Ubuntu Security Notice 3885-2 - USN-3885-1 fixed vulnerabilities in OpenSSH. It was discovered that the fix for CVE-2019-6111 turned out to be incomplete. This update fixes the problem. Harry Sintonen discovered multiple issues in the OpenSSH scp utility. If a user or automated system were tricked into connecting to an untrusted server, a remote attacker could possibly use these issues to write to arbitrary files, change directory permissions, and spoof client output. Various other issues were also addressed.
5400ce629e7b76b1cd286ddd76665cc5261eb4947ec09c7df32e8af543782b46Red Hat Security Advisory 2019-0451-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.0 Service Pack 2 serves as a replacement for Red Hat JBoss Web Server 5.0 Service Pack 1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include insecure defaults in the CORS filter.
a0743aaceb1bfe811fd38cd204959142dda0628558b456390ad7b77106d17fe3Red Hat Security Advisory 2019-0450-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.0 Service Pack 2 serves as a replacement for Red Hat JBoss Web Server 5.0 Service Pack 1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include insecure defaults in the CORS filter.
720fda82e42ad81dc5e7cb888102ddb3b1cd4b7be53ee640c8f1671af0a4db95Red Hat Security Advisory 2019-0447-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 7.4 will be retired as of August 31, 2019, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 7.4 EUS after August 31, 2019.
2abe16aea030f8db9651eeb8c0259da8b1a191405f83a804d682d5939cdca84aRed Hat Security Advisory 2019-0442-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 6.4 will be retired as of February 28, 2019, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.4 AMC after February 28, 2019.
76742177e81df263c0635d4ce8e7b5cd52aa503d6ce16792572e54c5e2e5717aSlackware Security Advisory - New python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
52a84adbeec2cbda8ee02c5ecf9133aa6619003fed96dbfff3243a9698dc18abDebian Linux Security Advisory 4387-2 - It was found that a security update (DSA-4387-1) of OpenSSH, an implementation of the SSH protocol suite, was incomplete. This update did not completely fix CVE-2019-6111, an arbitrary file overwrite vulnerability in the scp client implementing the SCP protocol.
854f90e3cf9593b95c38215f44e76cc70383ccc8c8e7b1e4dc3f3da3b5467a8dSAP J2EE Engine/7.01/Fiori suffers from a cross site scripting vulnerability in /ctcprotocol/Protocol.
1d05bdca84ed3c650d5b053226d2155bcf3b27763c77935387db28b97ff99a78SAP J2EE Engine/7.01/Fiori suffers from a cross site scripting vulnerability in /TestJDBC_Web/test2.
fe7f243b4372e8572081147b63d87b81a04e3ba1c827af2aeab458f2859ffd51SAP J2EE Engine/7.01/Portal/EPP suffers from a cross site scripting vulnerability in /ctcprotocol/Protocol.
27152e61f1a781c5bfd28a783fe1547fc32601d76e3fa421792636b1f0948b00Craft CMS version 3.1.12 Pro suffers from a cross site scripting vulnerability.
1cc20435a609bba50e6a47ce96dd700f61bfd8576d0420513b0275535a30f2ceBold CMS version 3.6.4 suffers from a cross site scripting vulnerability.
5c2aba3b458d11d6b77c9b09a4425127749345f1d9840b88adacd6875e918c9dSlackware Security Advisory - New infozip packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
2d88d00368cf8928d96abd2e9bbc2443f1a829890ef6abcd2773ac66b75c08a3Ability Mail Server version 4.2.6 suffers from a persistent cross site scripting vulnerability.
f9c904b78b4d15cef7354ad84ac7bc47c31b5f6708653e1dc569dc47b5af1619Mailtraq WebMail version 2.17.7.3550 suffers from a persistent cross site scripting vulnerability.
7eca4c1e4156efd59362e3ba61cb23597e46a840f3b4dc51f9f5b4a4e8a2074aMicrosoft Edge Chakra version 1.11.4 read permission via type confusion proof of concept exploit.
02a1f7246d6620617cee5dc2e6410aa80ea33cb275e22c442aacfbefb52a15dfzzzphp CMS version 1.6.1 suffers from a cross site request forgery vulnerability.
3305948ea10cafcf561b9aa0131e5da0eae0c8bcbf0b6ebc91a1f629473723df11 bytes small Linux/x64 kill all processes shellcode.
9801cf888534ad049b4f7341c8810313e2b0ffe4d3026f884c118f998e8b6ac543 bytes small Linux/x86 iptables -F shellcode.
b63cdfacaa4dd93070543eb2e434fbf0b294c583eff6d71274b9031a60785919WordPress WP-DreamworkGallery plugin version 2.3 suffers from cross site request forgery and remote shell upload vulnerabilities.
702542ea248bdfdf8746edbc895778da470f12bd22948c921a43ce9350eb89911C-Bitrix Site Management Russia version 2.0 suffers from an open redirection vulnerability.
9147971f99ded2a1f37756ba04f96db5e045125551146831550340a83889a000Joomla ModPPCSimpleSpotLight module versions 1.2 and 3.0 suffer from cross site request forgery and remote shell upload vulnerabilities.
a120d6b423105cbf282127dc944de3e33bc3b7152aad89ca9ac2ae04e583707144 bytes small Linux/x86 execve() /bin/sh NOT encoder and decoder shellcode. This technique is useful for bypassing some AV systems.
6654db7674b9291540e7929faf928cae28e1c8115d25095d7d7e17e3f869355dKache as of commit de2c39491625c3f087027be961a17191e85f6d30 suffers from a cross protocol request forgery vulnerability.
3b8862a7564c2beedeae089e3379b55e9c9fa5c9b66d806b768207a65c8bba9cXoops version 1.0.2 with PD-Links module version 1.0 suffers from a database disclosure vulnerability.
fed6ff77fb8338762962a2eca25e64473f7fc496f42211753d7a1f3866118d10
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed