Ubuntu Security Notice 4022-1 - It was discovered that gunicorn improperly handled certain input. An attacker could potentially use this issue execute a cross-site scripting attack.
ee98b227f2df8ccd05edca88b0bb8f93741475919fc6cd7d650f8cd0043d7ae6Red Hat Security Advisory 2019-1553-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 75.0.3770.90. Issues addressed include a use-after-free vulnerability.
735dd0ddeb6ee78dd9557081cf3b98460f13496ab14fd1ffd505fa57adba4604Ubuntu Security Notice 4024-1 - As a security improvement, this update adjusts the AppArmor profile for the Evince thumbnailer to reduce access to the system and adjusts the AppArmor profile for Evince and Evince previewer to limit access to the DBus system bus. Additionally adjust the evince abstraction to disallow writes on parent directories of sensitive files.
f766362aa54f3d1c0ce4a4a3f87e2c3632f7d8648b152e1d5c472afc38a04b56Ubuntu Security Notice 4019-2 - USN-4019-1 fixed several vulnerabilities in sqlite3. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. It was discovered that SQLite incorrectly handled certain SQL files. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. Various other issues were also addressed.
0fb2555a0293e0c48829e69997d9ca6b55ae4060571a6ed37fc4806cc44c593fUbuntu Security Notice 4020-1 - A type confusion bug was discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit this by causing a denial of service, or executing arbitrary code.
fb8b2a25173508d0607dd8e1ffe802213ef2cd244f2130f58b92a4854975a0e9Ubuntu Security Notice 4021-1 - Daniel P. Berrangé discovered that libvirt incorrectly handled socket permissions. A local attacker could possibly use this issue to access libvirt. It was discovered that libvirt incorrectly performed certain permission checks. A remote attacker could possibly use this issue to access the guest agent and cause a denial of service. This issue only affected Ubuntu 19.04. Various other issues were also addressed.
934a653d6bbd7f060c475372db010848a881479984bb2a29d5ef50a9f397a99eUbuntu Security Notice 4019-1 - It was discovered that SQLite incorrectly handled certain SQL files. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. This issue only affected Ubuntu 16.04 LTS. It was discovered that SQLite incorrectly handled certain queries. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. Various other issues were also addressed.
00d5f61256de6e5b5ed3b5ca561a97145327b1db2ac2247d8ccb15833492608eThis Metasploit module exploits a vulnerability found in Cisco Prime Infrastructure. The issue is that the TarArchive Java class the HA Health Monitor component uses does not check for any directory traversals while unpacking a Tar file, which can be abused by a remote user to leverage the UploadServlet class to upload a JSP payload to the Apache Tomcat's web apps directory, and gain arbitrary remote code execution. Note that authentication is not required to exploit this vulnerability.
a4ea9f1287ac1dba88becbc65cca9516c214cbb28ac296ea4aab456d25255b07This Metasploit modules exploits a vulnerability in Cisco Prime Infrastructure's runrshell binary. The runrshell binary is meant to execute a shell script as root, but can be abused to inject extra commands in the argument, allowing you to execute anything as root.
2c36a878b4e9bd45ad81ca8fb24a7604744f9f005ad314f116c110e64106d9a4Jonathan Looney discovered that an integer overflow existed in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service (system crash). Jonathan Looney discovered that the TCP retransmission queue implementation in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service.
180fed7fbe08b89246da448a793e20ef76b9d263407b8a46ed5a13a5f4acca3bUbuntu Security Notice 4018-1 - It was discovered that Samba incorrectly handled certain RPC messages. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. It was discovered that Samba incorrectly handled LDAP pages searches. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service.
140091ed3156f9e07af5aea2f57bb868e9cb17b65537670d4de30e15e8ea8192Red Hat Security Advisory 2019-1545-01 - This release of Red Hat Fuse 7.3.1 serves as a replacement for Red Hat Fuse 7.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and deserialization vulnerabilities.
ab4cb414516f95e468f2713be03c38910af951da3e52c9375a4e50d3739697bfRed Hat Security Advisory 2019-1543-01 - This release adds the new Apache HTTP Server 2.4.29 Service Pack 2 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP1, and includes bug fixes and enhancements. Issues addressed include denial of service, null pointer, and out of bounds write vulnerabilities.
87a60175fe0e0dde7ae7865168e89fd3521aa1306210d2d9c8b32e05f763b1a9Red Hat Security Advisory 2019-1518-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Multiple security issues have been addressed.
3826c7d75e06b5f503a5c38b6462567f49a793a59a9eb369b79ccad0d90f13e5Red Hat Security Advisory 2019-1519-01 - The go-toolset:rhel8 module provides Go Toolset, a compiler toolset for building applications using the Go language and compiler suite. A CRLF injection vulnerability has been addressed.
baeb2ae96e275359cf87f4e1f00f189e9a9821f318e38e9e4ea466cf557bc97fRed Hat Security Advisory 2019-1529-01 - The Public Key Infrastructure Deps module contains fundamental packages required as dependencies for the pki-core module by Red Hat Certificate System. An open redirection vulnerability among other things have been addressed.
4a2fffd2cbeda76ca67676d661da96c81b540f4422fc1210b58c73920e0eb664Red Hat Security Advisory 2019-1517-01 - GVFS is the GNOME Desktop Virtual File System layer that allows users to easily access local and remote data using File Transfer Protocol, Secure Shell File Transfer Protocol, Web Distributed Authoring and Versioning, Common Internet File System, Server Message Block, and other protocols. GVFS integrates with the GNOME I/O abstraction layer. A file access vulnerability has been addressed.
3e0b4c8a42c248b9e729c519c690cda50d93de7cf41f316cdf81bd4f5be82172Red Hat Security Advisory 2019-1527-01 - The Windows Azure Linux Agent supports provisioning and running Linux virtual machines in the Microsoft Windows Azure cloud. A weak permissions issue was addressed.
f82da59b6aaa050543af521d1ee21dc78e845c4c0a7df69cdd296b429bebb234Debian Linux Security Advisory 4465-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
6462989fedaf07301b47a2563bc368b80ca7dfd5c7c7901bf9c00004dffd9a54Red Hat Security Advisory 2019-1502-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. An input validation was addressed.
ac1ef86c4c35feb452f3e81ce1147e1c43d4e4a0b0476aac1b5c82d37f9a6d4bBlogEngine.NET versions 3.3.6 and 3.3.7 suffer from theme Cookie directory traversal and remote code execution vulnerabilities.
6ddbf2e35dcad7a8a7865c141fac337889ced5f852566982530475e1477f1862BlogEngine.NET versions 3.3.6 and 3.3.7 suffer from dirPath directory traversal and remote code execution vulnerabilities.
96fbb39239f6872a454f71d93276f23a8480b6faf27b47ebcec346971bcb727a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed