OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
2836875a0f89c03d0fdf483941512613a50cfb421d6fd94b9f41d7279d586a3dPiotr Gabriel Kosinski and Daniel Shapira discovered a stack-based buffer overflow in the CDROM driver implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Jann Horn discovered that the ext4 filesystem implementation in the Linux kernel did not properly keep xattr information consistent in some situations. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues have also been addressed.
0b4cb189d586aa4429e71fb9b98e664320f3da97740056519640d0e0b2c10d5fDebian Linux Security Advisory 4290-1 - Several vulnerabilities were discovered in libextractor, a library to extract arbitrary meta-data from files, which may lead to denial of service or the execution of arbitrary code if a specially crafted file is opened.
22f2b4197f107ee0924e3d5f0ca28d3ef60181f207deefbe95c481d80c8c2480Red Hat Security Advisory 2018-2669-01 - Red Hat Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. This release of Red Hat Fuse 7.1 serves as a replacement for Red Hat Fuse 7.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, cross site scripting, denial of service, path sanitization, and traversal vulnerabilities.
7b3635d1483cb247ae4e0a03ee8632f66f34f0c49a1302091a6f17cc60f5582aUbuntu Security Notice 3763-1 - Juha-Matti Tilli discovered that the TCP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packets. A remote attacker could use this to cause a denial of service.
af757be9a3cb9a2115bc8f7d6b07accaaaeb4cad1048d30ea6367f5f8e5b41a8Ubuntu Security Notice 3762-2 - USN-3762-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. It was discovered that the VirtIO subsystem in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to possibly expose sensitive information. Various other issues were also addressed.
6e79c399550da9e5f2d65235c96cd25197d47c0c2c5fc42a6e85ba9fbffca2baUbuntu Security Notice 3762-1 - It was discovered that the VirtIO subsystem in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to possibly expose sensitive information. Seunghun Han discovered an information leak in the ACPI handling code in the Linux kernel when handling early termination of ACPI table loading. A local attacker could use this to expose sensitive informal. Various other issues were also addressed.
e9c161e0f73509d01d47ed89b3f97e88172195fd7fd7ba9faed0403af86c007eTor Browser version 7.x suffers from a NoScript bypass vulnerability.
c7cbc690e6ce441b67740959e46cc076f076bba52d5261676360c965fb4bc986SynaMan version 4.0 build 1488 suffers from an SMTP credential disclosure vulnerability.
49eeb10e413f5dc28d5286dd6254ab00d1a91a02b238bb5911ca61c5255e9cfdTor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
826a4cb2c099a29c7cf91516ffffcfcb5aace7533b8853a8c8bddcfe2bfb1023Android suffers from a privilege escalation vulnerability in zygote that can be leveraged by CVE-2018-9445.
07e2c94cf5dbc0bdc093f47b38ee2d8af3fbfc550336946724f110edbbd2295fRed Hat Security Advisory 2018-2666-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 69.0.3497.81. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.
715c4bf8fad5d331fd2f662402160ba5024ee90eade1e6a71edc4c46d5f3c21aRed Hat Security Advisory 2018-2664-01 - Red Hat JBoss Enterprise Application Platform 5.2 is a platform for Java applications based on jbossas. This asynchronous patch is a security update for RichFaces and Apache CXF packages in Red Hat JBoss Enterprise Application Platform 5.2. Issues addressed include a code execution vulnerability.
79ab86859884f6b160f333016f09490207a742effd0c508ef3b11a88508c751dRed Hat Security Advisory 2018-2663-01 - Red Hat JBoss Enterprise Application Platform 5.2 is a platform for Java applications based on jbossas. This asynchronous patch is a security update for RichFaces and Apache CXF packages in Red Hat JBoss Enterprise Application Platform 5.2. Issues addressed include a code execution vulnerability.
7f5583169a95da4dd622a3a069e255ee7ffb4856e1940e9bde03305afa2369dbEasy File Sharing Web Server version 6.9 POST msg.ghp UserID remote buffer overflow SEH exploit with DEP bypass and ROP.
5052bd3ade9eabb5408d9af16042f88ccdd5c0093460e58e70f4514aa17d56ccThis write up holds the details for the Tor Browser information disclosure vulnerability as discussed in CVE-2017-16541. Version 7.0.8 is affected.
4ed16754b37c2476bf294cfab2a1eb58af360139efcb739037c86ca15edba311Linux suffers from an insufficient shootdown for paging-structure caches.
32e5a4bd6f757fe452ac7e750d0af567a328b2a378460854b5ae256e468c4523
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed