Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2018-249-01)

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2018-249-01. The text itself is copyright C Slackware Linux,...

ThinkPHP SQL Injection Vulnerability (CNVD-2019-17159)

ThinkPHP is an open source, lightweight PHP-based web application development framework. A SQL injection vulnerability exists in ThinkPHP versions prior to 5.1.23. The vulnerability stems from the program not correctly filtering the key value of an array, which can be exploited by a remote attack...

Cisco WebEx Network Recording Player ATJPEG60 Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

Cisco WebEx Network Recording Player NBRQA Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

Cisco WebEx Network Recording Player NBRQA Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

Cisco WebEx Recorder and Player WRF File Heap-based Buffer Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Recorder and Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

Cisco WebEx Network Recording Player ARF File Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

Adobe Acrobat Pro DC Catalog Index Untrusted Pointer Dereference Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing...

ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution

In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result...

postgresql: pg_upgrade creates file of sensitive metadata under prevailing umask

This release of CloudForms corrects an issue invoked when running pgupgrade by which attackers could read or modify the output of pgdumpall -g in the current working directory. With this release, any attack is rendered infeasible as the directory mode blocks an intruder from searching the current...

Microsoft Chakra Array.reverse Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra as well as Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...

postgresql: pg_upgrade creates file of sensitive metadata under prevailing umask

This release of CloudForms corrects an issue invoked when running pgupgrade by which attackers could read or modify the output of pgdumpall -g in the current working directory. With this release, any attack is rendered infeasible as the directory mode blocks an intruder from searching the current...

Slackware 14.0 / 14.1 / 14.2 / current : ntp (SSA:2018-229-01)

New ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2018-229-01. The text itself is copyright C Slackware Linux,...

[slackware-security] ntp

New ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/ntp-4.2.8p12-i586-1slack14.2.txz: Upgraded. This release improves on one security fix in ntpd: LOW/MEDIUM: Sec 3012: Sybil...

Adobe Acrobat Reader DC (Continuous Track) Multiple Arbitrary Code Execution Vulnerabilities (APSB18-29) - Mac OS X

Adobe Acrobat Reader DC Continuous Track is prone to multiple arbitrary code execution vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Microsoft Internet Explorer Remote Memory Corruption Vulnerability (CNVD-2018-19392)

Microsoft Internet Explorer is a popular WEB browser. A remote memory corruption vulnerability exists in Microsoft Internet Explorer. A remote attacker can exploit this vulnerability to corrupt memory by executing arbitrary code in the context of the current user...

Microsoft Internet Explorer Remote Memory Corruption Vulnerability (CNVD-2018-19393)

Microsoft Internet Explorer is a popular WEB browser. A remote memory corruption vulnerability exists in Microsoft Internet Explorer. A remote attacker can exploit this vulnerability to corrupt memory by executing arbitrary code in the context of the current user...

Microsoft Internet Explorer and Edge Memory Corruption Vulnerability (CNVD-2018-18477)

Microsoft Internet Explorer is a popular WEB browser.Microsoft Edge is a Web browser developed by Microsoft Corporation USA. A memory corruption vulnerability exists in Microsoft Internet Explorer and Edge. The vulnerability stems from a problem in the way the browser accesses objects in memory. ...

Microsoft Internet Explorer Remote Code Execution Vulnerability (CNVD-2018-18005)

Microsoft Windows Server 2012 and others are a series of operating systems released by Microsoft Corporation, U.S.A. Internet Explorer IE is one of the web browsers that comes with the Windows operating system. A remote code execution vulnerability exists in the way the scripting engine handles...

Microsoft Excel Remote Code Execution Vulnerability (CNVD-2018-16841)

Microsoft Excel is a spreadsheet processing software in the Office suite of the American Microsoft Microsoft company. A remote code execution vulnerability exists in Microsoft Excel, which results from the program failing to properly handle objects in memory. A remote attacker can exploit the...