Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5

Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects...

Mozilla: Buffer overflow in accelerated 2D canvas with Skia

A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.4, Firefox ESR 60.4, an...

Mailcleaner Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Mailcleaner Remote Code Execution", 'Description' = %q This module exploits the command injection vulnerability of MailCleaner Community Edition...

chromium-browser: Use after free in PDFium

Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file...

CVE-2018-16855

An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash...

Core: Arbitrary file and directory creation

A tampering vulnerability exists when .NET Core improperly handles specially crafted files, aka ".NET Core Tampering Vulnerability." This affects .NET Core 2.1...

mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successfu...

mysql: pid file can be created in a world-writeable directory (CPU Apr 2018)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs. Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where...

DEBIAN-CVE-2018-19518

University of Washington IMAP Toolkit 2007f on UNIX, as used in imapopen in PHP and other products, launches an rsh command by means of the imaprimap function in c-client/imap4r1.c and the tcpaopen function in osdep/unix/tcpunix.c without preventing argument injection, which might allow remote...

CVE-2018-19490

An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in dfgenerateasciiarrayentry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range...

IBM DB2 Access Control Vulnerability

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBM i, z/OS, and Windows server versions. A security vulnerability exists in all revision packages of IBM DB2 version 11.1 including DB2 Connec...

webkitgtk: Improper TLS certificate verification for WebSocket connections

WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections...

curl: RTSP RTP buffer over-read

A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage...

chromium-browser: Memory corruption in GPU Internals

A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...

nodejs: Inspector DNS rebinding vulnerability

It was found that when a Node.js script is run in inspector mode, Node.js did not properly validate the Host header, leaving the inspector vulnerable to a DNS rebind attack and bypass same-origin policy. If a developer had an inspector session running, and was visiting a malicious website, the si...

java-1.8.0-openjdk security update

1:1.8.0.191.b12-0 - Update to aarch64-shenandoah-jdk8u191-b12. - Resolves: rhbz1633817 1:1.8.0.191.b10-0 - Update to aarch64-shenandoah-jdk8u191-b10. - Drop 8146115/PR3508/RH1463098 applied upstream. - Resolves: rhbz1633817 1:1.8.0.181.b16-0 - Add new Shenandoah patch PR3634 as upstream still fai...

CVE-2018-16587

In Open Ticket Request System OTRS 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a user with admin permissions opens it, it causes deletions of arbitrary files that the OTRS web server user has write access to...

chromium-browser: Function signature mismatch in WebAssembly

An improper update of the WebAssembly dispatch table in WebAssembly in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

Mozilla: Use-after-free in driver timers

A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox 62, Firefox ESR 60.2, and Thunderbird 60.2.1...

pcre: Invalid Unicode property lookup (8.41/7, 10.24/2)

libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service segmentation violation for read access, and application crash by triggering an invalid Unicode property lookup...