ALPINE-CVE-2018-19486

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory as if '.' were at the end of $PATH in certain cases involving the runcommand API and run-command.c, because there was a dangerous change from execvp to execv during 2017...

DEBIAN-CVE-2018-19486

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory as if '.' were at the end of $PATH in certain cases involving the runcommand API and run-command.c, because there was a dangerous change from execvp to execv during 2017...

CVE-2018-19486

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory as if '.' were at the end of $PATH in certain cases involving the runcommand API and run-command.c, because there was a dangerous change from execvp to execv during 2017...

Design/Logic Flaw

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory as if '.' were at the end of $PATH in certain cases involving the runcommand API and run-command.c, because there was a dangerous change from execvp to execv during 2017...

CVE-2018-19486

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory as if '.' were at the end of $PATH in certain cases involving the runcommand API and run-command.c, because there was a dangerous change from execvp to execv during 2017...

CVE-2018-19486

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory as if '.' were at the end of $PATH in certain cases involving the runcommand API and run-command.c, because there was a dangerous change from execvp to execv during 2017...

Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Nov 2018)

This host is missing an important security update according to Microsoft Office Click-to-Run updates. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

PT-2018-14844 · Ethereumjs · Ethereumjs-Vm

Name of the Vulnerable Software and Affected Versions: ethereumjs-vm version 2.4.0 Description: The issue allows attackers to cause a denial of service, leading to vm.runCode failure and REVERT, via a code attribute set to Buffer.frommy code, 'hex'. It's worth noting that the vendor disputes this...

Updated dnsmasq packages fix security issue

Updated dnsmasq packages fix a security issue Upstream dnsmasq run as nobody user which could lead to security issue if multiple services run as this same user. This update makes dnsmasq to run as its own user: dnsmasq...

MGASA-2018-0427 Updated dnsmasq packages fix security issue

Updated dnsmasq packages fix a security issue Upstream dnsmasq run as nobody user which could lead to security issue if multiple services run as this same user. This update makes dnsmasq to run as its own user: dnsmasq...

glusterfs: glusterfs server exploitable via symlinks to relative paths

It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes vi...

Mozilla: Out-of-bounds write with malicious MAR file

When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. Thi...

Update Rollup 6 for System Center 2016 Virtual Machine Manager

Update Rollup 6 for System Center 2016 Virtual Machine Manager Introduction This article describes the issues that are fixed in Update Rollup 6 for Microsoft System Center 2016 Virtual Machine Manager. Two updates are available for Virtual Machine Manager, one for the Virtual Machine Manager serv...

GHSA-MH7G-99W9-XPJM Remote code execution occurs in Apache Solr

Remote code execution occurs in Apache Solr before versions 5.5.5, 6.6.2 and 7.1.0 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external...

ae.vigilancer.android-run-app:ae.vigilancer.android-run-app.gradle.plugin (>=1.0.1 <=1.0.2), aero.m-click:mcpdf (>=0.2.3 <=0.2.4) +6768 more potentially affected by CVE-2016-1000342 via org.bouncycastle:bcprov-jdk15on (>=1.46 <=1.55)

org.bouncycastle:bcprov-jdk15on MAVEN version =1.46, =1.0.1, =0.2.3, =0.42.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.3 and more Source cves: CVE-2016-1000342 Source advisory: OSV:GHSA-QCJ7-G2J5-G7R3...

ae.vigilancer.android-run-app:ae.vigilancer.android-run-app.gradle.plugin (>=1.0.1 <=1.0.2), aero.m-click:mcpdf (>=0.2.3 <=0.2.4) +6768 more potentially affected by CVE-2016-1000338 via org.bouncycastle:bcprov-jdk15on (>=1.46 <=1.55)

org.bouncycastle:bcprov-jdk15on MAVEN version =1.46, =1.0.1, =0.2.3, =0.42.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.3 and more Source cves: CVE-2016-1000338 Source advisory: OSV:GHSA-4VHJ-98R6-424H...

Google Adds Control-Flow Integrity to Beef up Android Kernel Security

Google has added a new security feature to the latest Linux kernels for Android devices to prevent it against code reuse attacks that allow attackers to achieve arbitrary code execution by exploiting control-flow hijacking vulnerabilities. In code reuse attacks, attackers exploit memory corruptio...

airflow-plugins (=0.1.3), cstar (>=0.7.0 <=0.7.1) +1 more potentially affected by CVE-2018-1000805 via paramiko (>=2.3.1 <=2.3.2)

paramiko PYPI version =2.3.1, =0.7.0, =1.0.0, =2.1.6 Source cves: CVE-2018-1000805 Source advisory: OSV:GHSA-F2J6-WRHH-V25M...

EKFiddle v.0.8.2 - A Framework Based On The Fiddler Web Debugger To Study Exploit Kits, Malvertising And Malicious Traffic In General

A framework based on the Fiddler web debugger to study Exploit Kits, malvertising and malicious traffic in general. Installation Download and install the latest version of Fiddler https://www.telerik.com/fiddler Special instructions for Linux and Mac here:...

Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Oct 2018)

This host is missing an important security update according to Microsoft Office Click-to-Run updates. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...