Arq Backup versions 5.9.6 and below suffer from a local root privilege escalation vulnerability.
a8078489ae3112377e923fe44809106e30c34682850a4d772cca05762de49e97Ubuntu Security Notice 3503-1 - It was discovered that Evince incorrectly handled printing certain DVI files. If a user were tricked into opening and printing a specially-named DVI file, an attacker could use this issue to execute arbitrary code.
d201d39d2c1d2e1dd7df93da31a662f8729f1bb83bd87f72a0835d00eb9267ceUbuntu Security Notice 3498-2 - USN-3498-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that curl incorrectly handled FTP wildcard matching. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive information. Various other issues were also addressed.
79d356ac424465ef01183fafcb141ab4f90d0f1d251560a42551d753495ae1faRed Hat Security Advisory 2017-3382-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.5.1 ESR. Security Fix: A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting and would persist across multiple sessions. A malicious website could exploit the flaw to bypass private-browsing protections and uniquely fingerprint visitors.
2324e95575ad13c5583017748ce56a49920dd2b8c7fd3bc8aea8d907e070afdcRed Hat Security Advisory 2017-3379-01 - The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Security Fix: It was found that sssd's sysdb_search_user_by_upn_res() function did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it.
dea99acda0368239d3aafad33e3fc3ca13f9ec7dc4fe436b72b967535a811c17Red Hat Security Advisory 2017-3375-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 7.2 was retired as of November 30, 2017, and active support is no longer provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 7.2 EUS after November 30, 2017.
ac590f84fc989afb28d216e52afec1e31806d31279d556a1a0c5106a9c331c05Red Hat Security Advisory 2017-3376-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Telecommunications Update Service for Red Hat Enterprise Linux 6.5 was retired as of November 30, 2017, and active support is no longer provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.5 TUS after November 30, 2017.
b82cb752a46cf1a6813549e6ea109a70eeeb635fe08dba14bc05ec91648cc8d9Amazon Audible suffers from a dll hijacking vulnerability.
d06335d1506e97d7df0b428d5f73ff5ba77d5927e57dc2c61decf3c756986aa60d1n is a web security tool for fuzzing various HTTP/S payloads. It's written in C and uses libcurl.
b5f6f8044dd14a4c09f0287b29a8ead5e3e80ad65b1270dc22eaa09ca077c1dcTor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
6e1b04f7890e782fd56014a0de5075e4ab29b52a35d8bca1f6b80c93f58f3d26Red Hat Security Advisory 2017-3372-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.5.0. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
6b1d275afe40471b45a0ce2400da019aa8aa6e21260f9401fa33d98774aa13aaOpenEMR version 5.0.0 suffers from code execution and cross site scripting vulnerabilities.
cb323afd4eb9936c8fd21b2415f3e7b565e714471a0bae50bb61af03fdd63c92WAGO PFC 200 Series suffers from multiple unauthenticated access bypass vulnerabilities.
2c11a47b7528a16c740e127eb7874b0b322256809e96287c94d0d4c80bcc54cfFortiGate SSL VPN Portal versions 5.6.2 and below, 5.4.6 and below, 5.2.12 and below, and 5.0 and below suffer from a cross site scripting vulnerability.
b2d5f1ba485a9729c93cfe8c29db752eb3863fb1cf9c67796c558e28b07dd9e9Asterisk Project Security Advisory - If the chan_skinny (AKA SCCP protocol) channel driver is flooded with certain requests it can cause the asterisk process to use excessive amounts of virtual memory eventually causing asterisk to stop processing requests of any kind.
6c078a611791f3370bae6360f94dc066396a952b66d50dee0290bc8009744060
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed