Debian Linux Security Advisory 4255-1 - Danny Grander reported that the unzip and untar tasks in ant, a Java based build tool like make, allow the extraction of files outside a target directory. An attacker can take advantage of this flaw by submitting a specially crafted Zip or Tar archive to an ant build to overwrite any file writable by the user running ant.
8712be2e985d62f6d793b6f112814849d622e01949bc463e0dd6bc737ba4fcf8Debian Linux Security Advisory 4254-1 - Several vulnerabilities were discovered in the Simple Linux Utility for Resource Management (SLURM), a cluster resource management and job scheduling system.
36df183c5be2e5e744c588420db03e8dae0a737d61dc730040cf6311a28e0b24Ubuntu Security Notice 3722-1 - It was discovered that ClamAV incorrectly handled parsing certain HWP files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service.
87bcf5d5b273a823a8b15af73ba76a85add54d3a2085fcca99994a47af5d727eUbuntu Security Notice 3721-1 - Danny Grander discovered that Apache Ant incorrectly handled certain compressed files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could use this issue to overwrite arbitrary files.
e66a0dc864705a951ca9cd6e15af89c3437c46679a3edaec62b3cb2df88e449bUbuntu Security Notice 3723-1 - It was discovered that Tomcat incorrectly handled decoding certain UTF-8 strings. A remote attacker could possibly use this issue to cause Tomcat to crash, resulting in a denial of service. It was discovered that the Tomcat WebSocket client incorrectly performed hostname verification. A remote attacker could possibly use this issue to intercept sensitive information.
52e53d41f2a7c0af572967d3eeaedbc9d8162599b381b71c92a81dfae9b7b9a5Ubuntu Security Notice 3722-2 - USN-3722-1 fixed a vulnerability in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that ClamAV incorrectly handled parsing certain HWP files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. Various other issues were also addressed.
b0ea137c2da882ba7aa7df4f1494a39fc16ab3f6a19c52351e2de906cc087f0fRed Hat Security Advisory 2018-2256-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 181. Issues addressed include an insufficient validation vulnerability.
e7a15a262e6f38ab2b37acb8be1d5941abb1bf6e2a3e2b1e6b45bb4e37eaf46310-Strike LANState version 8.8 suffers from a buffer overflow vulnerability.
1a94fc8d236b99a85a8ea57a92f5adac5f8c7a4e7ee1d4e9b99a4d05c5624c44Red Hat Security Advisory 2018-2250-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.
93293a8b212b4ccf6df35397eb05a9fe26a965ccfae8d57e00725ccdab072adbInteno's IOPSYS suffers from an authenticated local privilege escalation vulnerability.
b9177eea9da8a509b704df3b4cf75bdc9608620f7338ca46161c5e96519ca5c8Red Hat Security Advisory 2018-2254-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 191. Issues addressed include an insufficient validation vulnerability.
5430b5eaac57be44a3bfd7e0b388429e3298c92f8f683c003f73135b13bb86c210-Strike Bandwidth Monitor version 3.7 suffers from a buffer overflow vulnerability.
66cbf6fa78b1c97a89a2ea347b1112bb3a6ace9d52e3135211837ebfd0253c18Red Hat Security Advisory 2018-2253-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 181. Issues addressed include an insufficient validation vulnerability.
eb6f174756d76dde08ac873a0c25d4f9a60ce1f37a653a0ae8b45ee689713593GetGo Download Manager version 6.2.1.3200 suffers from a denial of service vulnerability.
dadd62ff553ba505e333318d28fb95b64b032054db817b0e3fb93283402a0f5eNagios Core versions 4.4.1 and below suffer from a denial of service vulnerability.
4d70d62dded42d80c518ddd82d7e7ad7e0ddb2610445adf2d86613bbac875298
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed