CVE-2018-20662

In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing...

CVE-2018-20662

In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing...

UBUNTU-CVE-2018-20662

In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing...

Fedora 28 : setup (2018-f47268acd5)

don't list nologin in /etc/shells 1378893 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Fedora 28 : 2:qemu (2018-44f8a7454d) (Spectre)

New CPU features for speculative store bypass CVE-2018-3639 On Intel x86 hosts, the 'ssbd' feature must be explicitly added to any virtual machines that are not using host-passthrough/host-model CPU setup. NB this requires new microcode too, which is not yet available in Fedora microcodectl RPMs...

PT-2018-3697 · Poppler +4 · Poppler +4

Name of the Vulnerable Software and Affected Versions: Poppler version 0.72.0 Description: The issue is related to the PDFDoc::setup function in the PDFDoc.cc component of the Poppler library, which is used for displaying PDF files. It allows attackers to cause a denial-of-service, resulting in a...

CVE-2018-20577

Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewallSPI.exe, cgi-bin/setupremotemgmt.exe, cgi-bin/setuppass.exe, and cgi-bin/upgradep.exe CSRF. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T...

EulerOS 2.0 SP2 : setup (EulerOS-SA-2018-1421)

According to the version of the setup package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - setup: nologin listed in /etc/shells violates security expectations CVE-2018-1113 Note that Tenable Network Security has extracted the preceding...

ThunderDNS - Tool To Forward TCP Traffic Over DNS Protocol

This tool can forward TCP traffic over DNS protocol. Non-compile clients + socks5 support. Run Setting up NS records on our domain: Please wait for clearing DNS-cache. Simple server run: python3 ./server.py --domain oversec.ru Simple server run Dockerfile: docker run -e DOMAIN='' Simple client ru...

Xiaomi Mi A1 Information Disclosure Vulnerability

The Xiaomi Mi A1 is a smartphone from Chinese company Xiaomi. An information disclosure vulnerability exists in the Xiaomi Mi A1 tissotsprout version 8.1.0, OPM version 1.171019.026, and version 9.6.4.0.ODHMIFE, which stems from the device storing plaintext Wi-Fi passwords in logcat during the...

nodeCrypto - Ransomware Written In NodeJs

Ransomware written in NodeJs. Install and run git clone https://github.com/atmoner/nodeCrypto.git cd nodeCrypto && npm install You must edit first variable in index.js Once your configuration is complete, you can start the ransomware. node index.js The files at the root of the web server will...

ghostscript: Saved execution stacks can leak operator arrays (incomplete fix for CVE-2018-17183)

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183...

UBUNTU-CVE-2018-18248

Icinga Web 2 has XSS via the /icingaweb2/monitoring/list/services dir parameter, the /icingaweb2/user/list query string, the /icingaweb2/monitoring/timeline query string, or the /icingaweb2/setup query string...

UBUNTU-CVE-2018-18246

Icinga Web 2 before 2.6.2 has CSRF via /icingaweb2/config/moduledisable?name=monitoring to disable the monitoring module, or via /icingaweb2/config/moduleenable?name=setup to enable the setup module...

DEBIAN-CVE-2018-18248

Icinga Web 2 has XSS via the /icingaweb2/monitoring/list/services dir parameter, the /icingaweb2/user/list query string, the /icingaweb2/monitoring/timeline query string, or the /icingaweb2/setup query string...

DEBIAN-CVE-2018-18246

Icinga Web 2 before 2.6.2 has CSRF via /icingaweb2/config/moduledisable?name=monitoring to disable the monitoring module, or via /icingaweb2/config/moduleenable?name=setup to enable the setup module...

CVE-2018-18248

Icinga Web 2 has XSS via the /icingaweb2/monitoring/list/services dir parameter, the /icingaweb2/user/list query string, the /icingaweb2/monitoring/timeline query string, or the /icingaweb2/setup query string...

Security Bulletin: A vulnerability in setup affects PowerKVM

Summary PowerKVM is affected by a vulnerability in the setup project package. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2018-1113 DESCRIPTION: Setup Project could allow a remote attacker to bypass security restrictions, caused by an issue with adding /sbin/nologin...

Security update for openvswitch (moderate)

This update for openvswitch to version 2.7.6 fixes the following issues: These security issues were fixed: - CVE-2018-17205: Prevent OVS crash when reverting old flows in bundle commit bsc1104467. - CVE-2018-17206: Avoid buffer overread in BUNDLE action decoding bsc1104467. - CVE-2018-17204:When...

How to Set Up an Additional Hard Drive in XenServer

This article describes how to add an additional hard drive in XenServer...