Ubuntu Security Notice 3079-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
3f3c0be66428a88f1900d81c97c626ba4ea292e883b6e36cd082e133ba0c1882Red Hat Security Advisory 2016-1865-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.635. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
cd88014e8136fe4912c761a97036f9e94891574696c2ac201502b5b33b41f3b2EMC Documentum D2 contains fix for authentication bypass that could potentially be exploited by malicious users to compromise the affected system. By exploiting this vulnerability, remote unauthenticated users could download any document from the Docbase by knowing only the r_object_id of that document. Affected includes EMC Documentum D2 versions 4.5 earlier than patch 15 and EMC Documentum D2 versions 4.6 earlier than patch 03.
f8b711fb3cd37acdb19b7ded0e6ffaa24fa21db48de448f259119829f69c42cdEMC ViPR SRM versions prior to 3.7.2 suffer from cross site request forgery, cross site scripting, brute force, and remote file upload vulnerabilities.
c4c3f37a7b7355ed7a0f1f84276bb201809cad149d6a71b93db2e99a89a30789This bulletin summary lists fourteen released Microsoft security bulletins for September, 2016.
24e69cf37393fa5d0b669a91818d9a0355ca984bcced40a8c16cbe8fbbefe726Apache Shiro versions prior to 1.3.2, when using a non-root servlet context path, allowed specifically crafted requests can be used to bypass some security servlet filters, resulting in unauthorized access.
922a5e1fd7a8d3e74cc2b4e09d237b3dd41e4acc621099a0adf20ff10239e9c8HP Security Bulletin HPSBST03640 1 - A potential security vulnerability has been identified in HP XP7 Command View Advance Edition Suite (CVAE) using Replication Manager (RepMgr) and Device Manager (DevMgr). This vulnerability could be locally exploited to allow access restriction bypass. Revision 1 of this advisory.
4af49f4c877c915fbebd9055f890d3255a1bd47b5b7e508f79f17ad85d1ccdd8HP Security Bulletin HPSBGN03572 1 - A potential vulnerability has been identified in HPE Performance Center. The vulnerability could cause remote user validation failure. Revision 1 of this advisory.
714f9dc1cb140c3e1a6781191341cb64eb8d677cd760040a74a5a00bc543878fUbuntu Security Notice 3078-1 - Dawid Golunski discovered that MySQL incorrectly handled configuration files. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. MySQL has been updated to 5.5.52 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 16.04 LTS has been updated to MySQL 5.7.15. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
70fb5a6644f34b6d550d78bb097b4a44cfd9878ed35cb234d7e3bd0d2a2d75a8Red Hat Security Advisory 2016-1856-01 - Ruby on Rails is a model-view-controller framework for web application development. Action View implements the view component. Security Fix: It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting attack.
b0341ca2ab1e5f356ac596459438c2dfa0c9b08c3f6fa314e3310209d709e77aRed Hat Security Advisory 2016-1855-01 - Ruby on Rails is a model-view-controller framework for web application development. Action View implements the view component, and Active Record implements the model component. Security Fix in rubygem-actionview: It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting attack.
70bb64dcf8c9353bcb21bba544ed3251626be8563e6c58b30053f444f633ede9Red Hat Security Advisory 2016-1857-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Security Fix: It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting attack.
ff94a8072670dd5e02057584a6ffb4f6febe917dd05953502954fe95f960dfe7Red Hat Security Advisory 2016-1858-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Security Fix: It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting attack.
9d3e8c4dd25e586408c85a6de8a2a349896b9f80ce49b91e648a10f476e7e84fUbuntu Security Notice 3077-1 - A vulnerability was discovered in the OpenJDK JRE related to data integrity. An attacker could exploit this to expose sensitive data over the network or possibly execute arbitrary code. Multiple vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. A vulnerability was discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit this to expose sensitive data over the network. Various other issues were also addressed.
48f0ce658c7c8fdce57f43905c3dfde4c291c365191c6170fbd1123432616b35Red Hat Security Advisory 2016-1851-01 - This release of Red Hat JBoss Core Services Service Pack 1 serves as a replacement for JBoss Core Services Apache HTTP Server. Security Fix: It was discovered that Apache HTTP Server used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.
141013276aaca0bcca5001a6029bcbf18608534cfc68f348f32f7a7649bd9dc0Red Hat Security Advisory 2016-1850-01 - The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix: A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive.
711241662188f0c0cfb9c91a6f39f28a53a23f91e708e6da3698d03b733d5d3aRed Hat Security Advisory 2016-1844-01 - The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix: A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive.
ecc02ac8c19e821e663da1602fbb4cbf585f0740fa7472a450e18bdab7e321d2Red Hat Security Advisory 2016-1854-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 53.0.2785.89. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.
d1764d6099ef14b9048946372d5eb3cbfbff5f089a8b9c21d6168232981a066eRed Hat Security Advisory 2016-1852-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. Security Fix: A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive.
a67fa6324f51166b5e46df16d623948599e9407fc77a2052b844c253d114f9b7Red Hat Security Advisory 2016-1853-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform- as-a-Service solution designed for on-premise or private cloud deployments. Security Fix: When processing an archive file that contains an archive entry with type 1 but also having a non-zero data size a file overwrite can occur. This would allow an attacker that can pass data to an application that uses libarchive to unpack it to overwrite arbitrary files with arbitrary data.
d96a27f2b704504db8e35fa4b9580c5b8c0477cd80699ab6ccab2d27dfd407fcSlackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
6d370eaf47671123ec53c8c465bf85d2e6c0eedc97b5cd8b7ba8dc522ab16261Ubuntu Security Notice 3075-1 - Jakub Wilk discovered an out of bounds read in the GIF loader implementation in Imlib2. An attacker could use this to cause a denial of service or possibly obtain sensitive information. Yuriy M. Kaminskiy discovered an off-by-one error when handling coordinates in Imlib2. An attacker could use this to cause a denial of service. Various other issues were also addressed.
676ef4625126d8b1c00b05c6126c8584525739c50dcdf9ca1913e768daed5ad0Asterisk Project Security Advisory - The overlap dialing feature in chan_sip allows chan_sip to report to a device that the number that has been dialed is incomplete and more digits are required. If this functionality is used with a device that has performed username/password authentication RTP resources are leaked. This occurs because the code fails to release the old RTP resources before allocating new ones in this scenario. If all resources are used then RTP port exhaustion will occur and no RTP sessions are able to be set up.
97fcad4b2cc395997d99694e3df652f77ddb75c1bf9f3258efb47206a678a1c1Asterisk Project Security Advisory - Asterisk can be crashed remotely by sending an ACK to it from an endpoint username that Asterisk does not recognize. Most SIP request types result in an "artificial" endpoint being looked up, but ACKs bypass this lookup. The resulting NULL pointer results in a crash when attempting to determine if ACLs should be applied. This issue was introduced in the Asterisk 13.10 release and only affects that release.
4fed701bc3c34b63cb35edd8fe1f32e85f372f14481d360d07df779759acb717Samsung SystemUI fimg2d driver suffers from a null pointer dereference vulnerability.
5078f08a5818485da8db3f5b0d45965d8daf96f6c90003d8eae14f1610f7bba2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed