Ubuntu Security Notice 3949-1 - It was discovered that a memory disclosure issue existed in the OpenJDK Library subsystem. An attacker could use this to expose sensitive information and possibly bypass Java sandbox restrictions. Please note that with this update, the OpenJDK package in Ubuntu 18.04 LTS has transitioned from OpenJDK 10 to OpenJDK 11. Several additional packages were updated to be compatible with OpenJDK 11.
2367ef3bff28dccb5fce02b2508e0d68e085e7266a6385c6f07453e73ba65e67Ubuntu Security Notice 3948-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
86e192d0f551cd83fe5734820e330afcab832fe7665ccf0c2aac1f465e9f215eRed Hat Security Advisory 2019-0766-01 - The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Issues addressed include a bypass vulnerability.
012f4ad04dfc61c3c09c658d481c74c8f64bfaf993d2963c62ffa6799022add7On Microsoft Windows, the LUAFV driver has a race condition in the LuafvPostReadWrite callback if delay virtualization has occurred during a read leading to the SECTION_OBJECT_POINTERS value being reset to the underlying file resulting in elevation of privilege.
1e8cd54d3c2d772976524e371c95b1d714210d40f0a02d7fb49facede63a5c9eOn Microsoft Windows, the LUAFV driver can confuse the cache and memory manager to replace the contents of privileged file leading to elevation of privilege.
2f0783d66d46e920f1e358cb270db27803dfe9308027b531f607dbab38974980On Microsoft Windows, the NtSetCachedSigningLevel system call can be tricked by the operation of LUAFV to apply a cached signature to an arbitrary file leading to a bypass of code signing enforcement under UMCI with Device Guard.
5e11646fa10b0479415382c2a97eb9d01f2462f9f48431fe8f465de293d45f36On Microsoft Windows, the LUAFV driver bypasses security checks to copy short names during file virtualization which can be tricked into writing an arbitrary short name leading to elevation of privilege.
72c0e2e26c794f1e484bea3169422e90d36accc9e727f3f347fdeb0418dabcbcOn Microsoft Windows, the LUAFV driver doesn't take into account a virtualized handle being duplicated to a more privileged process resulting in elevation of privilege.
aa83f4bf9c9d7ac15d9c50d8e2eb520ebe906895d7841085259cbda854780e60On Microsoft Windows, the LUAFV driver reuses the file's create request DesiredAccess parameter, which can include MAXIMUM_ACCESS, when virtualizing a file resulting in elevation of privilege.
c6698b041f1966005a9d6cd5b1e2888b8cb194d1fd4f68b6863494c7a26ab4e6On Microsoft Windows, the SxS manifest cache in CSRSS uses a weak key allowing an attacker to fill a cache entry for a system binary leading to elevation of privilege.
ad66ed46b7b1347ea52c8af3e54cce2e72fd812fa5124a8d4ad94efa3452229cMailCarrier version 2.51 POP3 RETR command remote SEH buffer overflow exploit.
369b8595dde8c9b12c3bf187b78d4d2a5d97de8c059235337dc95c461bb91375Red Hat Security Advisory 2019-0765-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include an information leakage vulnerability.
e2204bba42bf856629e8e3a8e3683ece88f4b58d35fb8ff0c14a30b1b41e5f58Gentoo Linux Security Advisory 201904-15 - A vulnerability in libTIFF could lead to a Denial of Service condition. Versions less than 4.0.10 are affected.
097c14af7c9924c19b9c7c25395c1047732dbeb1eabbaae2598c929474e8da87Ubuntu Security Notice 3947-2 - USN-3947-1 fixed a vulnerability in Libxslt. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Libxslt incorrectly handled certain documents. An attacker could possibly use this issue to access sensitive information. Various other issues were also addressed.
3e720ed3cabc26c15c50961a47bd9d2e89fe9c6ce7ad4a5073ad1db9778357dcJoomla versions 1.5.0 through 3.9.4 suffer from arbitrary file deletion and directory traversal vulnerabilities.
53b8b3b18868765214204a82f2af5d3caa0c20dbe06f39856c11642e46e530b9Zoho ManageEngine ADManager Plus version 6.6 builds prior to 6659 suffer from a privilege escalation vulnerability.
7b90482fd6c4094ace9ce2306bb91955009fe7f37cb609a6f24b88500d25b784ZyWall 310, ZyWall 110, USG1900, ATP500, and USG40 devices suffer from a cross site scripting vulnerability.
81540b3aa097eb20c487c7beb07f37000e14749f428121afdc08a3ecc9515357PCHelpWare 2 version 1.0.0.5 Group denial of service exploit.
b795b210e0d597f6d8ad0edbd230247a547a2113cb3d4b3b9c5641fa5580e324AdminExpress version 1.2.5 suffers from a Folder Path denial of service vulnerability.
ca0d46946a6d528d2730acea7ac98647e979cdbed1bcce4a80fc135d90e8e99b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed