OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
ebbfc844a8c8cc0ea5dc10b86c9ce97f401837f3fa08c17b2cdadc118253cf99Xen suffers from an integer overflow vulnerability in xen-netback xenvif_set_hash_mapping.
a57c9bdaee536be75c911cbc36bfde9628b265d45ec11186e3c633aa95fb102cThe InitializeNumberFormat function in Intl.js is used to initialize an Intl.NumberFormat object, and InitializeDateTimeFormat is used for an Intl.DateTimeFormat object. There are two versions of each initializer. One is for WinGlob and the other is for ICU. The problem is that the versions for ICU don't check whether the given object has been initialized. This allows to initialize the same object multiple times which can lead to type confusion.
f97ca7991e591cef05e7ed6feb1a7ced14a0b1f33f4e0b684d0bbfae83d9c790Microsoft Edge Chakra JIT suffers from a type confusion vulnerability with InlineArrayPush.
4d7c1c0bd391258ccf4d2a6df0bbe9fce45d445b76d8eb5317891fd7fc1cfef5Microsoft Edge Chakra has an issue where DictionaryPropertyDescriptor::CopyFrom does not copy all fields.
02a9af64a615a45ba93686901284c1ca585f8e53c27860a4cfcb2c7a25376b37Microsoft Edge Chakra suffers from a parameter scope parsing bug.
a916e8ee259ed452ab0ef0b7d6f4f736a5c6609e52233de54ab3341897861228Microsoft Edge Chakra JIT suffers from an ImplicitCallFlags check bypass vulnerability with Intl.
fa2ba833d2e86afeca1956fc5c100501e728bc7ca7779f47078461ffbd346babSilver Peak EdgeConnect version 8.1.4.9_65644 suffers from brute force, information leakage, cross site request forgery, cross site scripting, denial of service, default SNMP community string, and path traversal vulnerabilities.
b42452437467664a92247a8da4abc4bab26c4a029cebeb2baf14a4b90f2bc2ecDebian Linux Security Advisory 4276-1 - Fariskhi Vidyan and Thomas Jarosch discovered several vulnerabilities in php-horde-image, the image processing library for the Horde groupware suite. They would allow an attacker to cause a denial-of-service or execute arbitrary code.
5a91e4696a88ec6df60c812fd310ab5a29f0fe840e8ade3ed2ebda558fa04fe4Debian Linux Security Advisory 4275-1 - Kristi Nikolla discovered an information leak in Keystone, the OpenStack identity service, if running in a federated setup.
2722a7a50b3df516beead367c9a8fdb85bc8fc6b0ed463e739d8468a039808d5Debian Linux Security Advisory 4274-1 - This update provides mitigations for the "L1 Terminal Fault" vulnerability affecting a range of Intel CPUs.
090e52f65938d37c9d400bbfae4c12bff0fad68fc7f006a27c5b57d8da365fccDebian Linux Security Advisory 4273-1 - This update ships updated CPU microcode for some types of Intel CPUs and provides SSBD support (needed to address "Spectre v4") and fixes for "Spectre v3a".
3063db9bd745bdaeeb09124be4f84fda09413e2977b37ed6971840c6ddf5d2f3Ubuntu Security Notice 3658-3 - USN-3658-1 fixed a vulnerability in procps-ng. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that the procps-ng top utility incorrectly read its configuration file from the current working directory. A local attacker could possibly use this issue to escalate privileges. Various other issues were also addressed.
a32a90f48926d3e6126d1244f916e94cebf95b7a6a2e7475e80023c4dc952f14Red Hat Security Advisory 2018-2486-01 - This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Issues addressed include buffer overflow, heap overflow, and use-after-free vulnerabilities.
140c5c41e74ea3c15e65121e0032d6722516e2191125272a7af63151aff85e5dRed Hat Security Advisory 2018-2482-01 - Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that runs virtually anywhere. Issues addressed include a container breakout vulnerability.
62402d4275a02e8054f684608b6f634e241a038754a74759288805f7895f2d8eRed Hat Security Advisory 2018-2469-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 4 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include insecure defaults.
58233e3f4ecd9722a599c2120cf4861835f04bbae8478ae9b987c99057992e0eUbuntu Security Notice 3743-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
45119b386ec1249752c118d988a4af26e77728f2aff90d9299f2cbcbc2021604Ubuntu Security Notice 3744-1 - Andrew Krasichkov discovered that the PostgreSQL client library incorrectly reset its internal state between connections. A remote attacker could possibly use this issue to bypass certain client-side connection security features. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that PostgreSQL incorrectly checked authorization on certain statements. A remote attacker could possibly use this issue to read arbitrary server memory or alter certain data. Various other issues were also addressed.
10c7a46516045ae2ad89d98e1e273b9ca69727a9da14ccba89173432684540aeADM versions 3.1.2RHG1 and below suffer from a remote code execution vulnerability.
9a46e6052ab21077d8fb2a00c396c5a222221fa0ed30b081f7a21a733bacdd33Mikrotik WinBox version 6.42 suffers from a credential disclosure vulnerability.
facd664f6ae9c30c9f9f80e3755e975bbd10839dbf536c509f7c498a947844aaCEWE Photoshow version 6.3.4 suffers from a denial of service vulnerability.
d72c8c951d63b0ee4bf8a4e7b94c8ec955f07b7ee21e7a2ddb55a20820e0eac1WordPress Dreamsmiths Themes version 0.0.1 suffers from an arbitrary file download vulnerability.
70e7b14338cee8434121d445a5d8df4306f3cbe0660cf766d5d1db94a92d44d7
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed