D-Link Central WiFiManager Software Controller suffers from hard-coded credential, code execution, and cross site scripting vulnerabilities. Version 1.03 is affected.
0c727854c4a3a6e628258dcc738184e2861e8c1ad5dbd247e1a3630b27db5115
Ubuntu Security Notice 3783-1 - Robert Swiecki discovered that the Apache HTTP Server HTTP/2 module incorrectly destroyed certain streams. A remote attacker could possibly use this issue to cause the server to crash, leading to a denial of service. Craig Young discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. Various other issues were also addressed.
0bf160359c3f6f2882ea37edf08dbc0e4c246a9e6f1220def36a082123ead78a
Debian Linux Security Advisory 4310-1 - Two security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code inside the sandboxed content process.
edbb1cf8b0b9f5831faa87650ee6af1af53f44820683e261ff3597ceb64387f1
Ubuntu Security Notice 3778-1 - A crash was discovered in TransportSecurityInfo used for SSL, which could be triggered by data stored in the local cache directory. An attacker could potentially exploit this in combination with another vulnerability that allowed them to write data to the cache, to execute arbitrary code. A type confusion bug was discovered in JavaScript. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code. Various other issues were also addressed.
a69ab9fe6502be4b61f6561f6d0e2050616a619735003e0abb30915f7a0370a6
VMware Security Advisory 2018-0024 - VMware Workspace ONE Unified Endpoint Management Console (A/W Console) updates resolve SAML authentication bypass vulnerability.
70016a84f7fc8db00f6df3e3fc7ea2a353556b33ea46d1a8c03e856269049083
ISPConfig versions prior to 3.1.13 remote command execution exploit.
d902a9faac34d18db1b38cc1c7a892978938df551e5cee83434451d9425ce20d
Intel ME has a Manufacturing Mode designed to be used exclusively by motherboard manufacturers. This mode provides some additional opportunities that an attacker can take advantage of. When Manufacturing Mode is enabled, Intel ME allows execution of the command which makes the ME region writable via the SPI controller built into the motherboard. The ability to run code and send commands to Intel ME on the attacked system allows the attacker to rewrite the Intel ME firmware onto another version. So the attacker is able to deploy the firmware which is vulnerable to INTEL-SA-00086 and execute arbitrary code on Intel ME even if the system is patched. This archive contains Python 2.7 scripts for checking the state of the Intel ME Manufacturing Mode.
235b70227bc92b3231532b82cf626382fd758eae4bb791331c523d42092038ba
WordPress Pie Register plugin version 3.0.15 suffers from a cross site scripting vulnerability.
1053dc48ecf443c8439938d702310bcc74cfe8131561cf323ad3d1c31d8388e5
virtualenv version 16.0.0 suffers from a sandbox escape vulnerability.
8e6afdc890adccf233c505e364f3e3fada6f261e38532e5a1abe218e65d28b5a
NICO-FTP version 3.0.1.19 suffers from a buffer overflow vulnerability.
46ed36dcfa5dc91a84088309aee7e9990071028b3e39d8631d538881729b005d
LayerBB Forum version 1.1.1 suffers from a remote SQL injection vulnerability.
ad0b4e2ca43960090253d92fed5d05123ff53fcfa9dc273f3c958c5203a88554
50 bytes small Linux/x86 execve(/bin/sh) + NOT +SHIFT-N+ XOR-N encoded shellcode.
f7dd96eaac3df037d071ccc666a335af92f650a8694889a5fa81475074f97603
Ubuntu Security Notice 3785-1 - Due to a large number of issues discovered in GhostScript that prevent it from being used by ImageMagick safely, this update includes a default policy change that disables support for the Postscript and PDF formats in ImageMagick. This policy can be overridden if necessary by using an alternate ImageMagick policy configuration. It was discovered that several memory leaks existed when handling certain images in ImageMagick. An attacker could use this to cause a denial of service. Various other issues were also addressed.
7f60cc2951e68a53904d590ddb4ab1b7e34891df9af3e2b779af6f1e5852a37e
Ubuntu Security Notice 3784-1 - As a security improvement, this update adjusts the private-files abstraction to disallow writing to thumbnailer configuration files. Additionally adjust the private-files, private-files-strict and user-files abstractions to disallow writes on parent directories of sensitive files.
42e7701d35e91ccf63b09f590147af231dc2559f0d994898106784abe916ba39
Photo Nettoyeur version 1.4.5 suffers from an insecure file permission vulnerability.
7e49670fd6392daab7eb415ad0b29ec24e231799756673f9de74c83502e5c152