QNAP Qcenter Virtual Appliance versions 1.6.1056 (20170825) and 1.6.1075 (20171123) suffer from information disclosure and command injection vulnerabilities.
d468f350b0e3bb3d4bd9bf10b3b49470163d611522cabc435f5fd39081341998Red Hat Security Advisory 2018-2181-01 - The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Issues addressed include a bypass vulnerability.
52028cf1f6db5944f1b973c2d1be9658dbc142764c48fc8560d6d3b5e94951daRed Hat Security Advisory 2018-2180-01 - The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Issues addressed include a bypass vulnerability.
2f2fc656a581e7a0b0a806028dac8470629fd42649f68fd5af9f7580518b6aebRed Hat Security Advisory 2018-2179-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Issues addressed include a replay attack.
dcc4b3046d8cff4c77cd181b7bb36d7967e583f5ca3b5fab4427296c02f4669bRed Hat Security Advisory 2018-2177-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Issues addressed include a replay attack.
f66ca56100c49f8187579e719075112a6d84ba932d8fee2c646889b4646415feUbuntu Security Notice 3713-1 - It was discovered that CUPS incorrectly handled certain print jobs with invalid usernames. A remote attacker could possibly use this issue to cause CUPS to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 17.10 and Ubuntu 18.04 LTS. Dan Bastone discovered that the CUPS dnssd backend incorrectly handled certain environment variables. A local attacker could possibly use this issue to escalate privileges. Various other issues were also addressed.
696d3fdbcef1b01d52dff2f4565355074090de06c6cc24cb37ef6444f2ca5109Red Hat Security Advisory 2018-2175-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 30.0.0.134. Issues addressed include code execution and information leakage vulnerabilities.
7e822f19628fcf55de77c9289e9debc357295bd640fcd81c9cff8956a2130b22Ubuntu Security Notice 3712-2 - USN-3712-1 fixed a vulnerability in libpng. This update provides the corresponding update for Ubuntu 12.04 ESM. Patrick Keshishian discovered that libpng incorrectly handled certain PNG files. An attacker could possibly use this to cause a denial of service. Various other issues were also addressed.
150dd69707b25b37b367c9d9b2ee47ad70d22c63637146c4e616f1234c6b6eb3Red Hat Security Advisory 2018-2171-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.
de0f56c6c7b249012a387ea4fcf7ab085c6f818aa0791e0e2cb6f63d42a0a112Red Hat Security Advisory 2018-2172-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass and denial of service vulnerabilities.
120618865f27d7b90f6c963f7b6c5b96f23495fb6c517ea21fe91d7d65b37acbUbuntu Security Notice 3712-1 - Patrick Keshishian discovered that libpng incorrectly handled certain PNG files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Thuan Pham discovered that libpng incorrectly handled certain PNG files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. Various other issues were also addressed.
1572d5cb56753915b7a92ced20be9c8bc8ddb3cb195cffb7589ec0bd3721f7beDebian Linux Security Advisory 4243-1 - Several vulnerabilities were discovered in CUPS, the Common UNIX Printing System.
aca1858973f34db6367f75c04838d3899ca1dfc9eb689872c60d225aabc1afd1Ubuntu Security Notice 3711-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.
43499196ea3a89189959663742163f66dab74023ab72de3a6654c126bbeef0feUbuntu Security Notice 3710-1 - Peter Wu discovered that curl incorrectly handled certain SMTP buffers. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code.
80a2b90af8e17bbed5256e4745e44fc313b6f24d80e3fba89089ca8b34392848ASUS WRT-AC66U version 3.x suffers from a cross site scripting vulnerability.
25f38421dce8448e1973b878362b6084ab7cef4bc97261b008c67a51d03ebb73AT&T Bizcircle suffered from a persistent cross site scripting vulnerability.
67231592a84f928b34d59cd3017e9fc590b60931772a091e74e87da4fcc51f44Intel System CU versions 14.0 and 14.1 suffer from a buffer overflow vulnerability.
b08a71520ac93d53b65797c8f313d51e383ee856103ba5c0015950cea6f27843Secutech DSL WR RIS 330 suffers from bypass and cross site scripting vulnerabilities.
604b5febb245493ac9cec131d55afb3daf720560081f73acda841f8fbd023cd7WAGO e!DISPLAY 7300T WP 4.3 480x272 PIO1 version FW 01 - 01.01.10(01) suffer from code execution, cross site scripting, weak permission, and remote file upload vulnerabilities.
4ddfd7e4aeded2b9a09503c3772f049b2865f8a9549663d294404fbb6dff2c0aSlackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix bugs and security issues.
0d2cbd27f7b56b47c03db4cb6dddb5af5a4867844c88c7b8aaf3cbd41e1518d1In this article, the authors want to present an example of exploiting a trust relationship between two technical devices that can put the confidentiality of sensitive data or the integrity of a computer system at risk. This trust relationship they exploit exists between two Bluetooth devices: On the one side a computer system you want to remain secure and you don't want to be compromised, for example your laptop, or your smartphone, and on the other side a Bluetooth device you usually do not consider worth protecting with special diligence as it simply is an output device of a specific kind and does not persistently store any of your valuable data locally, for example headphones.
b73346666342349f472c954f5a015752063415c14b1cc1ea74d10fb17608bf4aInstagram Clone Script version 2.0 suffers from a cross site scripting vulnerability.
d4bb14032c5930eee2cbe4af21e14f3b5fbc79578874f4495a10ef8a06c83db8Barracuda ADC versions 5.x suffer from a client-side script insertion vulnerability.
3ed5aa932b59a3840c5030e45858cf115c1a1549e2350b780c701c93d2a32aa0Red Hat Security Advisory 2018-2167-01 - .NET Core is a managed software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address several security vulnerabilities are now available. The updated versions are .NET Core 1.0.12, 1.1.9, 2.0.9, and 2.1.2. These versions correspond to the July 2018 security release by .NET Core upstream projects.
c646ace6ae9258cf3d77fb0dc1589f7fb9e6159e4c489fcec2b891f919e17fe5Barracuda ADC versions 5.x suffer from filter bypass and cross site scripting vulnerabilities.
a772d36d518a6c3906a380f6f5015a6140643398577eea8d157e748cc0e6a212
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed