 2018. Red Hat strongly recommends that customers contact their hardware provider for the latest microcode updates.
602978e6e5ed633c2274337e8e1c5ef32fafd8b33f9172246c683add89d5e461Red Hat Security Advisory 2018-0094-01 - The linux-firmware packages contain all of the firmware files that are required by various devices to operate. This update supersedes microcode provided by Red Hat with the CVE-2017-5715 CPU branch injection vulnerability mitigation. Further testing has uncovered problems with the microcode provided along with the aSpectrea mitigation that could lead to system instabilities. As a result, Red Hat is providing an microcode update that reverts to the last known good microcode version dated before 03 January 2018. Red Hat strongly recommends that customers contact their hardware provider for the latest microcode updates.
062675b8b3906ac7390af72b4ced85c9fc05d6fee3b742e71ebf1b1c8b4fd6ceMaster IP CAM version 01 has a hardcoded root password and suffers from multiple unauthenticated access vulnerabilities.
1b7b16dc033365ff3162c79dfd711a78130a165f689c53737f95802789f1b521Fundly version 1.0.0 suffers from a cross site scripting vulnerability.
0a01bb2c9a2d1fadf76ab85600d1d06ec2398b15378af4b137d16d293ad51c6aZomato Clone Script suffers from a remote file upload vulnerability.
f6204b1369e8f6a5880aeecfbf75a0badf377f4e425b88c8845232aa9a0cbe9c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed