Red Hat Security Advisory 2019-3140-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database. This release of Red Hat JBoss Data Virtualization 6.4.8 serves as a replacement for Red Hat JBoss Data Virtualization 6.4.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, deserialization, information leakage, and path sanitization vulnerabilities.
cb03b8a3107017eb58904d224acf26d8a49abf7981da23786dece9f70750672bUbuntu Security Notice 4158-1 - It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.
373a963e3025d30c5f7fd26f001b10fe713c91bd5bbf43d4b28e38964814e3c6CA Technologies, a Broadcom Company, is alerting customers to a potential risk with CA Performance Management. A vulnerability exists that can allow a remote attacker to execute arbitrary commands. CA published solutions to address the vulnerabilities and recommends that all affected customers implement these solutions. The vulnerability occurs due to default credentials and a configuration weakness. A malicious actor may use the default credentials and exploit a weakness in the configuration to execute arbitrary commands on the Performance Center server. CA Performance Management versions 3.7.x prior to 3.7.4, 3.6.x prior to 3.6.9, and 3.5.x are affected.
ae8d8b44256d64ee5630fb610497bd1bcc5284b37b70d83e537a7ef5dc4ec846Red Hat Security Advisory 2019-3136-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include deserialization and null pointer vulnerabilities.
fa137af05ab1eed2d55106b7ddfdd5d6f9f043f2af6fada5624bd6ea0acd33cdRestaurant Management System version 1.0 suffers from a remote shell upload vulnerability.
ebc3ed20a1fb1123fc0d9d9fb683bbc4c6bba54a05778e2a048ca891a3f73c14VIM version 8.1.2135 suffers from a heap use-after-free vulnerability using freed memory with autocmd.
4c96c1b707150c62f170d081c709f5113fd68839f8775298501fd594a3ebb4d2Ubuntu Security Notice 4157-1 - Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Matt Delco discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform bounds checking when handling coalesced MMIO write operations. A local attacker with write access to /dev/kvm could use this to cause a denial of service. Various other issues were also addressed.
3bb471aa2b029f966f4c1dda5ba7ffad57b217ce222f63fa935088ed71560d7dThinVNC version 1.0b1 suffers from an authentication bypass vulnerability.
fbcbacfabc4114ff32f183f057e90e6b3f4412e90eb0e8b25527c27c54299bf1Red Hat Security Advisory 2019-3135-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include deserialization and null pointer vulnerabilities.
46e1c6f46d190bdbb44fd7fcb87b8ac2b92161a07119db2a326bd9ccc20ac4dfWordPress Popup Builder plugin version 3.49 suffers from a persistent cross site scripting vulnerability.
6756baea90d6d7aad4c5de15f68c396fe99b350adb62b7f583ed2303038adcacRed Hat Security Advisory 2019-3134-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include deserialization and null pointer vulnerabilities.
c2a52cfd591d9a4a07d5da7bdc673a37b9ac484ad87a4225e8f9ee5c37ee212dVMware VeloCloud versions 3.3.0 and 3.2.2 suffer from an authorization bypass vulnerability.
b178e025418fdce965c1ba9495e327d80d7c6b0fdcc3bc3ee020af4593bbb6b4WordPress Soliloquy Lite plugin version 2.5.6 suffers from a persistent cross site scripting vulnerability.
021c8406bb3037837d2ccde7bb8064f938157fdf28be7a31fa5a1436feea183cWordPress FooGallery plugin version 1.8.12 suffers from a persistent cross site scripting vulnerability.
1fc7c3c6ca9d706f8091a45e1de3250066e957a8c05bad7134cf75780b73ad68Web Companion version 5.1.1035.1047 suffers from a WCAssistantService unquoted service path vulnerability.
dac13bee5194b4ad3fe44d73a304d94c762cd2a9aba81df6dc9855e64cef2de4WorkgroupMail version 7.5.1 suffers from a WorkgroupMail unquoted service path vulnerability.
8afe61f8c8bf23b700c5b018852d6100e2383c2e4f479d2180b8875dae77a482BlackMoon FTP Server version 3.1.2.1731 suffers from a BMFTP-RELEASE unquoted service path vulnerability.
9961f3525fbf2ca11e8616ff4889d940fd5f940bc2f430b4d0df525801591902
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed