HP Security Bulletin HPSBGN03690 1 - A security vulnerability in DES/3DES block ciphers used in the TLS protocol, could potentially impact HPE Real User Monitor (RUM) resulting in remote disclosure of information also known as the SWEET32 attack. Revision 1 of this advisory.
499401e9b3798c5862cad1c516d6613ef4e05c3689810a8048252b9e10f61d84Gentoo Linux Security Advisory 201701-63 - Multiple vulnerabilities have been found in Graphite, the worst of which could lead to the remote execution of arbitrary code. Versions less than 1.3.7 are affected.
757f34c27a3b3147e33cf6b8228d59efe5f86a09ecd02431cd1f5343997a83f3Red Hat Security Advisory 2017-0184-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. Security Fix: It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server.
6b95d7c39326ecdc070d235d6eb88d47e3ed59e34b79040f2687f4d36864d0cbGentoo Linux Security Advisory 201701-62 - Multiple vulnerabilities have been discovered in Firejail, the worst of which may allow privilege escalation. Versions less than 0.9.44.4 are affected.
21161973f4925d204f0c1cb57cc4a5a2e4c1208b6b49557b194d4c472e3bbcd4Gentoo Linux Security Advisory 201701-61 - Multiple vulnerabilities have been discovered in WebP, the worst of which could allow a remote attacker to cause a Denial of Service condition. Versions less than 0.5.2 are affected.
9d6173928598f1a38f935a7e45925b4bb0aba0568c3d04741bc0870e0a243bfaRed Hat Security Advisory 2017-0183-01 - The squid34 packages provide version 3.4 of Squid, a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a specially crafted request to an HTTP server via the squid proxy and steal private data from other connections.
81ac7d06a59f0b25477bb41bcc1ad6a82d5559631aad25a4bfac59beb1b49ab8Gentoo Linux Security Advisory 201701-60 - Multiple vulnerabilities have been found in LibRaw, the worst of which may allow attackers to execute arbitrary code. Versions less than 0.17.1 are affected.
ae54a5639c508a3464efc2a2fb368ba2e7ca4be0f6a2472dd93fb8414c827ed5Red Hat Security Advisory 2017-0182-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a specially crafted request to an HTTP server via the squid proxy and steal private data from other connections.
7a6354e81530268f91cd7e92e13667bfaaa9c5f40c09d70361ca4ffd11b76dd7Gentoo Linux Security Advisory 201701-59 - Multiple vulnerabilities have been found in ADOdb, all of which could allow remote attackers to execute arbitrary code. Versions less than 5.20.9 are affected.
96d23397d095ac0be200a53ac32ead1febd86ca1941231b7ea7a3d4a8865b433Gentoo Linux Security Advisory 201701-58 - Multiple vulnerabilities have been found in ICU, the worst of which could cause a Denial of Service condition. Versions less than 58.1 are affected.
af165b910b9cab0e90eb6f51d53cf32db133c0f1824a7c73288c366552b3bf6bRSA Security Analytics versions prior to 10.6.2 suffers from a cross site scripting vulnerability.
29f3df9a582d5fc126a13ddd2ca653246e51d0d92232e8210ef0277dd28c4102Gentoo Linux Security Advisory 201701-57 - Multiple vulnerabilities have been discovered in T1Lib, the worst of which could lead to remote execution of arbitrary code. Versions less than 5.1.2-r1 are affected.
b2873c49c9fb6b6a50355619b845a09f6eee18b440a36822021f1f915877e044Ubuntu Security Notice 3176-1 - Peter Wu discovered that the PC/SC service did not correctly handle certain resources. A local attacker could use this issue to cause PC/SC to crash, resulting in a denial of service, or possibly execute arbitrary code with root privileges.
79deb34b38677f7ec730420c31bde38600894161d0a441be4782efed4bd79845Ubuntu Security Notice 3177-1 - It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn't exist. A remote attacker could possibly use this issue to enumerate usernames. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Alvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly limited use of a certain utility method. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Various other issues were also addressed.
2713577ab03cb9b5c070b7a23a9b0c6daedc179f766b08f40cfeaa05ec2a47d5Apple Security Advisory 2017-01-23-6 - iCloud for Windows 6.1.1 is now available and addresses multiple code execution issues.
477fd6a85d8b6b9bb90e81d561e0b9c67141cbe619e48a94d45323df17982caaApple Security Advisory 2017-01-23-5 - Safari 10.0.3 is now available and addresses spoofing, data exfiltration, and various other security vulnerabilities.
9380ba037cb7a4a08a6957da5be6a90a85229a9d5a4279cc9e45ce3958bfe552Apple Security Advisory 2017-01-23-4 - tvOS 10.1.1 is now available and addresses buffer overflow, code execution, and various other security vulnerabilities.
d752960214514544ebcbcd5838b9d16b7826312ba8c694a44be4a74ac8b34f4cApple Security Advisory 2017-01-23-3 - watchOS 3.1.3 is now available and addresses memory corruption and various other security vulnerabilities.
e7398c9697427aff5db86c0043f8a99f108c5d8a3a6b00ffdda93d155b08b2b3Apple Security Advisory 2017-01-23-2 - macOS 10.12.3 is now available and addresses suffers from code execution and various other security vulnerabilities.
4c40e5dbd35093797941e97f507065322698c00b5f58f1d348c313103335398bApple Security Advisory 2017-01-23-1 - iOS 10.2.1 is now available and addresses logic issues, code execution, and multiple other security vulnerabilities.
526fa3d6cc515f743f6765a22e9a42436711edaa61feea64ad14319fabe71274EMC Avamar Data Store and Avamar Virtual Edition versions 7.3.0 and 7.3.1 suffer from a privilege escalation vulnerability due to incorrect file ownership.
3452d34bb60a8daed5458ff0b1af8a783e6b9a127d553f891e024e92dd11f421Gentoo Linux Security Advisory 201701-50 - A buffer overflow in PPP might allow remote attackers to cause a Denial of Service condition. Versions less than 2.4.7-r3 are affected.
eb839c40e3c3da25cc0f784f5c0a4545dfb3af6a4cb262819603922a07a75415Gentoo Linux Security Advisory 201701-49 - Multiple vulnerabilities have been found in QEMU, the worst of which could cause a Denial of Service condition. Versions less than 2.8.0 are affected.
0e2d539d14e347d3bf17b029ab30f28001e77ddbe1f75f7299d20d446e40dd7dDebian Linux Security Advisory 3770-1 - Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.29.
8675c048dd99d17d64d771f7aaa5918891cf5178ffc7734af67a04d699122395Debian Linux Security Advisory 3769-1 - Dawid Golunski from LegalHackers discovered that PHP Swift Mailer, a mailing solution for PHP, did not correctly validate user input. This allowed a remote attacker to execute arbitrary code by passing specially formatted email addresses in specific email headers.
e2e5a3534d3f83b584d03a5b7dd5fb7a5576f54026746b097bbbf993c3200eb9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed