Vulnerabilities in OpenSSH affect AIX.

IBM SECURITY ADVISORY First Issued: Wed Oct 24 11:28:50 CDT 2018 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/opensshadvisory12.asc https://aix.software.ibm.com/aix/efixes/security/opensshadvisory12.asc...

CVE-2017-5731

Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege via local access...

CVE-2018-0416

A vulnerability in the web-based interface of Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking mechanisms...

CVE-2018-0416 Cisco Wireless LAN Controller Software Information Disclosure Vulnerability

A vulnerability in the web-based interface of Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking mechanisms...

Facebook Expands Efforts to Squash Voter Suppression

Facebook plans to expand its content-policing on its site, aiming to crack down on profiles and pages that it deems are aimed at voter suppression ahead of the 2018 U.S. midterm elections. Specifically, social-media giant will penalize those that spread disinformation about voting requirements wi...

Out-of-bounds

An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in readreloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, a...

CVE-2018-18309

An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in readreloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, a...

CVE-2018-18309

An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in readreloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, a...

Amazon Linux 2 : ghostscript (ALAS-2018-1088)

It was discovered that the ghostscript .shfill operator did not properly validate certain types. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript...

SUSE-SU-2018:3083-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-14634: Prevent integer overflow in createelftables that allowed a local attacker to exploit this vulnerability via a SUID-root binary and obtain full root...

Security update for ghostscript (important)

This update for ghostscript to version 9.25 fixes the following issues: These security issues were fixed: - CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code bsc1109105 - CVE-2018-15909: Prevent type...

Security update for ghostscript (important)

This update for ghostscript to version 9.25 fixes the following issues: These security issues were fixed: - CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code bsc1109105 - CVE-2018-15909: Prevent type...

HeapHopper - A Bounded Model Checking Framework For Heap-implementations

HeapHopper is a bounded model checking framework for Heap-implementations. Setup sudo apt update && sudo apt install build-essential python-dev virtualenvwrapper git clone https://github.com/angr/heaphopper.git && cd ./heaphopper mkvirtualenv -ppython2 heaphopper pip install -e . Required Package...

Denial Of Service (DoS)

ImageMagick is vulnerable to denial of service DoS attack. The attack exists because of the failure in checking length of the image against the GetBlobSizeimage in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c, allowing the attacker to trigger the attack sending a...

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:3003-1)

The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.156 to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-16597: Incorrect access checking in overlayfs mounts could have been used by local attackers to modify or truncate files in the underlying...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : ImageMagick vulnerabilities (USN-3785-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3785-1 advisory. Due to a large number of issues discovered in GhostScript that prevent it from being used by ImageMagick safely, this update...

USN-3785-1 imagemagick vulnerabilities

Due to a large number of issues discovered in GhostScript that prevent it from being used by ImageMagick safely, this update includes a default policy change that disables support for the Postscript and PDF formats in ImageMagick. This policy can be overridden if necessary by using an alternate...

SUSE-SU-2018:3003-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.156 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-16597: Incorrect access checking in overlayfs mounts could have been used by local attackers to modify or truncate files in the underlying...

SUSE SLED12 / SLES12 Security Update : ghostscript (SUSE-SU-2018:2975-1)

This update for ghostscript to version 9.25 fixes the following issues : These security issues were fixed : CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code bsc1109105 CVE-2018-15909: Prevent type confusio...

Default credentials

Previous releases of the Puppet ciscoios module did not validate a host's identity before starting a SSH connection. As of the 0.4.0 release of ciscoios, host key checking is enabled by default...