Red Hat Security Advisory 2018-1235-01 - Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. This advisory contains RPM packages for this release. Issues addressed include a path sanitization vulnerability.
d4389ff99978d7c5f9b988f2c837a103388a061ab00a07c9bddbf91b11145e35
macOS suffers from a double mach_port_deallocate in kextd due to failure to comply with MIG ownership rules.
3ddb3eed2c7396dd51ab0e7ff9f7a7b3a4392e5bd040e466a63d30befb46062a
macOS/iOS ReportCrash suffers from a mach port replacement due to failure to respect MIG ownership rules.
2cd4e635bdd91862b3c2bfd770e7f8bd4e4eca619058739936bbf85ce351d526
There are several issues in drivers/char/random.c, in particular related to the behavior of the /dev/urandom RNG during and shortly after boot.
41bc2ae3426effa1ed930226dd44577a803172d383adac4215a479f019df9422
SourceTree for Windows versions prior to 2.5.5.0 suffer from an argument injection vulnerability via Mercurial tag names.
2b5b7eb1bcdb0a9f7cb455ea33f78b2265b5309e537a781993644d5e923ec9cb
There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of revision 227958 on OSX.
16307c2a076e6eedaa5e405c5a3f96d724981d8afd372bf9e6385efaff3fb94f
This Metasploit module exploits a vulnerability in the eval command present in Xdebug versions 2.5.5 and below. This allows the attacker to execute arbitrary php code as the context of the web user.
a94a19cfaf669742a83aa9ced9e5f3db211d2e4e73a6dab97341c79d196c8536
Red Hat Security Advisory 2018-1231-01 - Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. This advisory contains RPM packages for this release. Issues addressed include an improper path sanitization vulnerability.
1e7d3c302f733cb79e9c2357529d9d2c0883d0af287784ce033a52c9f2e003cb
Debian Linux Security Advisory 4186-1 - It was discovered that gunicorn, an event-based HTTP/WSGI server was susceptible to HTTP Response splitting.
a1b247830a9eeaf020ed67529b835738e82d75b38c2d3592d56e2ebd4954a365
Debian Linux Security Advisory 4185-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code or bypass of JAR signature validation.
4b50e9d98efd4b23a87cb5dbfd928c095176bb7fb220d433ff5d2a7e1b55123a
Metasploit's msfd-service makes it possible to get a msfconsole-like interface over a TCP socket. This Metasploit module connects to the msfd-socket through the victim's browser. To execute msfconsole-commands in JavaScript from a web application, this module places the payload in the POST-data. These POST-requests can be sent cross-domain and can therefore be sent to localhost on the victim's machine. The msfconsole-command to execute code is 'rbi -e "CODE"'. Exploitation when the browser is running on Windows is unreliable and the exploit is only usable when IE is used and the quiet-flag has been passed to msf-daemon.
2283d21a12adcde1dea6e6565afc46a8aa7c6a4fd20f6bfac31c37d5d71ee15d
Debian Linux Security Advisory 4184-1 - Multiple vulnerabilities have been discovered in the image loading library for Simple DirectMedia Layer 1.2, which could result in denial of service or the execution of arbitrary code if malformed image files are opened.
759bbb6bf0bf5bef7267fa1dee058e05a7581edfd381241e7193df67d0643cdb
Metasploit's msfd-service makes it possible to get a msfconsole-like interface over a TCP socket. If this socket is accessible on a remote interface, an attacker can execute commands on the victim's machine. If msfd is running with higher privileges than the current local user, this module can also be used for privilege escalation. In that case, port forwarding on the compromised host can be used. Code execution is achieved with the msfconsole command: irb -e 'CODE'.
6bccc2cde5d85bcb357aadc94add34850f268af7b41e4e2cf8b65a54a15af6cc
Red Hat Security Advisory 2018-1229-01 - Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. This advisory contains RPM packages for this release. Issues addressed include a path sanitization vulnerability.
742805308726e233aec40d69826ac2b628303bdf73a313da2ca4356da9736098
WordPress Responsive Cookie Consent versions 1.5, 1.6, and 1.7 suffer from a persistent cross site scripting vulnerability.
384eb5a5a15c2dc1c9b4202fa3511206c0ecf08d5292bbe8d20e4d4163668611