marzo 2018 – Página 10 – Javier García

19 marzo, 2018

Site Editor <= 1.1.1 – Local File Inclusion (LFI)

More info: https://wpvulndb.com/vulnerabilities/9044

19 marzo, 2018

WP Site Protect 1.0 – Cross-Site Scripting (XSS)

More info: https://wpvulndb.com/vulnerabilities/9046

18 marzo, 2018

DSA-4142 uwsgi – security update

Marios Nicolaides discovered that the PHP plugin in uWSGI, a fast,self-healing application container server, does not properly handle aDOCUMENT_ROOT check during use of the --php-docroot option, allowing aremote attacker to mount a directory traversal attack and gainunauthorized read access to sensitive files located outside of the webroot directory. More info: https://www.debian.org/security/2018/dsa-4142

18 marzo, 2018

DSA-4144 openjdk-8 – security update

Several vulnerabilities have been discovered in OpenJDK, animplementation of the Oracle Java platform, resulting in denial ofservice, sandbox bypass, execution of arbitrary code, incorrectLDAP/GSS authentication, insecure use of cryptography or bypass ofdeserialisation restrictions. More info: https://www.debian.org/security/2018/dsa-4144

18 marzo, 2018

DSA-4143 firefox-esr – security update

Richard Zhu and Huzaifa Sidhpurwala discovered that an out-of-boundsmemory write when playing Vorbis media files could result in theexecution of arbitrary code. More info: https://www.debian.org/security/2018/dsa-4143

17 marzo, 2018

DSA-4139 firefox-esr – security update

Several security issues have been found in the Mozilla Firefox webbrowser: Multiple memory safety errors and other implementation errorsmay lead to the execution of arbitrary code, denial of service orinformation disclosure. More info: https://www.debian.org/security/2018/dsa-4139

17 marzo, 2018

DSA-4141 libvorbisidec – security update

Huzaifa Sidhpurwala discovered that an out-of-bounds memory write in thecodebook parsing code of the Libtremor multimedia library could resultin the execution of arbitrary code if a malformed Vorbis file is opened. More info: https://www.debian.org/security/2018/dsa-4141

17 marzo, 2018

DSA-4140 libvorbis – security update

Richard Zhu discovered that an out-of-bounds memory write in thecodebook parsing code of the Libvorbis multimedia library could resultin the execution of arbitrary code if a malformed Vorbis file is opened. More info: https://www.debian.org/security/2018/dsa-4140

16 marzo, 2018

WP Support Plus Responsive Ticket System <= 9.0.2 – Multiple Authenticated SQL Injection

More info: https://wpvulndb.com/vulnerabilities/9041

16 marzo, 2018

Linux kernel vulnerabilities CVE-2015-4170, CVE-2015-6526, and CVE-2015-7837

Linux kernel vulnerabilities CVE-2015-4170, CVE-2015-6526, and CVE-2015-7837. Security Advisory. Security Advisory Description. ... More info: https://support.f5.com/csp/article/K12903841