Critical Infrastructure

SecList ICS

Security Magazine

Case Studies

News

Exploits

Last 20 Website Defacements - Zone-h

Advisories

  • Ubuntu Security Notice USN-4066-1 Fri, 19 Jul 2019 17:26:23 GMT
    Ubuntu Security Notice 4066-1 - It was discovered that libmspack incorrectly handled certain CHM files. A remote attacker could possibly use this issue to access sensitive information.
  • Ubuntu Security Notice USN-4065-1 Thu, 18 Jul 2019 19:58:33 GMT
    Ubuntu Security Notice 4065-1 - It was discovered that Squid incorrectly handled Digest authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. It was discovered that Squid incorrectly handled Basic authentication. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.04. Various other issues were also addressed.
  • Ubuntu Security Notice USN-4064-1 Thu, 18 Jul 2019 18:58:22 GMT
    Ubuntu Security Notice 4064-1 - A sandbox escape was discovered in Thunderbird. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same origin restrictions, conduct cross-site scripting attacks, spoof origin attributes, or execute arbitrary code. Various other issues were also addressed.
  • Ubuntu Security Notice USN-4063-1 Wed, 17 Jul 2019 19:07:34 GMT
    Ubuntu Security Notice 4063-1 - Nils Emmerich discovered that LibreOffice incorrectly handled LibreLogo scripts. If a user were tricked into opening a specially crafted document, a remote attacker could cause LibreOffice to execute arbitrary code. Matei "Mal" Badanoiu discovered that LibreOffice incorrectly handled stealth mode. Contrary to expectations, bullet graphics could be retrieved from remote locations when running in stealth mode. Various other issues were also addressed.
  • Ubuntu Security Notice USN-4059-2 Wed, 17 Jul 2019 18:46:52 GMT
    Ubuntu Security Notice 4059-2 - USN-4059-1 and USN-3557-1 fixed several vulnerabilities in Squid. This update provides the corresponding update for Ubuntu 12.04 ESM. Louis Dion-Marcil discovered that Squid incorrectly handled certain Edge Side Includes responses. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. Various other issues were also addressed.
  • Debian Security Advisory 4483-1 Wed, 17 Jul 2019 18:44:11 GMT
    Debian Linux Security Advisory 4483-1 - Two security issues have been discovered in LibreOffice.
  • Red Hat Security Advisory 2019-1799-01 Tue, 16 Jul 2019 20:34:23 GMT
    Red Hat Security Advisory 2019-1799-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.8.0. Issues addressed include cross site scripting and use-after-free vulnerabilities.
  • Ubuntu Security Notice USN-4062-1 Tue, 16 Jul 2019 20:11:50 GMT
    Ubuntu Security Notice 4062-1 - Rohan Padhye discovered that WavPack incorrectly handled certain WAV files. An attacker could possibly use this issue to cause a denial of service.
  • Ubuntu Security Notice USN-4060-2 Tue, 16 Jul 2019 20:11:41 GMT
    Ubuntu Security Notice 4060-2 - USN-4060-1 fixed several vulnerabilities in nss. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Henry Corrigan-Gibbs discovered that NSS incorrectly handled importing certain curve25519 private keys. An attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly obtain sensitive information. Various other issues were also addressed.
  • Red Hat Security Advisory 2019-1797-01 Tue, 16 Jul 2019 20:11:36 GMT
    Red Hat Security Advisory 2019-1797-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.4.12 serves as a replacement for Red Hat JBoss BPM Suite 6.4.11, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and deserialization vulnerabilities.
  • Ubuntu Security Notice USN-4061-1 Tue, 16 Jul 2019 20:11:29 GMT
    Ubuntu Security Notice 4061-1 - It was discovered that Redis incorrectly handled the hyperloglog data structure. An attacker could use this issue to cause Redis to crash, resulting in a denial of service, or possibly execute arbitrary code.
  • Red Hat Security Advisory 2019-1793-01 Tue, 16 Jul 2019 20:10:51 GMT
    Red Hat Security Advisory 2019-1793-01 - Vim is an updated and improved version of the vi editor. Issues addressed include a command execution vulnerability.
  • Red Hat Security Advisory 2019-1791-01 Tue, 16 Jul 2019 20:10:44 GMT
    Red Hat Security Advisory 2019-1791-01 - The libssh2 packages provide a library that implements the SSH2 protocol. Issues addressed include an out of bounds write vulnerability.
