Thu, 18 Oct 2018 03:51:21 GMT
iOS / macOS MIG Sandbox Escape
iOS and macOS suffer from sandbox escape vulnerabilities due to MIG failing to use correct out-of-line descriptor lengths when parsing reply messages.
Thu, 18 Oct 2018 03:49:30 GMT
Red Hat Security Advisory 2018-2939-01
Red Hat Security Advisory 2018-2939-01 - Red Hat Fuse Integration Services provides a set of tools and containerized xPaaS images that enable development, deployment, and management of integration microservices within OpenShift. Security fix: jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries spring-framework: Address partial fix for CVE-2018-1270 Issues addressed include bypass, code execution, denial of service, and traversal vulnerabilities.
Thu, 18 Oct 2018 03:47:09 GMT
WordPress Wordfence 7.1.12 XSS / Username Disclosure
WordPress Wordfence plugin version 7.1.12 suffers from bypass, cross site scripting, and path disclosure vulnerabilities.
Wed, 17 Oct 2018 15:54:16 GMT
D-Link Plain-Text Password Storage / Code Execution / Directory Traversal
Multiple D-Link router models suffer from code execution, plain-text password storage, and directory traversal vulnerabilities.
Wed, 17 Oct 2018 15:51:32 GMT
LANGO Codeigniter Multilingual Script 1.0 Cross Site Scripting
LANGO Codeigniter Multilingual Script version 1.0 suffers from html injection and cross site scripting vulnerabilities.
Wed, 17 Oct 2018 15:42:22 GMT
Dell EMC ESRS Virtual Edition Information Handling
Dell EMC Secure Remote Services Virtual Edition versions prior to 3.32.00.08 suffer from improper file permission, plaintext password storage, and information exposure vulnerabilities.
Wed, 17 Oct 2018 15:42:07 GMT
Red Hat Security Advisory 2018-2925-01
Red Hat Security Advisory 2018-2925-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass, denial of service, and use-after-free vulnerabilities.
Wed, 17 Oct 2018 15:41:36 GMT
Red Hat Security Advisory 2018-2933-01
Red Hat Security Advisory 2018-2933-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service and use-after-free vulnerabilities.
Wed, 17 Oct 2018 15:40:29 GMT
Red Hat Security Advisory 2018-2930-01
Red Hat Security Advisory 2018-2930-01 - Red Hat JBoss Operations Network is a Middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.3.11 release serves as a replacement for JBoss Operations Network 3.3.10, and includes several bug fixes. Issues addressed include code execution, denial of service, and deserialization vulnerabilities.
Wed, 17 Oct 2018 15:40:19 GMT
Red Hat Security Advisory 2018-2927-01
Red Hat Security Advisory 2018-2927-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include cross site scripting, denial of service, deserialization, information leakage, and remote SQL injection vulnerabilities.
Mon, 15 Oct 2018 16:52:59 GMT
Red Hat Security Advisory 2018-2924-01
Red Hat Security Advisory 2018-2924-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service and use-after-free vulnerabilities.
Mon, 15 Oct 2018 16:42:47 GMT
Centos Web Panel 0.9.8.480 XSS / LFI / Code Execution
Centos Web Panel version 0.9.8.480 suffers from code execution, cross site scripting, and local file inclusion vulnerabilities.
Fri, 12 Oct 2018 16:22:13 GMT
FLIR Systems FLIR AX8 Thermal Camera 1.32.16 Remote Root
The FLIR AX8 thermal sensor camera version 1.32.16 suffers from two unauthenticated command injection vulnerabilities. The issues can be triggered when calling multiple unsanitized HTTP GET/POST parameters within the shell_exec function in res.php and palette.php file. This can be exploited to inject arbitrary system commands and gain root remote code execution.
Fri, 12 Oct 2018 16:16:15 GMT
Teltonika RUT9XX Reflected Cross Site Scripting
Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization.
Fri, 12 Oct 2018 16:10:44 GMT
Teltonika RUT9XX Unauthenticated OS Command Injection
Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges.
Wed, 10 Oct 2018 17:39:07 GMT
Cockpit CMS CSRF / XSS / Path Traversal
Cockpit CMS suffers from cross site request forgery, cross site scripting, and traversal vulnerabilities. Version 0.6.2 should address these issues.
Wed, 10 Oct 2018 17:38:30 GMT
Ubuntu Security Notice USN-3781-2
Tue, 09 Oct 2018 20:32:22 GMT
Red Hat Security Advisory 2018-2902-01
Red Hat Security Advisory 2018-2902-01 - .NET Core is a managed software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address several security vulnerabilities are now available. The updated versions are .NET Core 1.1.1 and 1.0.13. These versions correspond to the October 2018 security release by .NET Core upstream projects. Issues addressed include an information leakage vulnerability.
Tue, 09 Oct 2018 16:59:58 GMT
NPLUG Wireless Repeater 18.104.22.168 CSRF / XSS / Authentication Bypass
NPLUG Wireless Repeater version 22.214.171.124 suffers from authentication bypass, cross site request forgery, and cross site scripting vulnerabilities.
Tue, 09 Oct 2018 16:58:43 GMT
Debian Security Advisory 4313-1
Debian Linux Security Advisory 4313-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Tue, 09 Oct 2018 16:57:23 GMT
Apple Security Advisory 2018-10-08-2
Apple Security Advisory 2018-10-08-2 - iCloud for Windows 7.7 is now available and addresses code execution vulnerabilities.
Tue, 09 Oct 2018 14:44:44 GMT
Debian Security Advisory 4312-1
Debian Linux Security Advisory 4312-1 - Several vulnerabilities were discovered in tinc, a Virtual Private Network (VPN) daemon.
Mon, 08 Oct 2018 23:57:44 GMT
net-snmp 5.7.3 Denial Of Service
Full advisory and proof of concept information for denial of service vulnerabilities in net-snmp version 5.7.3.
Mon, 08 Oct 2018 16:15:09 GMT
Red Hat Security Advisory 2018-2884-01
Red Hat Security Advisory 2018-2884-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.2 ESR. Issues addressed include type confusion and out-of-bounds read vulnerabilities.
Cisco Prime Infrastructure Unauthenticated Remote Code Execution
Cisco Prime Infrastructure (CPI) contains two basic flaws that when exploited allow an unauthenticated attacker to achieve remote code execution. The first flaw is a file upload vulnerability that allows the attacker to upload and execute files as the Apache Tomcat user; the second is a privilege escalation to root by bypassing execution restrictions in a SUID binary. This Metasploit module exploits these vulnerabilities to achieve unauthenticated remote code execution as root on the CPI default installation. This Metasploit module has been tested with CPI 126.96.36.199.258 and 188.8.131.52.348. Earlier and later versions might also be affected, although 184.108.40.206.348 is the latest at the time of writing.
view page: 331