Gentoo Linux Security Advisory 201701-70 - A vulnerability in Firewalld allows firewall configurations to be modified by unauthenticated users. Versions less than 0.4.3.3 are affected.
b01db2a4ec6b59d61d073b26a5bd05b21311f7a9e9d7d5d1ea9c694dbd628852
Gentoo Linux Security Advisory 201701-69 - A vulnerability in Ark might allow remote attackers to execute arbitrary code. Versions less than 16.08.3-r1 are affected.
0303989d4ac4f0368711a762fac23ffb3ac70674f07346ba031e4199d593529b
Gentoo Linux Security Advisory 201701-68 - Multiple vulnerabilities have been found in FreeImage, the worst of which may allow execution of arbitrary code. Versions less than 3.15.4-r1 are affected.
afd12c76e0ea415c629d74c8800a4d8baf9b420e07f7313b42ef2475693be9d5
Gentoo Linux Security Advisory 201701-67 - A vulnerability in a2ps' fixps script might allow remote attackers to execute arbitrary code. Versions less than 4.14-r5 are affected.
850c4c9bdb2cdbdf0c6960d05680fd9bb889bdd260eb7a3d1c1af075254fc999
Gentoo Linux Security Advisory 201701-66 - Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code. Versions less than 56.0.2924.76 are affected.
52e04e2c58672c4a25b7c2acca1b04889c2d0cf9013bdbcee71ae967ad2016fd
Ubuntu Security Notice 3165-1 - Multiple memory safety issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. Andrew Krasichkov discovered that event handlers on <marquee> elements were executed despite a Content Security Policy that disallowed inline JavaScript. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to conduct cross-site scripting attacks. Various other issues were also addressed.
a6d7c87b94507e79d2f3c6cb057b062f2bd412b17f050878ba193c58deebfa3d
Ubuntu Security Notice 3175-1 - Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. JIT code allocation can allow a bypass of ASLR protections in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.
46188327b48b69d6b7ffd9a3ce490a0967362d442ae02526db0cbdcfbd914ad8
Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1, 14.2, and -current to fix security issues.
85ffe3ab63796ac0ba8c58daa8301dc5f0256c31314a0019ca7a39313f5cd7c9
Debian Linux Security Advisory 3772-1 - Tobias Stoeckmann discovered that the libXpm library contained two integer overflow flaws, leading to a heap out-of-bounds write, while parsing XPM extensions in a file. An attacker can provide a specially crafted XPM file that, when processed by an application using the libXpm library, would cause a denial-of-service against the application, or potentially, the execution of arbitrary code with the privileges of the user running the application.
38d027668266a30db03fe09726da15863bad12586d9abf60aca9a264b9880ab6
Secunia Research has discovered a vulnerability in Oracle Outside In, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a use-after-free error within the vsvsdx.dll when processing PageHeight and PageWidth values of VSDX file, which can be exploited to corrupt memory via a specially crafted VSDX file. Successful exploitation may allow execution of arbitrary code. Versions 8.4.0, 8.5.1, 8.5.2, and 8.5.3 are affected.
9697a7c849f39a13926892d6b471d55b1281d9096e5b8186ba951919119c04ab
CA Technologies support is alerting customers about a medium risk vulnerability that may allow a local attacker to gain additional privileges with products using CA Common Services running on the AIX, HP-UX, Linux, and Solaris platforms. The vulnerability, CVE-2016-9795, occurs due to insufficient validation by the casrvc program. A local unprivileged user can exploit the vulnerability to modify arbitrary files, which can potentially allow a local attacker to gain root level access.
fc6c18b1ab288c81928a10a9339d929938fcd7120518c622254694d974c59667
EMC Data Protection Advisor contains a fix for a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system. Versions 6.1.x, 6.2, 6.2.1, 6.2.2, and 6.2.3 prior to patch 446 are affected.
1399b4c25d75885ede6ffe39eddd5e40f0959f9e9f7b40269343455100f526fb
Cordova-Android versions 6.1.1 and below suffer from an insecure transport vulnerability due to the Gradle Distribution URL not using HTTPS by default.
d6bee6780400c2c31f859d15dc8af513d4a62cec6920be28a9ec3b5477f6e910
EMC Documentum versions 4.5 and 4.6 suffer from DQL injection and cross site scripting vulnerabilities.
1fa1935776c0450f0c6cdea2c7600f969b1b60558c23fe2f89c44e6ca37d23f4
EMC Data Domain DD OS has been updated to fix a command injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versions 5.4, 5.5 family all versions prior to 5.5.5.0, 5.6 family all versions prior to 5.6.2.0, 5.7 family all versions prior to 5.7.2.10 are affected.
3719ab75a9e74d2e20d08072be2aceabafc3b494f8af1bd2a3a39707e215f405
RSA BSAFE Crypto-J versions prior to 6.2.2 suffer from improper OCSP validation and PKCS#12 timing attack vulnerabilities.
ab31c6b98b6ff07db4a9a779660f5967f97cb4172a52706352ff182ae3cb9252
EMC PowerPath Virtual Appliance is affected by a sensitive information disclosure vulnerability that may potentially be exploited by malicious users to compromise the affected system. Versions 2.0 and 2.0 SP1 are affected.
b686a3a955b58b02de9046c1ae26899038d003ce1ed99f6164b144454ff9f2e4
EMC RecoverPoint versions prior to 4.4.1.1 and 5.0 suffer from information disclosure and command injection vulnerabilities.
0ca4b3c6ebdf0150051ad3eed18350d2e8904925131165880fd50ece4d779fc2
RSA Web Threat Detection contains fixes for a cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versions 5.0, 5.1, and 5.1.2 are affected.
1c09ee7779d8cae0ef00e80b9c059864bc8bbabe7168d438d03104a558311d36
Red Hat Security Advisory 2017-0206-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 56.0.2924.76. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.
b65a958e96cc26a65d8cf6736f2c9bef3364ac50db9b295d6df9897e783dd820
Red Hat Security Advisory 2017-0200-01 - puppet-swift is the Puppet module used by Red Hat OpenStack Platform director to install OpenStack Object Storage. Security Fix: An information-disclosure flaw was discovered in Red Hat OpenStack Platform director's installation of Object Storage. During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions.
92418d426a832a17529d19b6b8e0b6781ba925a4c0c7758cb36aa08657d9f839
Red Hat Security Advisory 2017-0205-01 - In accordance with the Red Hat CloudForms Support Life Cycle Policy, support will end on February 28, 2017. Red Hat will not provide extended support for this product.
c38891228569154c466ee7137b14f64ba7bfb9744fc90c2cd7a8ba5520a838c9
Debian Linux Security Advisory 3771-1 - Multiple security issues have been found in the Mozilla Firefox web errors may lead to the execution of arbitrary code, information disclosure or privilege escalation.
d99c14028fa61a63d267e44f38d8b8fc49fc7b2804ca31dec588fe86f9a620d1
Cisco Security Advisory - A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments to a port receiving content in Passthrough content mode. An exploit could allow the attacker to overflow a buffer. If successful, the attacker could execute arbitrary code or cause a DoS condition on the affected system. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
b25ac4e0a30adf1e190b4cdde7f8af8749cd2dec6e09663e29c25b6921ea28a5
Cisco Security Advisory - A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient size validation of user-supplied data. An attacker could exploit this vulnerability by sending crafted H.224 data in Real-Time Transport Protocol (RTP) packets in an H.323 call. An exploit could allow the attacker to overflow a buffer in a cache that belongs to the received packet parser, which will result in a crash of the application, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
e38280c54046f87c9130ec4824a4152f839104804c03a19b62b8d53b7ab0c984