News

    Exploits

    Last 20 Website Defacements - Zone-h

    Advisories

    • Ubuntu Security Notice USN-4057-1 Mon, 15 Jul 2019 15:36:32 GMT
      Ubuntu Security Notice 4057-1 - Mike Salvatore discovered that Zipios mishandled certain malformed ZIP files. An attacker could use this vulnerability to cause a denial of service or consume system resources.
    • Slackware Security Advisory - bzip2 Updates Mon, 15 Jul 2019 15:36:14 GMT
      Slackware Security Advisory - New bzip2 packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
    • Ubuntu Security Notice USN-4056-1 Mon, 15 Jul 2019 15:35:54 GMT
      Ubuntu Security Notice 4056-1 - It was discovered that Exiv2 incorrectly handled certain PSD files. An attacker could possibly use this issue to cause a denial of service. It was discovered that Exiv2 incorrectly handled certain PNG files. An attacker could possibly use this issue to cause a denial of service. It was discovered that Exiv2 incorrectly handled certain CRW files. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.
    • Debian Security Advisory 4482-1 Mon, 15 Jul 2019 15:28:59 GMT
      Debian Linux Security Advisory 4482-1 - Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing, information disclosure, denial of service or cross-site request forgery.
    • Red Hat Security Advisory 2019-1777-01 Mon, 15 Jul 2019 15:24:38 GMT
      Red Hat Security Advisory 2019-1777-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.8.0. Issues addressed include cross site scripting and use-after-free vulnerabilities.
    • Ubuntu Security Notice USN-4055-1 Mon, 15 Jul 2019 15:24:19 GMT
      Ubuntu Security Notice 4055-1 - Mike Salvatore discovered that FlightCrew improperly handled certain malformed EPUB files. An attacker could potentially use this vulnerability to cause a denial of service. Mike Salvatore discovered that FlightCrew mishandled certain malformed EPUB files. An attacker could use this vulnerability to write arbitrary files to the filesystem. Mike Salvatore discovered that the version of Zipios included in FlightCrew mishandled certain malformed ZIP files. An attacker could use this vulnerability to cause a denial of service or consume system resources. Various other issues were also addressed.
    • Red Hat Security Advisory 2019-1774-01 Mon, 15 Jul 2019 15:21:31 GMT
      Red Hat Security Advisory 2019-1774-01 - Vim is an updated and improved version of the vi editor. An arbitrary command execution vulnerability has been addressed.
    • Red Hat Security Advisory 2019-1775-01 Mon, 15 Jul 2019 15:17:36 GMT
      Red Hat Security Advisory 2019-1775-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.8.0. Issues addressed include cross site scripting and use-after-free vulnerabilities.
    • Red Hat Security Advisory 2019-1771-01 Mon, 15 Jul 2019 15:17:18 GMT
      Red Hat Security Advisory 2019-1771-01 - The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support. Issues addressed include a buffer overflow vulnerability.
    • ExpressVPN Unquoted Service Path Privilege Escalation Sun, 14 Jul 2019 10:22:22 GMT
      ExpressVPN suffers from an unquoted service path privilege escalation vulnerability.
    • Debian Security Advisory 4481-1 Sat, 13 Jul 2019 18:22:22 GMT
      Debian Linux Security Advisory 4481-1 - Harsh Jaiswal discovered a remote shell execution vulnerability in ruby-mini-magick, a Ruby library providing a wrapper around ImageMagick or GraphicsMagick, exploitable when using MiniMagick::Image.open with specially crafted URLs coming from unsanitized user input.
    • Ubuntu Security Notice USN-4054-1 Fri, 12 Jul 2019 12:22:22 GMT
      Ubuntu Security Notice 4054-1 - A sandbox escape was discovered in Firefox. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass same origin restrictions, conduct cross-site scripting attacks, conduct cross-site request forgery attacks, spoof origin attributes, spoof the addressbar contents, bypass safebrowsing protections, or execute arbitrary code. Various other issues were also addressed.
    • Debian Security Advisory 4480-1 Fri, 12 Jul 2019 12:13:45 GMT
      Debian Linux Security Advisory 4480-1 - Multiple vulnerabilities were discovered in the HyperLogLog implementation of Redis, a persistent key-value database, which could result in denial of service or potentially the execution of arbitrary code.
    • Debian Security Advisory 4479-1 Fri, 12 Jul 2019 12:12:44 GMT
      Debian Linux Security Advisory 4479-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing, information disclosure, denial of service or cross-site request forgery.
    • Red Hat Security Advisory 2019-1763-01 Fri, 12 Jul 2019 12:12:06 GMT
      Red Hat Security Advisory 2019-1763-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.8.0 ESR. Issues addressed include cross site scripting and use-after-free vulnerabilities.
    • Asterisk Project Security Advisory - AST-2019-003 Fri, 12 Jul 2019 12:09:59 GMT
      Asterisk Project Security Advisory - When T.38 faxing is done in Asterisk a T.38 reinvite may be sent to an endpoint to switch it to T.38. If the endpoint responds with an improperly formatted SDP answer including both a T.38 UDPTL stream and an audio or video stream containing only codecs not allowed on the SIP peer or user a crash will occur. The code incorrectly assumes that there will be at least one common codec when T.38 is also in the SDP answer.
    • Asterisk Project Security Advisory - AST-2019-002 Fri, 12 Jul 2019 12:05:48 GMT
      Asterisk Project Security Advisory - A specially crafted SIP in-dialog MESSAGE message can cause Asterisk to crash.
    • Red Hat Security Advisory 2019-1762-01 Thu, 11 Jul 2019 23:38:37 GMT
      Red Hat Security Advisory 2019-1762-01 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. An arbitrary file read/execution vulnerability was addressed.
    • Red Hat Security Advisory 2019-1734-01 Thu, 11 Jul 2019 23:34:31 GMT
      Red Hat Security Advisory 2019-1734-01 - ironic-inspector is an auxiliary service for discovering hardware properties for a node managed by Ironic. Hardware introspection or hardware properties discovery is a process of getting hardware parameters required for scheduling from a bare metal node, given its power management credentials. Issues addressed include a remote SQL injection vulnerability.
    • Red Hat Security Advisory 2019-1743-01 Thu, 11 Jul 2019 23:34:14 GMT
      Red Hat Security Advisory 2019-1743-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include a buffer overflow vulnerability.
    • Red Hat Security Advisory 2019-1742-01 Thu, 11 Jul 2019 23:33:24 GMT
      Red Hat Security Advisory 2019-1742-01 - openstack-tripleo-common contains the python library for code common to the Red Hat OpenStack Platform director CLI and GUI.
    • Debian Security Advisory 4478-1 Thu, 11 Jul 2019 23:02:22 GMT
      Debian Linux Security Advisory 4478-1 - Two vulnerabilities were discovered in the DOSBox emulator, which could result in the execution of arbitrary code on the host running DOSBox when running a malicious executable in the emulator.
    • Microsoft DirectWrite / AFDKO dnaGrow Insufficient Integer Overflow Check Thu, 11 Jul 2019 20:55:55 GMT
      Microsoft DirectWrite / AFDKO suffers from having an insufficient integer overflow check in dnaGrow.
    • Red Hat Security Advisory 2019-1764-01 Thu, 11 Jul 2019 20:32:22 GMT
      Red Hat Security Advisory 2019-1764-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.8.0 ESR. Issues addressed include cross site scripting and use-after-free vulnerabilities.
    • Red Hat Security Advisory 2019-1765-01 Thu, 11 Jul 2019 20:32:22 GMT
      Red Hat Security Advisory 2019-1765-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.8.0 ESR. Issues addressed include cross site scripting and use-after-free vulnerabilities.