I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
8bb88d3db355ebfa5be65d48089db60919875ac298b7217b7f8150048ea5079eRaptor is a web application firewall written in C that uses DFA to block SQL injection, cross site scripting, and path traversals.
447b1f123430d2d4378832b337fca556aa9a009f7c6863f5382f9844a50bcc42Red Hat Security Advisory 2018-2037-01 - The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Issues addressed include a problem where containers run as non-root users do not drop capabilities.
a89a5d6c2109afaef7fed67506acdaeb2dca4fcde68f4b07ca16aa378fdccc16Red Hat Security Advisory 2018-2038-01 - The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space. Issues addressed include an information exposure vulnerability.
193050d2859f9774b75b6e27f5e090fac7e5a7b653ab4db98c5b7f2a9c169da4Red Hat Security Advisory 2018-2022-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information leakage vulnerability.
4abef6eccdfd763ea52b27371cabd8e5dee046c31525082ebdb1d3fbfc26ab49Red Hat Security Advisory 2018-2001-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include a bypass vulnerability.
428cfa13864ae570397f8f64c14e7424039079840c6f9a3bd7bc3ca839c68e4cRed Hat Security Advisory 2018-1997-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a bypass vulnerability.
6162841f8e56c68ab1cd4a6e5e2c440ec5e1f1a6e1a097e3a506319255f56ba4Red Hat Security Advisory 2018-1965-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.
5625c726ca93dddc4f128e9505cbafd6e9a86b185e28f9e42a9db805ce8d6b15Red Hat Security Advisory 2018-2003-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a bypass vulnerability.
3df03071d93422612d584b49a3fca361b78a54a69d4c0611dccd3bc4ede47b6eRed Hat Security Advisory 2018-1979-01 - The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System. Issues addressed include a mishandled ACL configuration.
646ec53ff9052049e7f708ecd146f3966e311e18f1a173d05e21b532e225ec05Red Hat Security Advisory 2018-2020-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. It includes bug fixes and enhancements, which are documented in the readme.txt file included with the patch files. Issues addressed include a file disclosure vulnerability.
134d8a5b2ddc7d417cababde0f0cac534b88c2372bb7e3c04258d447a81ea2bcRed Hat Security Advisory 2018-2006-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a bypass vulnerability.
ca891c305b74f2203c8a71e33c2d143de883f420e647176863e7bde00ec4f911Red Hat Security Advisory 2018-1967-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include a bypass vulnerability.
1f84086fb9dc926e9c6cbd7c89e97e3af1970709e492833edac35dbf5eb38a12This Metasploit module exploits a command injection vulnerability in Quest KACE Systems Management Appliance version 8.0.318 (and possibly prior). The download_agent_installer.php file allows unauthenticated users to execute arbitrary commands as the web server user www. A valid Organization ID is required. The default value is 1. A valid Windows agent version number must also be provided. If file sharing is enabled, the agent versions are available within the \\kace.local\client\agent_provisioning\windows_platform Samba share. Additionally, various agent versions are listed on the KACE website. This Metasploit module has been tested successfully on Quest KACE Systems Management Appliance K1000 version 8.0 (Build 8.0.318).
0dbef74980c65246fdf8019f7b0a27a24a0c3431c8e7e457609a060b5a8fdf8dLynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
9119ed3c11ecd8c470369c6242cc9620d6573fc301d66455a5689c613c31563dUbuntu Security Notice 3692-1 - Keegan Ryan discovered that OpenSSL incorrectly handled ECDSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. Guido Vranken discovered that OpenSSL incorrectly handled very large prime values during a key agreement. A remote attacker could possibly use this issue to consume resources, leading to a denial of service. Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia discovered that OpenSSL incorrectly handled RSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private RSA keys. Various other issues were also addressed.
64a55400d3928d560eed60fa189b3f16e104aacf734c115775b42e7ec6f162c5HP Enterprise VAN SDN Controller version 2.7.18.0503 suffers from an unauthenticated remote root vulnerability. A hard-coded service token can be used to bypass authentication. Built-in functionality can be exploited to deploy and execute a malicious deb file containing a backdoor. A weak sudoers configuration can then be abused to escalate privileges to root. A second issue can be used to deny use of the appliance by continually rebooting it.
ca4e710786607c8db2b5551765fad05ea1626ff8a4bd00aa2997feded7590990Polaris Office 2017 version 8.1 allows attackers to execute arbitrary code via a trojan horse "puiframeworkproresenu.dll" file in the current working directory, due to a search order flaw vulnerability.
988220d8a0264edc45ec0aa0ac0b56815a4ed2982e90beeed521161d2f094034Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
04707f60cb28318bfb4aea0286bc9cf7aec27ce846234a72d84ec3b06a64c963Ubuntu Security Notice 3692-2 - USN-3692-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for Ubuntu 12.04 ESM. Keegan Ryan discovered that OpenSSL incorrectly handled ECDSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. Various other issues were also addressed.
c9a4413cce1293192cef94ae1323f4ac3f80a693b84d4dd16582f330058c726dLiferay Portal versions prior to 7.0.4 suffer from a server-side request forgery vulnerability.
9cd4a09a6913c2e09ea065cb580a2524d7a76aafcb6212597452862aa04d2d5bPoDoFo version 0.9.5 suffers from a buffer overflow vulnerability.
d30e9bc2b87c725a0e7297e704ac0cfafb3e95d40de7cdeddb1838c6af802081Microsoft Internet Explorer HTML Help Control version 4.74 local zone bypass exploit. Proof of concept code for an ancient vulnerability.
7901eefcb2e2143481c3b0627e4f0d79c45b046af2b80d84196dc6c15a0701af
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed