Debian Linux Security Advisory 4477-1 - Fang-Pen Lin discovered a stack-based buffer-overflow flaw in ZeroMQ, a lightweight messaging kernel library. A remote, unauthenticated client connecting to an application using the libzmq library, running with a socket listening with CURVE encryption/authentication enabled, can take advantage of this flaw to cause a denial of service or the execution of arbitrary code.
1a8103b9593ab0355cad1a5dd758f51d152f6a0fcada458fc2e43ea0a99d12edUbuntu Security Notice 4049-2 - USN-4049-1 fixed a vulnerability in GLib. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that GLib created directories and files without properly restricting permissions. An attacker could possibly use this issue to access sensitive information. Various other issues were also addressed.
7bb8afdb97bdf4f0761af9b6cc42925be984c923a95c9f2707e0b01889cb1d75Ubuntu Security Notice 4050-1 - It was discovered that ZeroMQ incorrectly handled certain application metadata. A remote attacker could use this issue to cause ZeroMQ to crash, or possibly execute arbitrary code.
93dd8956f07f2f2f1e2a7562e239975bbb6ab58dd6c5490466466991c3fe19b0Ubuntu Security Notice 4049-1 - It was discovered that GLib created directories and files without properly restricting permissions. An attacker could possibly use this issue to access sensitive information.
f0c857a88de44107aba3d0092d1157ab8adf60d6d5476e9aa578cd12871ee05bUbuntu Security Notice 4048-1 - Aleksa Sarai discovered that Docker was vulnerable to a directory traversal attack. An attacker could use this vulnerability to read and write arbitrary files on the host filesystem as root.
d442e2d42a4ccabd0196829e77953cf1b6942fd9ca5ffd601e88f573aed4c19aRed Hat Security Advisory 2019-1700-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.
4a5fa93fe9c3f82c6fba5bc7f303f203d1aaac87e67a8f8fd5fc69b41cfdd940Sony BRAVIA Smart TVs suffer from multiple denial of service vulnerabilities.
fbc4f49cf917451119e1ccf1c0315f0acf3592defffddafa87db9297f8bc2e4aCisco Data Center Network Manager (DCNM) versions 11.1(1) and below suffer from authentication bypass, arbitrary file upload, arbitrary file download, and information disclosure vulnerabilities.
dfd36cfbc7507485cec0e3cf8334543371b3ffebfedce49529db5c62ccf35e6cUbuntu Security Notice 4047-1 - Matthias Gerstner and Ján Tomko discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to check for arbitrary files, or execute arbitrary binaries. In the default installation, attackers would be isolated by the libvirt AppArmor profile.
4df3a03128510685c75a01285779eb3bb0e81072baf876310ecf43fc1895d5a2Debian Linux Security Advisory 4476-1 - Three security issues were found in Django, a Python web development framework, which could result in denial of service, incomplete sanitization of clickable links or missing redirects of HTTP requests to HTTPS.
2980e0b9827eedf44d267a77048e49db5ae44d769d25f09eef68b40f05f9b3e5Red Hat Security Advisory 2019-1699-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a denial of service vulnerability.
d22eb754fb8254f68a8d336dc7f00edae903b9adbc16438840fac6e3bedc813fRed Hat Security Advisory 2019-1696-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.2 ESR. Issues addressed include type confusion and sandbox escape vulnerabilities.
6868d88de09c5062976837f949eef83757cfd8e7bd5b0903c21f69b9b80981edWordPress Like Button plugin version 1.6.0 suffers from an authentication bypass vulnerability.
b03a9235cb841787f99b966ffe82e0135ae24256035e991d218c8b26aba084b5Apache with mod_ssl versions prior to 2.8.7 OpenSSL remote buffer overflow exploit. This is an updated version of the OpenFuckV2.c exploit from 2003.
61caddb7b61eed5bf12185ca0177a1e8d83a3c2ce567523a31283432ad23ca33TP-Link TL-WR940N and TL-WR941ND suffer from brute force and cross site request forgery vulnerabilities.
b93a0d83d7dba0ea986fc8473ab91d3125be1414b4a479de7155be21187bc9ee
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed