Ubuntu Security Notice 3788-1 - Jakub Wilk discovered that Tex Live incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. It was discovered that Tex Live incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code.
cb209c1a50a7e5f25734ea9e5ac9a9313efb258486747903b4044d1baaa6c58e
Ubuntu Security Notice 3789-1 - It was discovered that ClamAV incorrectly handled unpacking MEW executables. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service.
1c6edef925f7c4bedaa6506634d06038bedf60570cb29a985a455dac771fca13
Red Hat Security Advisory 2018-2913-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.1.0 serves as an update to Red Hat Decision Manager 7.0.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a Yaml unmarshalling vulnerability.
cc38b911e825f8edd37d3bbb9acc75c0dae2fe09e6e53d916347b347a89128ce
Microsoft SQL Server Management Studio versions 17.9 and 18.0 Preview 4 suffer from an xmla filetype XML external entity injection vulnerability.
c204b8390aa9f3b452e1248505da6264f3d2333ca13b0895970c7c2e82d93bf3
E-Registrasi Pencak Silat version 18.10 suffers from a remote SQL injection vulnerability.
bef349fa34f9a22a8482cb78d468d517aa0efab52d7c8da1ce1b12979ce357bb
Microsoft SQL Server Management Studio versions 17.9 and 18.0 Preview 4 suffer from a xel filetype XML external entity injection vulnerability.
93aab3236ff7d54aeab41cf83d03f402cc82c23cf19f453cdd7db1821b733da2
Red Hat Security Advisory 2018-2909-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.1.0 serves as an update to Red Hat Process Automation Manager 7.0.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include Yaml unmarshalling that is vulnerable to remote code execution.
02c092985bfa4e2ad27e8aa3eac59ea24be99ae42083543407bef6cbb6b4374e
Microsoft SQL Server Management Studio versions 17.9 and 18.0 Preview 4 suffer from a REGSRVR filehandling XML external entity injection vulnerability.
056dfb5ca8dca223e9be7f8bbb151f47aefc000fd84aac30d7381391c2ca68f2
Phoenix Contact WebVisit version 6.40.00 suffers from a password disclosure vulnerability.
0975a074fe279ee9a877517618047adfd2c8e735ec28027484c16615165b1109
WAGO 750-881 01.09.18 suffers from a cross site scripting vulnerability.
02af24fa589b9d35aca68da06c679dc17d0a4573eecd10b9805e1ab78892d885
This Metasploit module exploits a use-after-free vulnerability in VideoLAN VLC versions 2.2.8 and below. The vulnerability exists in the parsing of MKV files and affects both 32 bits and 64 bits. In order to exploit this, this module will generate two files: The first .mkv file contains the main vulnerability and heap spray, the second .mkv file is required in order to take the vulnerable code path and should be placed under the same directory as the .mkv file. This Metasploit module has been tested against VLC v2.2.8. Tested with payloads windows/exec, windows/x64/exec, windows/shell/reverse_tcp, windows/x64/shell/reverse_tcp. Meterpreter payloads if used can cause the application to crash instead.
435c7636eca34f545c0f26cafcd6a118cbe005db8253b3a9ec76ba3a02331802
Ghostscript suffers from an executeonly bypass with errorhandler setup.
227c5b9392a6f42cf0122d15af332350cf1583e4b26a4c958b0863f5133bbb38
WhatsApp suffers from a heap corruption vulnerability in RTP processing.
e053dae6b5c926d9d1c66aa29e059009fecb9861a5a9937ccd1fa50f7ffcea53
Microsoft Edge suffers from a Chakra JIT type confusion bug.
f1c02ccc951ceda6d6a1421129878de1d9f26aadbd450419b54c25dda564411f
Microsoft Edge suffers from a Chakra JIT BailOutOnInvalidatedArrayHeadSegment check bypass vulnerability.
ec00b94941d6f0c365dbfe398115342baba4da955810b213e9dedced9dae355c
SD-WAN Harvester is a tool that was created to automatically enumerate and fingerprint SD-WAN nodes on the Internet. It uses Shodan search engine for discovering, NMAP NSE scripts for fingerprinting, and masscan to implement some specific checks.
d75ee7eb455934b4b348aa0eed32a0a295aa2c828a9ca19df95195939a6e47df
DELL EMC OneFS Storage Administration version 8.1.2.0 .zshrc file overwrite exploit that leverages FTP.
3b5b17812f3f44778999e90517867030ff0029783f64223e7500beac11d514de
gsview does not run -dSAFER, allowing for the execution of arbitrary code.
6a94b056b7d504ce2307bdccc8d5e12f15fcf4dca1e0b3b87b1b2cb5cbff9723
Ghostscript has an issue where an error object can expose system operators in the saved execution stack.
dcb624d6a7e684d9f9b8d63bc29a62e9a0cef57276d16e3a9b3f918f9d52cdba