Gentoo Linux Security Advisory 201811-24 - A SQL injection in PostgreSQL may allow attackers to execute arbitrary SQL statements. Many versions are affected.
a087bea7df518fee4c512dab8b1b7128152a68b584f11bf25fcd2f30c6ea069dGentoo Linux Security Advisory 201811-23 - Multiple vulnerabilities have been found in libsndfile, the worst of which might allow remote attackers to cause a Denial of Service condition. Versions less than 1.0.28-r4 are affected.
53c9e768ab556258485ffacf946632c5c77d01764fb08f0a3ef5bf547479fbe5Ubuntu Security Notice 3833-1 - Jann Horn discovered that the Linux kernel mishandles mapping UID or GID ranges inside nested user namespaces in some situations. A local attacker could use this to bypass access controls on resources outside the namespace. Philipp Wendler discovered that the overlayfs implementation in the Linux kernel did not properly verify the directory contents permissions from within a unprivileged user namespace. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
a245ddd2e063e75ae9b8cd656c2ba843ed10ef466025e17abe119b7bfbe3080aUbuntu Security Notice 3832-1 - Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. Jann Horn discovered that the mremap system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service , expose sensitive information, or possibly execute arbitrary code. Various other issues were also addressed.
b57e39d7a6b2621e28ea09c25523ef6ffe045219afabe19ad27f96586c416cd1Debian Linux Security Advisory 4347-1 - Multiple vulnerabilities were discovered in the implementation of the Perl programming language.
693b5b860a9f8cea84d3e3b377ab5b2c4b932965f11e4d4715f272144663f79bSlackware Security Advisory - New samba packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
671fbca86bbc5a91ba38e250555985ef427c47025b7d59bbb3bd26f4e94c089cRed Hat Security Advisory 2018-3738-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a name equality check.
eb0ce715cf844684ef01e1980a5cde4f3ad3c61658a96a7c429bb1f1502520dbUbuntu Security Notice 3795-3 - USN-3795-1 and USN-3795-2 fixed a vulnerability in libssh. The upstream fix introduced a regression. This update fixes the problem. Peter Winter-Smith discovered that libssh incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials. Various other issues were also addressed.
0db1887001641d8acf759d27b5cb2ddd82af752d469ef1b920b7bdce098289b4Ubuntu Security Notice 3831-1 - It was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service.
f393db61267526f9bb9a3e7c882bd9b3c0c9096a7343ce75fd00bbb4b1ff4263Red Hat Security Advisory 2018-3731-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include code execution, cross site scripting, denial of service, deserialization, and traversal vulnerabilities.
67960d69e88fb6e819f1aed911deeb9a04df23e739ae31cebcff7618004f0b0fRed Hat Security Advisory 2018-3730-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include code execution, cross site scripting, denial of service, deserialization, and traversal vulnerabilities.
5974e59d03ede1e205bc6f92b04e3d4d0be271c53073850c54f2227ff9bf7374Red Hat Security Advisory 2018-3729-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include code execution, cross site scripting, denial of service, deserialization, and traversal vulnerabilities.
50842ce6db655529d85f25aace87d1c36085f22eb7f5436231ccd6f4207b1c4aGentoo Linux Security Advisory 201811-21 - Multiple vulnerabilities have been found in OpenSSL, the worst of which may lead to a Denial of Service condition. Versions less than 1.0.2o are affected.
c1d2c4c1f169d7444a8ec783ed15c7533f43aef45a89c4f6cbccef76230c09e9Gentoo Linux Security Advisory 201811-22 - Multiple vulnerabilities have been found in RPM, the worst of which could allow a remote attacker to escalate privileges. Versions less than 4.14.1 are affected.
dbe5366b678db36b941163032978eb4793921ab8f835a04b9d9232bde15f35a3Ubuntu Security Notice 3830-1 - USN-3804-1 fixed vulnerabilities in OpenJDK. Unfortunately, that update introduced a regression when validating JAR files that prevented Java applications from finding classes in some situations. This update fixes the problem.
166b04353de713beab9d08eea9a06f119e07b1b80978dd2605262a24dc29f7b6Debian Linux Security Advisory 4346-1 - Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed (despite the -dSAFER sandbox being enabled).
31d5f9ccd80e2ae52f634417dc51d4efec799681af5b520ee3732b3908bb345dFreeBSD Security Advisory - Insufficient and improper checking in the NFS server code could cause a denial of service or possibly remote code execution via a specially crafted network packet. A remote attacker could cause the NFS server to crash, resulting in a denial of service, or possibly execute arbitrary code on the server.
10bcc1748ee3a9d625fa8d7384fa8357ec3df2199059cc67ec2a7fe57ef95a19SonarSource SonarQube versions 7.3 and below suffer from an information disclosure vulnerability.
181609b1236e0b843500d4b4daa0c9bbe9a1ffa24780b31dc2fd2c271679e4c6Debian Linux Security Advisory 4345-1 - Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix.
8e8662ce6c65cf8afbe1105d2a8bdc36b597add5ac00992a1699de767fa80143Ubuntu Security Notice 3829-1 - It was discovered that Git incorrectly handled layers of tree objects. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. It was discovered that Git incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. Various other issues were also addressed.
0340a7e54640e1c20b59cb7982cd154569a02864421fcde9d8908cbd8a8e24a7Ubuntu Security Notice 3827-2 - USN-3827-1 fixed a vulnerability in samba. This update provides the corresponding update for Ubuntu 12.04 ESM. Florian Stuelpner discovered that Samba incorrectly handled CNAME records. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service. Various other issues were also addressed.
7db0d77361d81832ac500d6926d20bd91a314d5e196908f013fdb41d3ea16986Ubuntu Security Notice 3816-3 - USN-3816-1 fixed vulnerabilities in systemd. The fix for CVE-2018-6954 caused a regression in systemd-tmpfiles when running Ubuntu inside a container on some older kernels. This issue only affected Ubuntu 16.04 LTS. In order to continue to support this configuration, the fixes for CVE-2018-6954 have been reverted. Various other issues were also addressed.
cb9b05c78f4e62578d79c6d74bb3b6230e89ffde7e11bd266932cddb628c5b23Ubuntu Security Notice 3828-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
f8544edc8b1f4d249bcc6d8a6cef14a1aaf8d60bcc4f9a4e10769d1234806261Ubuntu Security Notice 3827-1 - Florian Stuelpner discovered that Samba incorrectly handled CNAME records. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service. Alex MacCuish discovered that Samba incorrectly handled memory when configured to accept smart-card authentication. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. Various other issues were also addressed.
52eab17c24ac653301862d040a9c6d4c27fd54410da5479f5553da89f86b72d3Red Hat Security Advisory 2018-3681-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a denial of service vulnerability.
edc156252a77c17ab32cdf45a40f9b72fed35d597c56732bf77fbcba569b8b86
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed