Ubuntu Security Notice 3926-1 - It was discovered that the GPAC MP4Box utility incorrectly handled certain memory operations. If an user or automated system were tricked into opening a specially crafted MP4 file, a remote attacker could use this issue to cause MP4Box to crash, resulting in a denial of service, or possibly execute arbitrary code.
058b55176716e6cd63fcb744b4f43c0a317967eb921aab15c4951d57ebbc973cDebian Linux Security Advisory 4418-1 - A vulnerability was discovered in the Dovecot email server. When reading FTS or POP3-UIDL headers from the Dovecot index, the input buffer size is not bounds-checked. An attacker with the ability to modify dovecot indexes, can take advantage of this flaw for privilege escalation or the execution of arbitrary code with the permissions of the dovecot user. Only installations using the FTS or pop3 migration plugins are affected.
5f7320a4f99efebe154199569271623544e4fc88c4a732369e2428dacd8a05c9VMware Security Advisory 2019-0005 - VMware ESXi, Workstation and Fusion updates address multiple security issues.
8846e044c3eed0221d88be8cdf98de3845c9cff19055a8dc95a159383a861134VMware Security Advisory 2019-0004 - VMware vCloud Director for Service Providers update resolves a Remote Session Hijack vulnerability.
85cb5465c8927563ed06436a1dd5e042011b7033eb7f1a051de35e22a380d9d1Ubuntu Security Notice 3927-1 - It was discovered that Thunderbird allowed PAC files to specify that requests to localhost are sent through the proxy to another server. If proxy auto-detection is enabled, an attacker could potentially exploit this to conduct attacks on local services and tools. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. Various other issues were also addressed.
31f9c116262cfb79aaf7ecac00f1cfd19e6694e7443bd751ab7e498952c674a7Ubuntu Security Notice 3918-3 - USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility issues with some websites. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick the user with confusing permission request prompts, obtain sensitive information, conduct social engineering attacks, or execute arbitrary code. A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. If a user were tricked in to opening a specially crafted website with Spectre mitigations disabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. It was discovered that Upgrade-Insecure-Requests was incorrectly enforced for same-origin navigation. An attacker could potentially exploit this to conduct man-in-the-middle attacks. Various other issues were also addressed.
c8fd9d8ab5cd95e9687bd37b17543aed9f243feba6dac966b7dd30515278f573Ubuntu Security Notice 3925-1 - It was discovered that an out-of-bounds write vulnerability existed in the XMP Image handling functionality of the FreeImage library. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could overwrite arbitrary memory, resulting in code execution.
1d188fb314c0e123be9abaa5d788cc11655fffa20b40841bd5227b7ee61b1747Red Hat Security Advisory 2019-0679-01 - The libssh2 packages provide a library that implements the SSH2 protocol. Issues addressed include an out of bounds write vulnerability.
a2414a1b44f340e0d42d5ef05c0f4d89a21cbf21917cf010b7b0c5334dfd227bUbuntu Security Notice 3924-1 - It was discovered that mod_auth_mellon incorrectly handled certain requests. An attacker could possibly use this issue to redirect a user to a malicious URL. It was discovered that mod_auth_mellon incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information.
050440098b7905b5366401174e130c5f5be982facf561860a0ad8199296d78edRed Hat Security Advisory 2019-0681-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.6.1. Issues addressed include a use-after-free vulnerability.
a1486c6e1fe457cdd37294b00bcfd9666818f80098ec3078a42437a5b36b64b0Red Hat Security Advisory 2019-0680-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.6.1. Issues addressed include a use-after-free vulnerability.
a3960d8852a7b0389942bc12f66d26ac8c372453dd98cd9423aa0334c3c9745aSlackware Security Advisory - New gnutls packages are available for Slackware 14.2 and -current to fix security issues.
301402e890f45c8fe4cae41b2db75126717ea85d95be8f3658c5fe2c36832ba8Apple Security Advisory 2019-3-27-1 - watchOS 5.2 is now available and addresses buffer overflow and code execution vulnerabilities.
32ea7665f2a5f3668f2773fefd23845585f60b71ea1ca19d105a134a768c7b44Gentoo Linux Security Advisory 201903-23 - Multiple vulnerabilities have been found in Chromium, the worst of which could result in the remote execution of code. Versions less than 73.0.3683.75 are affected.
0d758e392119bc08e7cd6fc9d8eb0febf9dc6149e7e5fd26f8a4b2a5e96d918fGentoo Linux Security Advisory 201903-22 - An overflow was discovered in ZeroMQ which could lead to arbitrary code execution. Versions less than 4.3.1 are affected.
369fd084812b4a33195bab4ed061f4af8ecfca25a6f5c4e5d440330adf785501Gentoo Linux Security Advisory 201903-21 - Multiple vulnerabilities have been found in Apache Web Server, the worst of which could result in a Denial of Service condition. Versions less than 2.4.38-r1 are affected.
3369fcf2fa83fa333a273a54c49a32700989b254b926ea600e23ca5cfd2463c4Gentoo Linux Security Advisory 201903-20 - Multiple vulnerabilities have been found in cabextract and libmspack, the worst of which could result in a Denial of Service. Versions less than 1.8 are affected.
f6cc6c4509246d480adeaa1577b14cf69fbde2f3438f43221621f90493f9137aGentoo Linux Security Advisory 201903-19 - Multiple vulnerabilities have been found in NASM, the worst of which could result in the remote execution of arbitrary code. Versions less than 2.14.02 are affected.
5169c28e2886caf3cf570b40fff2a4af5a5f2a94b75b57715fb66994435e9c20Gentoo Linux Security Advisory 201903-18 - Multiple vulnerabilities have been found in GD, the worst of which could result in the remote execution of arbitrary code. Versions less than 2.2.5-r2 are affected.
1d37ab9ca2e7fff5ccebddafafb28ae0b10fe4c7a72c0a7ba6a91459db606e08Gentoo Linux Security Advisory 201903-17 - Multiple vulnerabilities have been found in the image loading library for Simple DirectMedia Layer, the worst of which could result in the remote execution of arbitrary code. Versions less than 2.0.4 are affected.
5cb36cfcb59a08e2b10834307d984823deaeb727c2f5b6ca3f78cfe7dd717c50Ubuntu Security Notice 3923-1 - Michael Hanselmann discovered that QEMU incorrectly handled the Media Transfer Protocol. An attacker inside the guest could use this issue to read or write arbitrary files and cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.10. Michael Hanselmann discovered that QEMU incorrectly handled the Media Transfer Protocol. An attacker inside the guest could use this issue to read arbitrary files, contrary to expectations. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. Various other issues were also addressed.
bd50cf4e3724dde4eca89acd01b984093f41b59050ef6cddd19b55a916c3b163Red Hat Security Advisory 2019-0672-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.1 ESR.
a66e07d0056a772de65564f6604eb67706b5f09c2226b7789a271c9c481ea630Red Hat Security Advisory 2019-0671-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.1 ESR.
5384e9fcb533149326a741c9c1a106aee3dd186a89e17054dc29950e438e6d53Razer laptops ship with SPI flash set to full read/write and the Intel CPU is left in ME Manufacturing Mode.
7d678619ab5a9fdf0463c198c9e4b917336b325215c49776175af01fad3b75d0EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. An unauthenticated remote attacker could send arbitrary commands via RPC service to be executed on the host system with the privileges of the nsrexecd service, which runs with administrative privileges. Affected includes EMC NetWorker versions 8.2.x, versions 9.0.x, versions prior to 9.1.1.5, and versions prior to 9.2.1.
66870bbfcda2e853c60f884ceb3c02b01afe04b67bf39ddb8d2eae51ae0edfb0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed