Debian Linux Security Advisory 3856-1 - Two vulnerabilities have been discovered in the web interface of the Deluge BitTorrent client (directory traversal and cross-site request forgery).
ffd4b2a7a8f00187b94f35a5055d76e483f4645d61a3bcd2ed54463b4ab27be8
HPE Security Bulletin HPESBGN03748 1 - A potential security vulnerability has been identified in HPE Cloud Optimizer. The vulnerability could be remotely exploited resulting in disclosure of information. Revision 1 of this advisory.
7483e63110b0bf1c8c541a2f924bb2bf09ca0c60d99d6ea43f0e7571351d4d97
Ceragon FibeAir IP-10 versions 7.2.0 and below suffer from a hidden user backdoor vulnerability.
19d0253d67bfd5628b69787c405f7a3c2992c6236010db3ca5711b8a3408d169
Western Digital TV Media Player version 1.03.07 suffers from file upload, local file inclusion, cross site request forgery, private key issue, remote SQL injection, and other vulnerabilities.
385687d49d2c40482bc4095866410a41b9a17b1428c065bcb0a4be85c09e9a45
Red Hat Security Advisory 2017-1256-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.15 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.14, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.
66a0b9ebd91f3d58b18c164ce18f959b822d47b029a739de04202319a8322641
Red Hat Security Advisory 2017-1253-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.15 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.14, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.
5a4ec3b1227c9241673259dff46a3a8629ad441ccc88aaeb18290d488426c5d1
Red Hat Security Advisory 2017-1259-01 - Spacewalk is an Open Source systems management solution that provides system provisioning, configuration and patching capabilities. Security Fix: It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py.
42ce9b171df841e7dba3df7165abf9639f62c061e6efdad41a6d0829ddcebc04
Ubuntu Security Notice 3275-3 - USN-3275-2 fixed vulnerabilities in OpenJDK 7. Unfortunately, the update introduced a regression when handling TLS handshakes. This update fixes the problem. It was discovered that OpenJDK improperly re-used cached NTLM connections in some situations. A remote attacker could possibly use this to cause a Java application to perform actions with the credentials of a different user. Various other issues were also addressed.
b6267488b59a31e9e6e0acbee223e59d7a111c146fc457952a554fc22c390435
Ubuntu Security Notice 3295-1 - It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user or automated system using JasPer were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.
b62194c8b668f64ae29e7257348391b5c012a8addd0decc9b4f7c298876675a3
Red Hat Security Advisory 2017-1255-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.15 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.14, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.
908877da3f1cfc9dfca69965316818a94445a7d83eafed2908514e284a7b6ae4
Red Hat Security Advisory 2017-1260-01 - The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.15. Security Fix: It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.
f8dede59460b3e91131da210ce201d95cfb51359708c5aedfa61beace085aa8c
Red Hat Security Advisory 2017-1254-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.15 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.14, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.
4a6d3b6826b17d73c6e89756d374ffc7b8d743c626ed1841cace3e0cb5b75665
Kodak InSite versions 6.5. through 8.0 suffer from a cross site scripting vulnerability.
edfdb5072d2100ae5816327aa1047bf156b40a14eb41a16b1e0dfe93a6055864
Nixauditor is a script to audit linux and unix distributions based mainly on the CIS standards and universal linux hardening guidelines.
c895b4f499689b377e4a2360b02832996b972639b6e2ed8b1a1c145eefa9cfa1
WhatsApp Messenger for Android does not delete sent and received files from the SD card on the device when chats are cleared, deleted or the application is uninstalled from the device. Additionally, the application stores sent and received files in the SD card without encryption where they are accessible to any applications with storage permissions.
33e5802bd2f7506103d2ccc503733ef058009d057af1f25c56e0615d0d99772f
Belden GarrettCom 6K and 10KT series suffer from suffers from buffer overflow, authentication bypass, information disclosure, and other vulnerabilities.
49d1717295169be58fe33b4c7d8306f29f0d9e8f045dbaf9cda485d36d3f2e48