An issue was discovered in CMS Made Simple version 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible to reach an unserialize call with a crafted value in the m1_allparms parameter, and achieve object injection. This Metasploit module has been successfully tested on CMS Made Simple versions 2.2.6, 2.2.7, 2.2.8, 2.2.9 and 2.2.9.1.
89958144f8e021770610570a9f70bd342705de89876594b1eeaf56a68799f77dSiemens Desigo PX version 6.00 remote denial of service exploit.
7f494cc9c1a27d4f697b49ba93c7eaabc5b0551cb9eb7e1d4c78be7c37e6fb05MicroStrategy Library suffers from a cross site scripting vulnerability. Version 11.1.3 has the patch.
8092b86568b95c9b394ff20579a70fe8189366b83f6a7d085a2be7b2ec163e66Scanguard versions through 2019-11-12 on Windows has insecure permissions for the installation directory, leading to privilege escalation via a trojan horse executable file.
12643e28158492899f52e92bbc5e77ba369893a4dd0a17e789ee127277138b91On November 12, fixes for several high-severity Intel processor CVEs were released into the Ubuntu kernel, accompanied by a related processor microcode update. Due to the high complexity of the fixes and the required microcode update, we are unable to livepatch this set of CVEs. Please plan to reboot into an updated kernel as soon as possible. Various other issues were also addressed.
fff054687351f5cc49fca94a5fcdb39159f4d22bc5f7c2a6ae86bde91ebf2607Red Hat Security Advisory 2019-3871-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An arbitrary kernel memory write was addressed.
09573029322994d189d64b2bac360ee54a5e090a0db28c46bf36aa31a143acd6Red Hat Security Advisory 2019-3870-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. An arbitrary kernel memory write was addressed.
5cc02634599999cf1a4cbdfb780d875aafb22c7ac385caf2bf9b699d1dbb7196Ubuntu Security Notice 4189-1 - Jason Wang discovered that DPDK incorrectly handled certain messages. An attacker in a malicious container could possibly use this issue to cause DPDK to leak resources, resulting in a denial of service.
4dd2c97b9926713dc242ff1dd2be7ba5699970810075c1851261ec87c8fc606dUbuntu Security Notice 4186-2 - USN-4186-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. Stephan van Schaik, Alyssa Milburn, Sebastian
94710aa91a6ba3adbd95a25aeedff5ae45bd7988fba5c2c8b4a4a7314588dd48Debian Linux Security Advisory 4563-1 - These vulnerabilities have been discovered in the webkit2gtk web engine.
7aa4a37d1e01c63ee6cb3c20cfea3d43af77a2249ee0dcb6b4b1b9b4c6bc03b2Debian Linux Security Advisory 4567-1 - It was discovered that the vhost PMD in DPDK, a set of libraries for fast packet processing, was affected by memory and file descriptor leaks which could result in denial of service.
bddd49b7817f1c4c15edd86d502a2dea39a1f9ee460b62d25ba7a5337c824b14Debian Linux Security Advisory 4566-1 - This update for QEMU, a fast processor emulator, backports support to passthrough the pschange-mc-no CPU flag. The virtualised MSR seen by a guest is set to show the bug as fixed, allowing to disable iTLB Multihit mitigations in nested hypervisors (cf. DSA 4564-1).
27fdecefd8a90f8e917955b27b2b22f3c8d8566fb084bbea305fc2d714f3319dDebian Linux Security Advisory 4565-1 - This update ships updated CPU microcode for some types of Intel CPUs. In particular it provides mitigations for the TAA (TSX Asynchronous Abort) vulnerability. For affected CPUs, to fully mitigate the vulnerability it is also necessary to update the Linux kernel packages as released in DSA 4564-1.
3a81ef658521dac17d5c54310ca11aa2272cfceedd7d09213169824681b48dedUbuntu Security Notice 4186-1 - Stephan van Schaik, Alyssa Milburn, Sebastian
7d27eb8f1a4ec37029860cc69aadb966e41476876ffc59df718356fc39b6616cUbuntu Security Notice 4188-1 - Stephan van Schaik, Alyssa Milburn, Sebastian
169c6acb06ea9b69fcd9e1af6f529cba3fed984c770a8ff4978c0e2c9805fec8Ubuntu Security Notice 4185-2 - Stephan van Schaik, Alyssa Milburn, Sebastian
9c95fb66f6929b93af8771484a71f01d17ae663f07ae42d91dfef67ad2033bd9Ubuntu Security Notice 4187-1 - Stephan van Schaik, Alyssa Milburn, Sebastian
565f4631a4b71b8b29cd795e4c06d8e7aa50549c72c934351cfe6e3352563824Ubuntu Security Notice 4185-1 - Stephan van Schaik, Alyssa Milburn, Sebastian
22566b06cb0f84e84c70bd2f7753938453b11eb1dd6a1c29a71451a1f30f56b0Ubuntu Security Notice 4184-1 - Stephan van Schaik, Alyssa Milburn, Sebastian
f763ad9fa1bb0569d1a1d43b73964d4d5336d7ffb344ff8b467dbf4ab792b730Ubuntu Security Notice 4183-1 - Stephan van Schaik, Alyssa Milburn, Sebastian
b0fa29cc4d567833d14869e133418cfc7ee6efd0a109277e3959075ccc278c0dUbuntu Security Notice 4182-2 - USN-4182-2 provided updates for Intel Microcode. This update provides the corresponding update for Ubuntu 14.04 ESM. Stephan van Schaik, Alyssa Milburn, Sebastian
b79550d9297411f2ce3e0f448933b8a681769544f533263e6499a7e7cc2957eeUbuntu Security Notice 4182-1 - Stephan van Schaik, Alyssa Milburn, Sebastian
7621dfa7ac68aa30bd4ac40ed521d6601402022bf55e139aaa83efbc1c2b3d96gSOAP version 2.8 suffers from a directory traversal vulnerability.
10e3f480d11820c7ca0b9b68a2bc1ee47cdcfadb6e020a9d09309e174ef9005dWhitepaper called YAML Deserialization Attack in Python.
2204b83dc5da1e50696b4bda72cb44723b4f12baa7a7f8e0f25680128ca70c4fFastweb Fastgate version 0.00.81 suffers from a remote code execution vulnerability.
557f84216ca9da5834ddd16765c21326f283d51762a21b3b2bf22a1281dfa710
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed