Critical Infrastructure

SecList ICS

Security Magazine

Case Studies

News

Exploits

Last 20 Website Defacements - Zone-h

Advisories

  • Ubuntu Security Notice USN-3992-1 Wed, 22 May 2019 14:40:07 GMT
    Ubuntu Security Notice 3992-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
  • Ubuntu Security Notice USN-3993-1 Wed, 22 May 2019 14:39:56 GMT
    Ubuntu Security Notice 3993-1 - Wenchao Li discovered that curl incorrectly handled memory in the curl_url_set function. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.04. It was discovered that curl incorrectly handled memory when receiving data from a TFTP server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
  • Slackware Security Advisory - mozilla-firefox Updates Wed, 22 May 2019 14:39:49 GMT
    Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
  • Ubuntu Security Notice USN-3566-2 Wed, 22 May 2019 14:39:42 GMT
    Ubuntu Security Notice 3566-2 - USN-3566-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or possibly cause a crash, resulting in a denial of service. Various other issues were also addressed.
  • Red Hat Security Advisory 2019-1260-01 Wed, 22 May 2019 14:39:35 GMT
    Red Hat Security Advisory 2019-1260-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include an information leakage vulnerability.
  • Red Hat Security Advisory 2019-1259-01 Wed, 22 May 2019 14:39:27 GMT
    Red Hat Security Advisory 2019-1259-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. A new version of .NET Core that address security vulnerabilities is now available. The updated version is .NET Core Runtime 2.1.11 and SDK 2.1.507. Issues addressed include a denial of service vulnerability.
  • JSC DFG Incorrect Decision On Behavior Tue, 21 May 2019 23:44:11 GMT
    JSC DFG's doesGC() is incorrect about the HasIndexedProperty operation's behavior on StringObjects.
  • Revive Adserver Weak PRNG Cryptography Tue, 21 May 2019 23:28:05 GMT
    Revive Adserver versions prior to 4.2.1 make use of a cryptographically weak pseudo-random number generator.
  • WebKitGTK+ / WPE WebKit Code Execution Tue, 21 May 2019 23:07:14 GMT
    WebKitGTK+ and WPE WebKit suffer from multiple memory corruption vulnerabilities and various other issues that can lead to code execution. Multiple versions are affected.
  • Ubuntu Security Notice USN-3991-1 Tue, 21 May 2019 23:06:42 GMT
    Ubuntu Security Notice 3991-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, trick the user in to launching local executable binaries, obtain sensitive information, conduct cross-site scripting attacks, or execute arbitrary code. Various other issues were also addressed.
  • Red Hat Security Advisory 2019-1258-01 Tue, 21 May 2019 23:06:15 GMT
    Red Hat Security Advisory 2019-1258-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL.
  • Ubuntu Security Notice USN-3989-1 Tue, 21 May 2019 23:06:08 GMT
    Ubuntu Security Notice 3989-1 - It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code.
  • Ubuntu Security Notice USN-3990-1 Tue, 21 May 2019 23:05:56 GMT
    Ubuntu Security Notice 3990-1 - It was discovered that urllib3 incorrectly removed Authorization HTTP headers when handled cross-origin redirects. This could result in credentials being sent to unintended hosts. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. It was discovered that urllib3 incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection. Various other issues were also addressed.
  • JavaScriptCore AIR Optimization Incorrectly Removes Assignment To Register Tue, 21 May 2019 22:22:22 GMT
    JavaScriptCore AIR optimization incorrectly removes assignment to register.
  • Red Hat Security Advisory 2019-1245-01 Mon, 20 May 2019 16:39:06 GMT
    Red Hat Security Advisory 2019-1245-01 - An update is now available for Red Hat Quay 3. Issues addressed include a man-in-the-middle vulnerability.
  • Ubuntu Security Notice USN-3985-2 Fri, 17 May 2019 13:13:13 GMT
    Ubuntu Security Notice 3985-2 - Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
  • Red Hat Security Advisory 2019-1243-01 Thu, 16 May 2019 23:06:42 GMT
    Red Hat Security Advisory 2019-1243-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 74.0.3729.131. Issues addressed include an out of bounds access vulnerability.
  • Ubuntu Security Notice USN-3988-1 Thu, 16 May 2019 23:06:29 GMT
    Ubuntu Security Notice 3988-1 - It was discovered that MediaInfo contained multiple security issues when handling certain multimedia files. If a user were tricked into opening a crafted multimedia file, an attacker could cause MediaInfo to crash, resulting in a denial of service.
  • Ubuntu Security Notice USN-3986-1 Thu, 16 May 2019 23:05:59 GMT
    Ubuntu Security Notice 3986-1 - It was discovered that Wireshark improperly handled certain input. A remote or local attacker could cause Wireshark to crash by injecting malformed packets onto the wire or convincing someone to read a malformed packet trace file.
  • Red Hat Security Advisory 2019-1238-01 Thu, 16 May 2019 23:05:45 GMT
    Red Hat Security Advisory 2019-1238-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP35. Issues addressed include a buffer overflow vulnerability.
  • Red Hat Security Advisory 2019-1237-01 Thu, 16 May 2019 23:05:38 GMT
    Red Hat Security Advisory 2019-1237-01 - The rh-python35-python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Issues addressed include an information leakage vulnerability.
  • Slackware Security Advisory - rdesktop Updates Thu, 16 May 2019 23:05:31 GMT
    Slackware Security Advisory - New rdesktop packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
  • Red Hat Security Advisory 2019-1236-01 Thu, 16 May 2019 23:05:23 GMT
    Red Hat Security Advisory 2019-1236-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 1.0.16, 1.1.13, 2.1.11, and 2.2.5. Issues addressed include a denial of service vulnerability.
  • Ubuntu Security Notice USN-3985-1 Thu, 16 May 2019 23:04:15 GMT
    Ubuntu Security Notice 3985-1 - Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
  • Red Hat Security Advisory 2019-1235-01 Wed, 15 May 2019 18:44:00 GMT
    Red Hat Security Advisory 2019-1235-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability.