There is an out-of-bounds write vulnerability in jscript.dll in the JsArrayFunctionHeapSort function. This vulnerability can be exploited through Internet Explorer or potentially through WPAD over local network.
44579881567c53e64a8aab7be8ad5b9de9c62e57487408187bfa4fe7b1adbd56SDL Web Content Manager version 8.5.0 suffers from an XML external entity injection vulnerability.
2fda5ec43bfad50bcce9b38c70c67bc1f66aa66e741a3d57bde74a938d39f699AnyBurn version 4.3 suffers from buffer overflow and denial of service vulnerabilities.
329a83a9154f224e471a4f8a318eb233589b7bf71a625b507a8c8bce7ddd5300Exel Password Recovery version 8.2.0.0 suffers from buffer overflow and denial of service vulnerabilities.
240883100f4e3a59a37f80a2b08d5dac6ffa6ea25b4e98c59c68659d0bb4c1c2MegaPing suffers from buffer overflow and denial of service vulnerabilities.
3771733e71abf4ccf921f7daf633291ab543c4b422c126faf6a88047b7d4e228Nsauditor version 3.0.28.0 local SEH buffer overflow exploit.
8152f4393c9789912076e0de5b3d1c29df24163e03c2f7836e9b77b148b57c08GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.
8e056afd847dd21c7f973764dd9065fee098707e13ea5afa65b4741683234e00Secunia Research has discovered a vulnerability in libexif, which can be exploited by malicious people to cause a DoS (Denial of Service). An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags can be exploited to exhaust available CPU resources. The vulnerability is confirmed in version 0.6.21. Other versions may also be affected.
a3e0bd35e18db8d27c9c10475a90db33972c41764401685daf843f8770832532Secunia Research has discovered multiple vulnerabilities in LibRaw, which can be exploited by malicious people to cause a DoS (Denial of Service). A type confusion error within the "unpacked_load_raw()" function (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop. An error within the "parse_rollei()" function (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop. An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) can be exploited to exhaust available CPU resources. The vulnerabilities are confirmed in version 0.19.0 and reported in versions prior to 0.19.1.
3db5c91bb6c24888166cacb845b1ca20edac2ec4797287c3534c7c75400e4192Red Hat Security Advisory 2018-3843-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service and null pointer vulnerabilities.
24c105ddb0fdc5ca344569ee52fa527ba5e87cc14d0872695bdcd04d49254cdfRed Hat Security Advisory 2018-3837-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information leakage vulnerability.
67b6c9709b4cc32ae29fa136f89639bdb330cd4a92370e48c6deb28ffbd5645dRed Hat Security Advisory 2018-3838-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information leakage vulnerability.
216b698541f204cd77bbd73db491b87c343c3190e21eac68708424ddcd50df5fRed Hat Security Advisory 2018-3835-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information leakage vulnerability.
2a94daecf51ca3dcddd8e0aedd95681c9f9b8f14a8ee04938db184638fb2648aRed Hat Security Advisory 2018-3836-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information leakage vulnerability.
6088973fb3aff4c16c039efbc1c211150c71caee327c9cddb88887a4381c09f6Red Hat Security Advisory 2018-3834-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Issues addressed include a bypass vulnerability.
f5f96e39e74386a862dbdf24dde2652838709fb7d29500c0d76bd6ebb2ae845e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed