Red Hat Security Advisory 2019-0367-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.29 Service Pack 1 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.29, and includes bug fixes for CVEs which are linked to in the References section. Issues addressed include bypass, denial of service, null pointer, out of bounds write, traversal, and use-after-free vulnerabilities.
7fc6ff287841b94de3a16d48a7a29e072b8a385a22fc3abffb52431844efbda6Ubuntu Security Notice 3891-1 - It was discovered that systemd incorrectly handled certain D-Bus messages. A local unprivileged attacker could exploit this in order to crash the init process, resulting in a system denial-of-service.
0339a4b6bd2cb6bb7568dd845c47138a60750bc8ad7030a395a499ca3c392eb6Ubuntu Security Notice 3850-2 - USN-3850-1 fixed several vulnerabilities in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM. Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. Various other issues were also addressed.
7498b43104d4fb07034d4fa82fae12b25b42d1e94165a25a6a94e278d49e0473Red Hat Security Advisory 2019-0365-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.
6e0db3fe2f3f38836bb6573608efad79fe56089340c18ecdc05321a13b97597dRed Hat Security Advisory 2019-0361-01 - The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal. Issues addressed include stack overflow vulnerabilities.
a5a8677c8603e96cdd87eb005aaaf0c1f9ed17b0b6b3a027414690708ca0df13A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 while fuzz-testing the processing of TrueType fonts rendering in AlternateSubstitutionSubtable::process.
711068adf214eb589d571d06d8497f1cfb5051a638536518b30c31c08d5d0231A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 while fuzz-testing the processing of TrueType fonts rendering in ExtractBitMap_blocClass.
c633eac93bf0e7c462b6b00a53b37cc8e7ff75a886777b884ba9d2a9adddd340A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 while fuzz-testing the processing of TrueType fonts rendering in OpenTypeLayoutEngine::adjustGlyphPositions.
8072fd67d9119178fb46d344eb4a8fda71b6df05c2e1c3da919b750402bf6b0dA heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 while fuzz-testing the processing of OpenType fonts.
4d8d5ca2f36f83581e05d720df16bb20df75234f7e22c3f5f23ea14ed72874ebHTMLy version 2.7.4 suffers from multiple cross site scripting vulnerabilities.
5a0e6ad8f0731b3065fd79409e57a51988630faa8088ba321276e393f8e43929Comodo Dome Firewall version 2.7.0 suffers from multiple cross site scripting vulnerabilities.
a92833378080dfd78664c2b360148fb3735ab98a8a408748ac9e77ec9014cc9e123 bytes small macOS TCP/4444 /bin/sh binding null free shellcode.
2ae279dcca014cf3fb5d2a1caa2873885ccfdbaea4d0012dccab31d215c3a810Debian Linux Security Advisory 4388-2 - Kushal Kumaran reported that the update for mosquitto issued as DSA 4388-1 causes mosquitto to crash when reloading the persistent database. Updated packages are now available to correct this issue.
b43a3f2f313bf01fb7950f72211f33e520a48661914365cf7e3ca80f5ae831c5Master IP CAM 01 version 3.3.4.2103 suffers from a remote command execution vulnerability.
d4835f4008493fb981a289512401ccbca524365b3c2b147e4f87931b9834929dArangoDB Community Edition version 3.4.2-1 suffers from a cross site scripting vulnerability.
aee24f10569d33e88aa79925ddd679cb7cfe662f38779e70e85a751c56d43a63qdPM version 9.1 suffers from multiple cross site scripting vulnerabilities.
695024bcdea254b0592b99bd9b63b1eec7e0fc742b5f5644d8bfef42062983ecApache CouchDB version 2.3.0 suffers from multiple cross site scripting vulnerabilities.
254a41d5efcfb8e353d98e826e4ea9db25e1337b6a73870abb1e55158dee2698CMSsite version 1.0 suffers from a remote SQL injection vulnerability in post.php. This version of the software has been known to have SQL injection vulnerabilities since 2010.
520d54ec30d8845249e3443a9a454bb3a21871ab47483c383f7426cc6179870bmIRC versions prior to 7.55 suffer from a remote command execution using argument injection through custom URI protocol handlers.
6f1c40c614535f927e40939d24ffe9b2e0da77480bb7fc7d0d3e5f38d8b8cf45Digi TransPort LR54 suffers from a restricted shell bypass vulnerability that gets a root shell.
838b664bf9b3618f4f631fc67191bcc847222a289937e69e4532983b25620156Realterm Serial Terminal version 2.0.0.70 local buffer overflow SEH exploit.
5a7dc8b374faa259272cbfd4f7c08b6f381ae5cfbddb3015c6ec566ab45bfd5aDebian Linux Security Advisory 4392-1 - Multiple security issues have been found in the Thunderbird mail client, which could lead to the execution of arbitrary code, denial of service or spoofing of S/MIME signatures.
4c871fbac5c3ba2c4e1350c97e650c929c2ea4bcb6654865928a2d98f8192768MISP version 2.4.97 suffers from SQL command execution via command injection in the STIX module.
7811b39328165265cb2aa54957fa6ff771eb36c20405170ff7465a76d693394131 bytes small macOS execve(/bin/sh) null free shellcode.
020c83d8d534ce8b9582c5dc0959895b312347181b8dc1d0fea9d37d1498fc43129 bytes small macOS TCP/4444 binding IPv6 shellcode.
d10f577bae02e2cd55160cc316fbbb711090e08106dd836f13a6c650be8fa06b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed