VMware Security Advisory 2018-0031 - vRealize Operations updates address a local privilege escalation vulnerability.
f41524536e72c476e12712b7fba94223e3194bcd61922bab81d01d639ea618bcRed Hat Security Advisory 2018-3852-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP25. Issues addressed include a denial of service vulnerability.
9d4f7bc666bf94a492aff063465bfd97a5d1aa5e574805c94c9ec1e09d2be252Secunia Research has discovered a vulnerability in libexif, which can be exploited by malicious people to cause a DoS (Denial of Service). An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags can be exploited to exhaust available CPU resources. The vulnerability is confirmed in version 0.6.21. Other versions may also be affected.
a3e0bd35e18db8d27c9c10475a90db33972c41764401685daf843f8770832532Secunia Research has discovered multiple vulnerabilities in LibRaw, which can be exploited by malicious people to cause a DoS (Denial of Service). A type confusion error within the "unpacked_load_raw()" function (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop. An error within the "parse_rollei()" function (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop. An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) can be exploited to exhaust available CPU resources. The vulnerabilities are confirmed in version 0.19.0 and reported in versions prior to 0.19.1.
3db5c91bb6c24888166cacb845b1ca20edac2ec4797287c3534c7c75400e4192Red Hat Security Advisory 2018-3843-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service and null pointer vulnerabilities.
24c105ddb0fdc5ca344569ee52fa527ba5e87cc14d0872695bdcd04d49254cdfRed Hat Security Advisory 2018-3837-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information leakage vulnerability.
67b6c9709b4cc32ae29fa136f89639bdb330cd4a92370e48c6deb28ffbd5645dRed Hat Security Advisory 2018-3838-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information leakage vulnerability.
216b698541f204cd77bbd73db491b87c343c3190e21eac68708424ddcd50df5fRed Hat Security Advisory 2018-3835-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information leakage vulnerability.
2a94daecf51ca3dcddd8e0aedd95681c9f9b8f14a8ee04938db184638fb2648aRed Hat Security Advisory 2018-3836-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information leakage vulnerability.
6088973fb3aff4c16c039efbc1c211150c71caee327c9cddb88887a4381c09f6Red Hat Security Advisory 2018-3834-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Issues addressed include a bypass vulnerability.
f5f96e39e74386a862dbdf24dde2652838709fb7d29500c0d76bd6ebb2ae845eRed Hat Security Advisory 2018-3833-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.4.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.
abc39ad18277beaa29d946e69e22fe8100ab959716ff83f5434d7dad4b714ef1Red Hat Security Advisory 2018-3831-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.4.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.
fa4d0fb6edb9fcaa7acb22fc4880dbda65712b5a54c4433bd1aac71bf6472536Red Hat Security Advisory 2018-3829-01 - Red Hat Gluster Storage Web Administration includes a fully automated setup based on Ansible and provides deep metrics and insights into active Gluster storage pools by using the Grafana platform. Red Hat Gluster Storage Web Administration provides a dashboard view which allows an administrator to get a view of overall gluster health in terms of hosts, volumes, bricks, and other components of GlusterFS. Issues addressed include a bypass vulnerability.
8459d9467a8d4f4ae1d43a3a10fdd1149e3bf9c0c7b5aca81ae4d54af0046db2Gentoo Linux Security Advisory 201812-8 - A vulnerability in Scala could result in privilege escalation. Versions less than 2.12.4 are affected.
22d1c878cf3f86d4309101cfc5cc62eaef85f0bbe8e3dc3bdab52761ba7a7229Gentoo Linux Security Advisory 201812-7 - Multiple vulnerabilities have been found in SpamAssassin, the worst of which may lead to remote code execution. Versions prior to 3.4.2-r2 are affected.
dba3bc0701b30e7316c68239dcb0b2c5d166d8e853ad177d8d8611f3d01fb659Gentoo Linux Security Advisory 201812-6 - Multiple vulnerabilities have been found in CouchDB, the worst of which could lead to the remote execution of code. Versions less than or equal to 2.1.2 are affected.
e0f321bad719c25fba4a870aa7db419a011e19fd771faa66863daab3b0fd1ce7WebKitGTK+ and WPE WebKit suffer from multiple memory corruption vulnerabilities that can lead to code execution.
a7ec001ae70f4424c933c3e526ad4f1f1edfb80ffe8e45ec92f1ffebddd58f71Micro Focus Security Bulletin MFSBGN03835 1 - The SSC REST API contains Insecure Direct Object Reference (IDOR) vulnerabilities that allow authenticated users access to arbitrary details of the Local and LDAP users via POST method and to arbitrary details of other user's Fortify projects via GET method. Revision 1 of this advisory.
78602ef0efd0605008f1fbce59841d535c41dd7f6c75375c80f990b66f399b5cMicro Focus Security Bulletin MFSBGN03837 1 - A vulnerabilities in Apache Tomcat was addressed by Micro Focus Network Node Manager i. The vulnerability could be exploited Remote Cross-Site Scripting (XSS) and Remote Disclosure of Information. Revision 1 of this advisory.
69bad3da3d6d506035ef6a4b85f35bec78121f1787146f7b5587ba63b5f9d04dRed Hat Security Advisory 2018-3816-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include memory disclosure and client-side security problems.
5babb9742f0b837b18016ae6e3fd236587c37fab6420f152508b801587269e6cDebian Linux Security Advisory 4354-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or bypass of the same-origin policy.
d4abe9fb775b7447462f9534ef3304643476701c50f56da8f4238dcf00de841bRed Hat Security Advisory 2018-3822-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an use-after-free vulnerability.
2c75e8a0c4daa00265bfac5900dda74d873669e6e611b64f788b2b86a15f96e7Red Hat Security Advisory 2018-3823-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an use-after-free vulnerability.
30befba6188da69a809e66cefa93e12c83bfc4f4ca6df6f16330d33155190dacSlackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
c879ec048793b84c4086c75f0c15ae93fcef31d64fd372f00fe433ec923a50d8Ubuntu Security Notice 3845-1 - Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 18.04 LTS and Ubuntu 18.10. Eyal Itkin discovered FreeRDP incorrectly handled bitmaps. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
700e7cd7426950be3745ea829c1727c1dce803c11dbc707bc426e6d5df75b186
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed