Red Hat Security Advisory 2019-1268-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include wrong permissions in systemd admin-sock due to a missing SocketMode parameter.
5e33374ee511a6177cb296ad8608ed8954c6b49e422a6eebd6589ddcc28816a0Red Hat Security Advisory 2019-1269-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.
fbee5170db375b3d91941cb07f2ba27bcfb9a84cf4b53b8dcccbf4fbd8716f11Red Hat Security Advisory 2019-1264-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include wrong permissions in systemd admin-sock due to a missing SocketMode parameter.
89709fdf9f1aab40053d83ef7567f59964bd668be75e13198034ef8daa04b3b7Red Hat Security Advisory 2019-1267-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.
c6e7155e7416cfb68cc04e1c989838cfbc3d5433f74b1b0317dbf609a6f20135Red Hat Security Advisory 2019-1265-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.
a0c42636e0c91502637faa4f359fdb2c32abbdeeebfb99420b97ed8275037807Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
7e1ec5664a0dba4493d8729f9922378bdd05040fb159c2b03b42111efda2e53bGRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.
89ae266ede4d0d36eda8e3f278eb029a4a4d618c6c9e76a854d25e2d23cd3ae2Quest KACE Systems Management Appliance versions 9.0 and below suffer from a cross site scripting vulnerability.
65f3a081afe40db41f6639b1bc6e910e5e069fe0b2e9e5ad97c5da01c2da144fBitbucket Data Center had a path traversal vulnerability in the Data Center migration tool. A remote attacker with authenticated user with admin permissions can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Bitbucket Data Center. Bitbucket Server versions without a Data Center license are not vulnerable to this vulnerability. Versions of Bitbucket Server starting with 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.13.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) are affected by this vulnerability.
eb7fab9f199284bc9dc00a27ebbd15225692c071a07f834c3e67ddca2bd8df05Slackware Security Advisory - New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
c7b7d3aa5f310b98feb164aa85e9a57822005f12b22d8493cbbe0a4062035529Debian Linux Security Advisory 4449-1 - Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.
f288e09d2c0dcc0ea84e6812f141e1b65ed1bfe3dfccee0d7f7a76c267e67de0Ubuntu Security Notice 3977-2 - USN-3977-1 provided mitigations for Microarchitectural Data Sampling vulnerabilities in Intel Microcode for a large number of Intel processor families. This update provides the corresponding updated microcode mitigations for Intel Cherry Trail and Bay Trail processor families. Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
b95bf43c6402dc66b19fd844854fcacfcf6aa487e5936270e78fa5298c536caaOpencart versions 3.0.3.2 and below extension/feed/google_base remote denial of service proof of concept exploit.
95196c99a218a7f9fac52a75974542b8918ccfc5260c75f3fc68347f513ce7a7Security issues have been found in the Anviz M3 RFID Access Control device when working in standalone mode connected to a TCP/IP network that could lead to access control bypass and private information leakage and alteration.
c1ad183da60120552ef4da27582e26b8013025e79bc583b88967bdff43a3cbebNagios XI version 5.6.1 suffers from a remote SQL injection vulnerability.
0418d537082bf935ad351ffdfcfdf6c33a613a01b22067a727425bd053ea4db5Proof of concept exploit for an elevation of privilege vulnerability that exists in Windows when the Win32k component fails to properly handle objects in memory.
af82cc1fd927d501487e9bfd4d47ae1c8b398596eef61abe6f6b5625872c0564Interspire Email Marketer version 6.20 suffers from a remote code execution vulnerability in surveys_submit.php.
45d131e6a2425bb502f4a5d754152dd1a73aa4d4cac8f190794723acfe99d49eInternet Explorer 11 exploit that allows attackers to execute JavaScript with higher system access than is normally permitted by the browser sandbox.
7201c91d0285dfceb33caf8cf4b721c934c72d5d2f45225ca7e38a1614207c23Angry Polar Bear 2 is a Microsoft Windows error reporting privilege escalation exploit.
5acdfb34c398811a4f8c1dd9e52decb18e0d1a86ec622eba5000824ef62936baNetAware version 1.20 Share Name and Add Block denial of service proof of concept exploits.
6c84040b138495f6660c8edd2b942bb104ca3c330de37c714b526db29500e0ecWordPress Tigin theme version 1.0.5 suffers from an open redirection vulnerability.
3d29202ebf60fe8aa79edaa07fe92001705f95e55dafc55df22bc1415c965cd5WordPress Xunjin theme version 4.6 suffers from an open redirection vulnerability.
472807dea6c8ebff739626aa3cc82c7f3add8f45ed3f45d39207b3c1d5f71446WordPress Divi-Child theme version 1.0 suffers from an open redirection vulnerability.
ec7bd7aa0d6d7f4a1c9302e75470149f20bcec4e76defb4f83f0f02d3cdd99d6WordPress Howsci theme version 1.8 suffers from an open redirection vulnerability.
cf395eba98f23ba17578ab45705702c87ce371522a242fc28e713d1e6ca6e19aWordPress Antena_Ri Institute theme version 2.0 suffers from an open redirection vulnerability.
70dde7194325351f1f0fb8c5ac6011731d1a3c8f0edcc2a8ae9bb9d2028a3d7b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed