Critical Infrastructure

SecList ICS

Security Magazine

Case Studies

News

Exploits

Last 20 Website Defacements - Zone-h

Advisories

  • Debian Security Advisory 4573-1 Tue, 19 Nov 2019 15:26:09 GMT
    Debian Linux Security Advisory 4573-1 - Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to a timing attack/information leak, argument injection and code execution via unserialization.
  • Red Hat Security Advisory 2019-3908-01 Tue, 19 Nov 2019 15:24:53 GMT
    Red Hat Security Advisory 2019-3908-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. An issue where Intel GPU blitter manipulation can allow for arbitrary kernel memory write was addressed.
  • Debian Security Advisory 4572-1 Tue, 19 Nov 2019 15:19:43 GMT
    Debian Linux Security Advisory 4572-1 - It was discovered in the Simple Linux Utility for Resource Management (SLURM), a cluster resource management and job scheduling system did not escape strings when importing an archive file into the accounting_storage/mysql backend, resulting in SQL injection.
  • Red Hat Security Advisory 2019-3906-01 Tue, 19 Nov 2019 15:17:09 GMT
    Red Hat Security Advisory 2019-3906-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Go has been updated to address unbounded memory growth issues.
  • Red Hat Security Advisory 2019-3905-01 Tue, 19 Nov 2019 15:14:49 GMT
    Red Hat Security Advisory 2019-3905-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the atomic-openshift RPM package for Red Hat OpenShift Container Platform 3.11.154. Issues addressed include a denial of service vulnerability.
  • Ubuntu Security Notice USN-4196-1 Mon, 18 Nov 2019 15:30:43 GMT
    Ubuntu Security Notice 4196-1 - It was discovered that python-ecdsa incorrectly handled certain signatures. A remote attacker could possibly use this issue to cause python-ecdsa to generate unexpected exceptions, resulting in a denial of service. It was discovered that python-ecdsa incorrectly verified DER encoding in signatures. A remote attacker could use this issue to perform certain malleability attacks. Various other issues were also addressed.
  • Debian Security Advisory 4571-1 Mon, 18 Nov 2019 15:28:57 GMT
    Debian Linux Security Advisory 4571-1 - Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code or denial of service.
  • Red Hat Security Advisory 2019-3901-01 Mon, 18 Nov 2019 15:27:40 GMT
    Red Hat Security Advisory 2019-3901-01 - Red Hat OpenShift Application Runtimes provide an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of RHOAR Vert.x 3.8.3 includes security updates, bug fixes, and enhancements. For more information, see the release notes linked to in the References section. Issues addressed include code execution and deserialization vulnerabilities.
  • Ubuntu Security Notice USN-4195-1 Mon, 18 Nov 2019 15:27:19 GMT
    Ubuntu Security Notice 4195-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.18 in Ubuntu 19.10. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.04 have been updated to MySQL 5.7.28. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
  • Debian Security Advisory 4570-1 Mon, 18 Nov 2019 15:25:36 GMT
    Debian Linux Security Advisory 4570-1 - A vulnerability was discovered in mosquitto, a MQTT version 3.1/3.1.1 compatible message broker, allowing a malicious MQTT client to cause a denial of service (stack overflow and daemon crash), by sending a specially crafted SUBSCRIBE packet containing a topic with a extremely deep hierarchy.
  • Red Hat Security Advisory 2019-3898-01 Mon, 18 Nov 2019 15:23:27 GMT
    Red Hat Security Advisory 2019-3898-01 - Libcomps is library for structure-like manipulation with content of comps XML files. Supports read/write XML file, structure modification. A use-after-free vulnerability was addressed.
  • Slackware Security Advisory - Slackware 14.2 kernel Updates Mon, 18 Nov 2019 15:22:09 GMT
    Slackware Security Advisory - New kernel packages are available for Slackware 14.2 to fix security issues.
  • Debian Security Advisory 4569-1 Mon, 18 Nov 2019 15:12:56 GMT
    Debian Linux Security Advisory 4569-1 - Manfred Paul and Lukas Schauer reported that the .charkeys procedure in Ghostscript, the GPL PostScript/PDF interpreter, does not properly restrict privileged calls, which could result in bypass of file system restrictions of the dSAFER sandbox.
  • Red Hat Security Advisory 2019-3895-01 Mon, 18 Nov 2019 15:10:33 GMT
    Red Hat Security Advisory 2019-3895-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. A privilege escalation vulnerability was addressed.
  • Debian Security Advisory 4568-1 Mon, 18 Nov 2019 15:08:07 GMT
    Debian Linux Security Advisory 4568-1 - Rich Mirch discovered that the pg_ctlcluster script didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.
  • Raritan CommandCenter Secure Gateway XML Injection Fri, 15 Nov 2019 21:32:42 GMT
    Raritan CommandCenter Secure Gateway versions prior to 8.0.0 suffer from an XML external entity injection vulnerability. A remote unauthenticated attacker may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts by using this vulnerability.
  • Centraleyezer Shell Upload Fri, 15 Nov 2019 21:24:09 GMT
    Centraleyezer suffers from a remote shell upload vulnerability.
  • Red Hat Security Advisory 2019-3892-01 Fri, 15 Nov 2019 16:16:10 GMT
    Red Hat Security Advisory 2019-3892-01 - This release of Red Hat Fuse 7.5.0 serves as a replacement for Red Hat Fuse 7.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, denial of service, deserialization, information leakage, and traversal vulnerabilities.
  • Ubuntu Security Notice USN-4194-1 Fri, 15 Nov 2019 16:16:01 GMT
    Ubuntu Security Notice 4194-1 - Rich Mirch discovered that the postgresql-common pg_ctlcluster script incorrectly handled directory creation. A local attacker could possibly use this issue to escalate privileges.
  • Red Hat Security Advisory 2019-3890-01 Fri, 15 Nov 2019 16:15:39 GMT
    Red Hat Security Advisory 2019-3890-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.
  • Ubuntu Security Notice USN-4193-1 Fri, 15 Nov 2019 16:15:19 GMT
    Ubuntu Security Notice 4193-1 - Paul Manfred and Lukas Schauer discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service.
  • Red Hat Security Advisory 2019-3888-01 Fri, 15 Nov 2019 16:15:03 GMT
    Red Hat Security Advisory 2019-3888-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.
  • Red Hat Security Advisory 2019-3889-01 Fri, 15 Nov 2019 16:14:26 GMT
    Red Hat Security Advisory 2019-3889-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An arbitrary kernel memory write vulnerability was addressed.
  • Red Hat Security Advisory 2019-3887-01 Fri, 15 Nov 2019 16:13:27 GMT
    Red Hat Security Advisory 2019-3887-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. An arbitrary kernel memory write vulnerability was addressed.
  • Ubuntu Security Notice USN-4192-1 Thu, 14 Nov 2019 15:57:14 GMT
    Ubuntu Security Notice 4192-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.