gVisor Sentry permits access to the renameat() syscall. As the sentry is not chrooted, it permits renaming files in the host system.
27c9dae5477db27a88105ca79f7540d5dd144ce2e235bd03195740baacaa98b1CA Technologies Support is alerting customers to a potential risk with CA Release Automation. A vulnerability exists that can allow an attacker to potentially execute arbitrary code. The vulnerability has a high risk rating and concerns insecure deserialization of a specially crafted serialized object, which can allow an attacker to potentially execute arbitrary code.
4fc4b066351e50f874af68872fd64d5bec84276aff293512264657be23e122caCA Technologies Support is alerting customers to multiple potential risks with CA Unified Infrastructure Management. Multiple vulnerabilities exist that can allow an attacker, who has access to the network on which CA UIM is running, to run arbitrary CA UIM commands on machines where the CA UIM probes are running. An attacker can also gain access to other machines running CA UIM and access the filesystems of those machines. The first vulnerability, has a medium risk rating and concerns a hardcoded secret key, which can allow an attacker to access sensitive information. The second vulnerability has a medium risk rating and concerns a hardcoded passphrase, which can allow an attacker to access sensitive information. The third vulnerability has a high risk rating and concerns a lack of authentication, which can allow a remote attacker to conduct a variety of attacks, including file reading/writing. Affected versions include 8.5.1, 8.5, and 8.4.7.
a4455b199d6346df10c220027991719705141f33a067ce43f7b651f5e6a4d79dMicro Focus Security Bulletin MFSBGN03820 1 - A potential vulnerability has been identified in Micro Focus Autopass License Server (APLS) available as part of Micro Focus Hybrid Cloud Management (HCM) containerized suites. The vulnerability could be exploited to Remote Code Execution. Revision 1 of this advisory.
2d61619a06d676e06eb6194e9e310405d9af8f5af14deeeb16794a2c247e7989Micro Focus Security Bulletin MFSBGN03818 1 - A potential vulnerability has been identified in Micro FocusContainer Deployment Foundation (CDF) available as part of Micro Focus Operations Bridge containerized suite. The vulnerabilities could be exploited to Remote Code Execution. Revision 1 of this advisory.
434ce79168901c4de4e54a19861be652cfb8972f7a11603853db68e982fe5c63Micro Focus Security Bulletin MFSBGN03815 1 - A potential vulnerabilities has been identified in Micro Focus Autopass License Server (APLS) and Container Deployment Foundation (CDF) available as part of Micro Focus Data Center Automation Containerized (DCA) suite. The vulnerabilities could be exploited to remote code execution. Revision 1 of this advisory.
92cc347b87900ab47e8d5d81001d8c92997d43e647ae08e4f7333be8488113ddMicro Focus Security Bulletin MFSBGN03814 1 - A potential vulnerabilities has been identified in Micro Focus Autopass License Server (APLS) and Container Deployment Foundation (CDF) available as part of Micro Focus Service Management Automation (SMA) containerized suites. The vulnerabilities could be exploited to Remote Code Execution. Revision 1 of this advisory.
66bdf24a6c3b8403b98e4f0e593e4e03ee3a86ded9ccc38f3fdaa47ff8bbd894Micro Focus Security Bulletin MFSBGN03817 1 - A potential vulnerability has been identified in Micro Focus Autopass License Server (APLS) available as part of Micro Focus Operations Bridge containerized suite. The vulnerabilities could be exploited to Remote Code Execution. Revision 1 of this advisory.
7f1aa2c2fe10375f9faaed80c930f6ff9cdac79689336fb113ef1592ca2b5365Micro Focus Security Bulletin MFSBGN03813 1 - A potential vulnerabilities has been identified in Micro Focus Autopass License Server (APLS) and Container Deployment Foundation (CDF) available as part of Micro Focus Network Operations Management (NOM) Suite CDF. The vulnerabilities could be exploited to Remote Code Execution. Revision 1 of this advisory.
e0f22b9b84fc8081355ec2a3d521b33a94614093adcf2b9bd77407a8160b1634Ubuntu Security Notice 3758-2 - USN-3758-1 fixed several vulnerabilities in libx11. This update provides the corresponding update for Ubuntu 12.04 ESM. Tobias Stoeckmann discovered that libx11 incorrectly handled certain images. An attacker could possibly use this issue to access sensitive information Various other issues were also addressed.
b1d6792129f791160d4e56eab3a21ec99a7b958cec1b84aae3d82f43a420a4d0Ubuntu Security Notice 3758-1 - Tobias Stoeckmann discovered that libx11 incorrectly handled certain images. An attacker could possibly use this issue to access sensitive information Tobias Stoeckmann discovered that libx11 incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. It was discovered that libx11 incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.
bd78445efe37ef2e6022b7e5233dcf492032651e8430f3d4a36415c1e023882cRed Hat Security Advisory 2018-2602-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include memory vulnerabilities.
f6b54b09c6a2d9f3064c6d9bccdcf343bb3d049d98acdfd1f89cf311ab6000f2Signal on iOS (createGenericPreview) fails to check for unreasonably large images before manipulating received images. This allows for a large image sent to a user to exhaust all available memory when the image is displayed resulting in a forced restart of the device.
4ce0fd326dc93a64974504c4ab0ac1e15d0fa7780f726f470d93cae7645a7678Micro Focus Security Bulletin MFSBGN03812 1 - A potential security vulnerability has been identified in Micro Focus Application Performance Management. The vulnerability could be remotely exploited to remote cross-site tracing and Remote Disclosure of Information. Revision 1 of this advisory.
036ae2ebc4885aadfd00524527301c924ad6d398156ccf5f97b9ecd58df42728Red Hat Security Advisory 2018-2598-01 - OpenDaylight is a modular open platform for customizing and automating networks of any size and scale. The OpenDaylight Project arose out of the SDN movement, with a clear focus on network programmability. Issues addressed include a denial of service vulnerability.
52b6589c17a7e7105836c225c8116a4c762b274e3e99d888b8f0fa31bcb41619Red Hat Security Advisory 2018-2603-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include memory vulnerabilities.
3d81e96dde42a990c58ceedf86f6ffc84242f9f9b4c00806585ade31a234b825Red Hat Security Advisory 2018-2585-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include code execution and information leakage vulnerabilities.
c2f7fbc80a1e3aef3f121319c8acd42c0aa36597f4908da7a0a51c7f2be8bcddUbuntu Security Notice 3757-1 - Hosein Askari discovered that poppler incorrectly handled certain PDF files. An attacker could possible use this issue to cause a denial of service.
b86c980fc102c2b2063bceaad5f2650f8a38ec10c0c75e56c27c61a827da3c32Debian Linux Security Advisory 4281-1 - Several issues were discovered in the Tomcat servlet and JSP engine. They could lead to unauthorized access to protected resources, denial-of-service, or information leak.
604c5094b1c4bc66945081a57708d07c2e803518e043a3487002861f782bc32cSlackware Security Advisory - New kernel packages are available for Slackware 14.2 to mitigate security issues.
ea856943ce3323e90a62f9f0444ae61a7c2cd21247544d82273f957d98b39be2RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition suffer from resource exhaustion, integer overflow, improper clearing of heap memory, covert timing channel, and buffer over-read vulnerabilities.
583e0d3b08d53b6fe4e94e98b388350b2654a17ad7e0454e211d8b07e6edde82Ubuntu Security Notice 3752-3 - It was discovered that, when attempting to handle an out-of-memory situation, a null pointer dereference could be triggered in the Linux kernel in some circumstances. A local attacker could use this to cause a denial of service. Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate meta-data information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service. Various other issues were also addressed.
df405822058b07d43330a4315ada3e76a4b71ec3918d891cc128c577470eaa65Red Hat Security Advisory 2018-2576-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP30. Issues addressed include denial of service and traversal vulnerabilities.
4b188d1b15ec7339ac307092c0aa9ab9a2507855f0fc347e6a99f9dfc3bcde8cRed Hat Security Advisory 2018-2575-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP20. Issues addressed include denial of service and traversal vulnerabilities.
23b1e7103f814a2701427f105de8aeeedf3a5b0e15d6ccbb1452af8c7f352335Red Hat Security Advisory 2018-2572-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 6.4 will be retired as of February 28, 2019, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.4 AMC after February 28, 2019.
fdb6aa505d93686809c13d198cc2a804535e5e6ed5300c098904ef0da7b63fc3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed