Thu, 12 Jul 2018 22:11:49 GMT
Barracuda ADC 5.x Cross Site Scripting
Barracuda ADC version 5.x suffers from cross site scripting vulnerabilities.
Wed, 11 Jul 2018 22:10:29 GMT
Zeta Producer Desktop CMS 14.2.0 Code Execution / File Disclosure
Zeta Producer Desktop CMS versions 14.2.0 and below suffers from code execution and file disclosure vulnerabilities.
Wed, 11 Jul 2018 22:07:07 GMT
QNAP Qcenter Virtual Appliance 1.6.x Information Disclosure / Command Injection
QNAP Qcenter Virtual Appliance versions 1.6.1056 (20170825) and 1.6.1075 (20171123) suffer from information disclosure and command injection vulnerabilities.
Wed, 11 Jul 2018 22:06:47 GMT
Red Hat Security Advisory 2018-2175-01
Red Hat Security Advisory 2018-2175-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 188.8.131.52. Issues addressed include code execution and information leakage vulnerabilities.
Wed, 11 Jul 2018 15:36:35 GMT
Red Hat Security Advisory 2018-2172-01
Red Hat Security Advisory 2018-2172-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass and denial of service vulnerabilities.
Wed, 11 Jul 2018 15:27:41 GMT
Debian Security Advisory 4243-1
Debian Linux Security Advisory 4243-1 - Several vulnerabilities were discovered in CUPS, the Common UNIX Printing System.
Wed, 11 Jul 2018 15:24:14 GMT
Secutech DSL WR RIS 330 Cross Site Scripting
Secutech DSL WR RIS 330 suffers from bypass and cross site scripting vulnerabilities.
Wed, 11 Jul 2018 10:11:11 GMT
WAGO e!DISPLAY 7300T XSS / File Upload / Code Execution
WAGO e!DISPLAY 7300T WP 4.3 480x272 PIO1 version FW 01 - 01.01.10(01) suffer from code execution, cross site scripting, weak permission, and remote file upload vulnerabilities.
Wed, 11 Jul 2018 10:11:11 GMT
Red Hat Security Advisory 2018-2167-01
Red Hat Security Advisory 2018-2167-01 - .NET Core is a managed software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address several security vulnerabilities are now available. The updated versions are .NET Core 1.0.12, 1.1.9, 2.0.9, and 2.1.2. These versions correspond to the July 2018 security release by .NET Core upstream projects.
Wed, 11 Jul 2018 02:48:28 GMT
Barracuda ADC 5.x Filter Bypass / Cross Site Scripting
Barracuda ADC versions 5.x suffer from filter bypass and cross site scripting vulnerabilities.
Wed, 11 Jul 2018 02:45:46 GMT
IBM QRadar SIEM Unauthenticated Remote Code Execution
IBM QRadar SIEM has three vulnerabilities in the Forensics web application that when chained together allow an attacker to achieve unauthenticated remote code execution. The first stage bypasses authentication by fixating session cookies. The second stage uses those authenticated sessions cookies to write a file to disk and execute that file as the "nobody" user. The third and final stage occurs when the file executed as "nobody" writes an entry into the database that causes QRadar to execute a shell script controlled by the attacker as root within the next minute. Details about these vulnerabilities can be found in the advisories listed in References. The Forensics web application is disabled in QRadar Community Edition, but the code still works, so these vulnerabilities can be exploited in all flavors of QRadar. This Metasploit module was tested with IBM QRadar CE 7.3.0 and 7.3.1. IBM has confirmed versions up to 7.2.8 patch 12 and 7.3.1 patch 3 are vulnerable. Due to payload constraints, this module only runs a generic/shell_reverse_tcp payload.
Tue, 10 Jul 2018 20:22:00 GMT
Red Hat Security Advisory 2018-2164-01
Red Hat Security Advisory 2018-2164-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass, denial of service, information leakage, and use-after-free vulnerabilities.
Tue, 10 Jul 2018 14:02:22 GMT
Ubuntu Security Notice USN-3705-2
Ubuntu Security Notice 3705-2 - USN-3705-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, bypass same-origin restrictions, bypass CORS restrictions, bypass CSRF protections, obtain sensitive information, or execute arbitrary code. A security issue was discovered with WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit this to obtain full browser permissions. Various other issues were also addressed.
Mon, 09 Jul 2018 23:22:22 GMT
Apple Security Advisory 2018-7-9-7
Apple Security Advisory 2018-7-9-7 - iTunes 12.8 for Windows is now available and addresses code execution and denial of service vulnerabilities.
Mon, 09 Jul 2018 21:11:11 GMT
Apple Security Advisory 2018-7-9-6
Apple Security Advisory 2018-7-9-6 - iCloud for Windows 7.6 is now available and addresses code execution and denial of service vulnerabilities.
Mon, 09 Jul 2018 20:20:22 GMT
Apple Security Advisory 2018-7-9-5
Apple Security Advisory 2018-7-9-5 - Safari 11.1.2 is now available and addresses code execution and denial of service vulnerabilities.
Mon, 09 Jul 2018 19:22:22 GMT
Apple Security Advisory 2018-7-9-4
Apple Security Advisory 2018-7-9-4 - macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, and Security Update 2018-004 El Capitan are now available and address information leakage vulnerabilities.
Mon, 09 Jul 2018 14:44:44 GMT
Apple Security Advisory 2018-7-9-3
Apple Security Advisory 2018-7-9-3 - tvOS 11.4.1 is now available and addresses code execution and denial of service vulnerabilities.
Mon, 09 Jul 2018 10:11:11 GMT
Apple Security Advisory 2018-7-9-2
Apple Security Advisory 2018-7-9-2 - watchOS 4.3.2 is now available and addresses code execution and denial of service vulnerabilities.
Fri, 06 Jul 2018 13:13:13 GMT
Apple Security Advisory 2018-7-9-1
Apple Security Advisory 2018-7-9-1 - iOS 11.4.1 is now available and addresses code execution and denial of service vulnerabilities.
Thu, 05 Jul 2018 22:33:00 GMT
SeoChecker 1.9.2 Cross Site Scripting
SeoChecker Umbraco CMS plugin version 1.9.2 suffers from stored cross site scripting vulnerabilities.
Thu, 05 Jul 2018 16:30:31 GMT
Debian Security Advisory 4240-1
Debian Linux Security Advisory 4240-1 - Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language.
Wed, 04 Jul 2018 20:22:22 GMT
Red Hat Security Advisory 2018-2143-01
Red Hat Security Advisory 2018-2143-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.0.1 serves as an update to Red Hat Decision Manager 7.0.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and denial of service vulnerabilities.
Wed, 04 Jul 2018 20:22:22 GMT
Intel Processor Diagnostic Tool (IPDT) Privilege Escalation
Intel Processor Diagnostic Tool (IPDT) versions prior to 184.108.40.206 suffer from three code execution and privilege escalation vulnerabilities.
Sophos SafeGuard Priivlege Escalation
Sophos SafeGuard Enterprise versions 8.00.4 and earlier, SafeGuard Easy versions 7.00.2.35 and earlier, and SafeGuard LAN Crypt versions 220.127.116.11 and earlier suffer from privilege escalation vulnerabilities.
view page: 233