Debian Linux Security Advisory 4899-2 - The Dynamic Code Evolution Virtual Machine (DCE VM), an alternative VM for OpenJDK 11 with enhanced class redefinition, has been updated for compatibility with OpenJDK 11.0.11.
f70ba620a0f91af5f16feb81d31fee9120de509e3d414a516cbeb63fb061c53c
Debian Linux Security Advisory 4909-1 - Several vulnerabilities were discovered in BIND, a DNS server implementation.
cc2264904e48cc7cf43a7849bdc0b950295b34a952297af0c847735cf51a4c53
Debian Linux Security Advisory 4910-1 - A vulnerability was discovered in libimage-exiftool-perl, a library and program to read and write meta information in multimedia files, which may result in execution of arbitrary code if a malformed DjVu file is processed.
3419aba9a6fab049b77f3b1d22f66ca6cb8054769858407b273adc18f878b239
Debian Linux Security Advisory 4911-1 - Several vulnerabilities have been discovered in the chromium web browser.
9deddc747716a9eff5ebd513469e72f12768fb8e205c29e0ae517708389745cb
Debian Linux Security Advisory 4912-1 - The Qualys Research Labs reported several vulnerabilities in Exim, a mail transport agent, which could result in local privilege escalation and remote code execution.
986ef7b5faca7b5ab9eda7cfc9036602582d7c35963a2717cb60fd735a20e638
Debian Linux Security Advisory 4913-1 - Jemery Galindo discovered an out-of-bounds memory access in Hivex, a library to parse Windows Registry hive files.
d5975d6183305aa7875bda6e752956e293def2561c07d0ff9a6e81105723d04c
Debian Linux Security Advisory 4914-1 - A buffer overflow was discovered in Graphviz, which could potentially result in the execution of arbitrary code when processing a malformed file.
5e62c3aecd9f57c1900b6a2895922bf1fbc5c8e2c7146e715c7a80bbfdd3ed22
Debian Linux Security Advisory 4915-1 - Multiple security issues have been discovered in the PostgreSQL database system, which could result in the execution of arbitrary code or disclosure of memory content.
749e89fc19223613bc0b6d01019d6a1ee0542a88c8aab17b2b1997127d5c70d6
Debian Linux Security Advisory 4916-1 - Multiple security issues were found in Prosody, a lightweight Jabber/XMPP server, which could result in denial of service or information disclosure.
cb46dc40512c3421c85d51fd617a841d7e020b87c87e4b6e511a33c6a0457dda
Debian Linux Security Advisory 4916-2 - The update for prosody released as DSA 4916-1 introduced a regression in websocket support. Updated prosody packages are now available to correct this issue.
dc006cd45dc6b2832b43551e25922ce746feecf07bca993f55194aa3fa68da82
Debian Linux Security Advisory 4917-1 - Several vulnerabilities have been discovered in the chromium web browser.
f6da704e89650adf1400be4cf1e03dfd6ea356481e8c080e1b7405b82d00e77e
Debian Linux Security Advisory 4918-1 - Improper pathname handling in ruby-rack-cors, a middleware that makes Rack-based apps CORS compatible, may result in access to private resources.
aad43033fd2d923343981ed3f9f6cf6e629a5e445a969a1991a2feeb576f243c
Debian Linux Security Advisory 4919-1 - Jasper Lievisse Adriaanse reported an integer overflow flaw in lz4, a fast LZ compression algorithm library, resulting in memory corruption.
41bb61b640cc01e826c9c253f58731d34427a40e6f793f86f7d008054e749c91
Debian Linux Security Advisory 4920-1 - Roman Fiedler reported that missing length validation in various functions provided by libx11, the X11 client-side library, allow to inject X11 protocol commands on X clients, leading to authentication bypass, denial of service or potentially the execution of arbitrary code.
4394a56178b38b24b98deb1792eadb7d5bae57faddf795c0673c26d8cf9b1b4f
Debian Linux Security Advisory 4921-1 - Luis Merino, Markus Vervier and Eric Sesterhenn discovered an off-by-one in Nginx, a high-performance web and reverse proxy server, which could result in denial of service and potentially the execution of arbitrary code.
09f330ad84d8d271d1fb4c1e34cc1a82845cc410ad88e9e1ad526b84cb5e3cec
Debian Linux Security Advisory 4922-1 - Amir Sarabadani and Kunal Mehta discovered that the import functionality of Hyperkitty, the web user interface to access Mailman 3 archives, did not restrict the visibility of private archives during the import, i.e. that during the import of a private Mailman 2 archive the archive was publicly accessible until the import completed.
285e96294fff62bc4ef42f9493107e61acf632573049b66584b40c1760babad2
Debian Linux Security Advisory 4923-1 - Vulnerabilities have been discovered in the webkit2gtk web engine.
107386cc474594875c7686aa1fdf20fd6c91795fe2bf2fa5c4f38b265efe74ea
Trixbox version 2.8.0.4 has an OS command injection vulnerability that can be leveraged via shell metacharacters in the lang parameter to /maint/modules/home/index.php.
aaabb057afb92bb25d1dc9037d5a6c0fb333f4768b0c90b7a44651f47b7bcfa7
Trixbox version 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.
fb3bf69481578dad07624872eec1f5d1da61660965e5ddb444e9193956929ed2
PHPFusion version 9.03.50 suffers from a remote code execution vulnerability.
0c1ea73a71c985e2370b23c0a29caa04d041fd12d0eccc6de21797149b8536e6
Ubuntu Security Notice 4967-2 - USN-4967-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx incorrectly handled responses to the DNS resolver. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
fa9566f11a9fe7fedfd3308556728e7989e3d35072dac1fff279c3e363c3e755
This paper is focused on the various ways in which threat hunting can be performed. It is based on the author's research of semi-automating the entire process by creating a tool based on machine learning and applying analytics.
6af7c1449c75828f7976e682efcd001d246afb3c611194a09d283daac934ebe6
QNAP MusicStation and MalwareRemover are affected by arbitrary file upload and command injection vulnerabilities, leading to pre-authentication remote command execution with root privileges on the NAS.
dddda20f7202ce5358af06526c5259d1f75a28b841ba2fcc6fd3fd23682bb880
WordPress LifterLMS plugin version 4.21.0 suffers from a persistent cross site scripting vulnerability.
20b27b98b2e22747764f7a39e413c4251aa23f2a701c00e2bc61df557d7309b3
Selenium version 3.141.59 remote code execution exploit.
31a04d36d587ab0a205023d11f001f9667bf27577d83ddca22b7e833833f61a8