Red Hat Security Advisory 2019-1580-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. File read and write along with command execution vulnerabilities were addressed.
Vulnerability - PacketStorm
Red Hat Security Advisory 2019-1579-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. File read and write along with command execution vulnerabilities were addressed.
Ubuntu Security Notice 4019-2 - USN-4019-1 fixed several vulnerabilities in sqlite3. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. It was discovered that SQLite incorrectly handled certain SQL files. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. Various other issues were also addressed.
Red Hat Security Advisory 2019-1545-01 - This release of Red Hat Fuse 7.3.1 serves as a replacement for Red Hat Fuse 7.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and deserialization vulnerabilities.
Red Hat Security Advisory 2019-1543-01 - This release adds the new Apache HTTP Server 2.4.29 Service Pack 2 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP1, and includes bug fixes and enhancements. Issues addressed include denial of service, null pointer, and out of bounds write vulnerabilities.
Debian Linux Security Advisory 4465-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
BlogEngine.NET versions 3.3.6 and 3.3.7 suffer from theme Cookie directory traversal and remote code execution vulnerabilities.
BlogEngine.NET versions 3.3.6 and 3.3.7 suffer from dirPath directory traversal and remote code execution vulnerabilities.
Netflix has identified several TCP networking vulnerabilities in FreeBSD and Linux kernels. The vulnerabilities specifically relate to the minimum segment size (MSS) and TCP Selective Acknowledgement (SACK) capabilities. The most serious, dubbed _"SACK Panic_," allows a remotely-triggered kernel panic on recent Linux kernels. There are patches that address most of these vulnerabilities. If patches can not be applied, certain mitigations will be effective.
Ubuntu Security Notice 4017-2 - USN-4017-1 fixed vulnerabilities in the Linux kernel for Ubuntu. This update provides the corresponding updates for the Linux kernel for Ubuntu 16.04 ESM and Ubuntu 14.04 ESM. Jonathan Looney discovered that the TCP retransmission queue implementation in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment sequences. A remote attacker could use this to cause a denial of service. Various other issues were also addressed.
Red Hat Security Advisory 2019-1480-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include denial of service and null pointer vulnerabilities.
Red Hat Security Advisory 2019-1479-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service and null pointer vulnerabilities.
Ubuntu Security Notice 3991-3 - USN-3991-1 fixed vulnerabilities in Firefox, and USN-3991-2 fixed a subsequent regression. The update caused an additional regression that resulted in Firefox failing to load correctly after executing it in safe mode. This update fixes the problem. Various other issues were also addressed.
Red Hat Security Advisory 2019-1477-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 75.0.3770.80. Issues addressed include buffer overflow and bypass vulnerabilities.
Debian Linux Security Advisory 4463-1 - Two vulnerabilities were discovered in the ZNC IRC bouncer which could result in remote code execution (CVE-2019-12816) or denial of service via invalid encoding (CVE-2019-9917).
Spring Security OAuth versions 2.3 prior to 2.3.6 suffer from open redirection vulnerabilities.
Clever Dog Smart Camera types DOG-2W and DOG-2W-V4 suffer from file disclosure, default telnet backdoor credential, and insecure transit vulnerabilities.
Security Explorations has discovered multiple security vulnerabilities in the reference implementation of Java Card technology from Oracle used in financial, government, transportation and telecommunication sectors among others. As for the impact, the vulnerabilities found make it possible to break memory safety of the underlying Java Card VM. As a result, full access to smartcard memory could be achieved, applet firewall could be broken or native code execution could be gained. This archive contains the proof of concept code that demonstrates these vulnerabilities which were originally made public in March of 2019.
This is the second of two extensive reports sent to Gemalto by Security Explorations to document vulnerabilities found in Java Card. Issue 34 is documented in this report.
This is the first of two extensive reports sent to Gemalto by Security Explorations to document vulnerabilities found in Java Card. Issues 19 and 33 are in this report.
Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and WhitepapersSubscribe to Vulnerability - PacketStorm feed