  • Red Hat Security Advisory 2019-1792-01 Tue, 16 Jul 2019 20:10:33 GMT
    Red Hat Security Advisory 2019-1792-01 - The keepalived utility provides simple and robust facilities for load balancing and high availability. The load balancing framework relies on the well-known and widely used IP Virtual Server kernel module providing layer-4 load balancing. Keepalived implements a set of checkers to dynamically and adaptively maintain and manage a load balanced server pool according to the health of the servers. Keepalived also implements the Virtual Router Redundancy Protocol to achieve high availability with director failover. Issues addressed include buffer overflow, code execution, and denial of service vulnerabilities.
  • Red Hat Security Advisory 2019-1790-01 Tue, 16 Jul 2019 20:10:26 GMT
    Red Hat Security Advisory 2019-1790-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include a buffer overflow vulnerability.
  • Red Hat Security Advisory 2019-1789-01 Tue, 16 Jul 2019 20:10:18 GMT
    Red Hat Security Advisory 2019-1789-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Issues addressed include a denial of service vulnerability.
  • Ubuntu Security Notice USN-4060-1 Tue, 16 Jul 2019 20:10:09 GMT
    Ubuntu Security Notice 4060-1 - Henry Corrigan-Gibbs discovered that NSS incorrectly handled importing certain curve25519 private keys. An attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly obtain sensitive information. Hubert Kario discovered that NSS incorrectly handled PKCS#1 v1.5 signatures when using TLSv1.3. An attacker could possibly use this issue to trick NSS into using PKCS#1 v1.5 signatures, contrary to expectations. This issue only applied to Ubuntu 19.04. Various other issues were also addressed.
  • Red Hat Security Advisory 2019-1782-01 Tue, 16 Jul 2019 20:09:58 GMT
    Red Hat Security Advisory 2019-1782-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.4.11 serves as a replacement for Red Hat JBoss BRMS 6.4.10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and deserialization vulnerabilities.
  • Ubuntu Security Notice USN-4059-1 Tue, 16 Jul 2019 20:09:51 GMT
    Ubuntu Security Notice 4059-1 - It was discovered that Squid incorrectly handled certain SNMP packets. A remote attacker could possibly use this issue to cause memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Squid incorrectly handled the cachemgr.cgi web module. A remote attacker could possibly use this issue to conduct cross-site scripting attacks. Various other issues were also addressed.
  • Ubuntu Security Notice USN-4058-1 Tue, 16 Jul 2019 20:09:46 GMT
    Ubuntu Security Notice 4058-1 - It was discovered that Bash incorrectly handled the restricted shell. An attacker could possibly use this issue to escape restrictions and execute any command.
  • Deutsche Telekom CERT Advisory DTC-A-20170323-001 Tue, 16 Jul 2019 19:32:22 GMT
    FRITZ!OS versions 6.83 and 6.80 (AVM DSL Router Fritz!Box 7490) suffer from an information leakage vulnerability.
  • SAPUI5 1.0.0 / SAP Gateway 7.5 / 7.51 / 7.52 / 7.53 Content Spoofing Tue, 16 Jul 2019 02:22:22 GMT
    SAPUI5 version 1.0.0 and the SAP Gateway versions 7.5, 7.51, 7.52 and 7.53are vulnerable to content spoofing in multiple parameters.
  • Ubuntu Security Notice USN-4057-1 Mon, 15 Jul 2019 15:36:32 GMT
    Ubuntu Security Notice 4057-1 - Mike Salvatore discovered that Zipios mishandled certain malformed ZIP files. An attacker could use this vulnerability to cause a denial of service or consume system resources.
  • Slackware Security Advisory - bzip2 Updates Mon, 15 Jul 2019 15:36:14 GMT
    Slackware Security Advisory - New bzip2 packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
  • Ubuntu Security Notice USN-4056-1 Mon, 15 Jul 2019 15:35:54 GMT
    Ubuntu Security Notice 4056-1 - It was discovered that Exiv2 incorrectly handled certain PSD files. An attacker could possibly use this issue to cause a denial of service. It was discovered that Exiv2 incorrectly handled certain PNG files. An attacker could possibly use this issue to cause a denial of service. It was discovered that Exiv2 incorrectly handled certain CRW files. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.