While investigating bug 60718, it was noticed that some calls to application listeners did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application. Apache Tomcat versions 7.0.0 through 7.0.75, 8.0.0.RC1 through 8.0.41, 8.5.0 through 8.5.11, and 9.0.0.M1 through 9.0.0.M17 are affected.
193ab6114148905ba8825ba1b184c06507caac43be27d616db0d37daee7cc903
The refactoring of the HTTP connectors for 8.5.x onwards, introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up. Apache Tomcat versions 8.5.0 through 8.5.12 and 9.0.0.M1 through 9.0.0.M18 are affected.
9e9a2ed68a0484d3c5eedcf6b96e3c1f556c0d256bfd0937b7b5acc81297e9ef
WebKit suffers from a cross site scripting vulnerability via a focus event and a link element.
150fd73a684ece855490a6f6c898fd1b32492efd3abf6b355ecf7177e77dc76a
Broadcom suffers from multiple memory corruption vulnerabilities in bcmdhd when handling WLFC information.
f5a58cf7ae8276a39860c6aea58e0dbe45912d3449e817de2e068153129564d2
Broadcom suffers from a heap overflow vulnerability in wl_iw_get_essid when handling WLC_GET_SSID ioctl results.
290d4f4b7d8973357ff913a822be18104af998be5b4d71d3585dfee6d09af6eb
Broadcom suffers from a heap overflow vulnerability in wl_run_escan when handling WLC_GET_VALID_CHANNELS ioctl results.
291dbbd1b6fa1f4bb1ac9db10257990a591040ae6e962893e5de0d5929b8dab6
Broadcom suffers from multiple memory corruption vulnerabilities in dhd_pno_process_anqpo_result.
b0689c637971f9d92016ed6cc9a06cc2bde2eac581f326162630e2243388a994
Broadcom suffers from a stack buffer overflow vulnerability when handling 802.11r (FT) authentication responses.
d2ef0e83678dbf66b678140acdb0c0d53f11b0be952be36eeb035b68cf4771c2
Debian Linux Security Advisory 3827-1 - Multiple vulnerabilities have been discovered in the JasPer library for processing JPEG-2000 images, which may result in denial of service or the execution of arbitrary code if a malformed image is processed.
4170f85a10bcb8468b41aabc85e4629e67fb361a2d7f3f41e41a62a5cd16a152
Red Hat Security Advisory 2017-0867-03 - In accordance with the Red Hat Virtualization 3.x Support Life Cycle Policy, support will end on September 30, 2017. Red Hat will not provide extended support for the Red Hat Virtualization Manager and Red Hat Virtualization Host.
f33b71aaa82828c0f92dc1dc044fbc3c7a4872a31e889767ee542be1189baa1c
HPE Security Bulletin HPESBGN03733 1 - A potential security vulnerability in Jakarta Multipart parser in Apache Struts has been addressed in HPE Universal CMDB. This vulnerability could be remotely exploited to allow code execution via mishandled file upload. Revision 1 of this advisory.
203b21286e8f35dd6f52eec0b3e4bbb43621d80d6ac0d878939de5e01acf4c15
Apache Ignite versions 1.0.0-RC3 through 1.8 suffer from an arbitrary file read that can be leveraged due to an eXternal Xml Entity vulnerability.
087495b3f9da905fb1b199761aceab54aedc4dac4fd57ad1a8752e7faefe80e4
Apple Security Advisory 2017-04-04-1 - Apple Music 2.0 for Android is now available and addresses a certificate validation issue.
e2d4a49ec8aa12899165073f8d711b115f575439dfdded9070be8dcfe447ab51
Asterisk Project Security Advisory - No size checking is done when setting the user field on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. This allows the possibility of remote code injection.
4f394dc143a808e8b1929549291dac026ba69e8dc9fd92c43b3dff47220e1290
The VMU-C webserver suffers from cross site request forgery, cross site scripting, access control, weak credential management, and insecure storage vulnerabilities. VMU-C EM prior to firmware Version A11_U05 and VMU-C PV prior to firmware Version A17 are affected.
1582c6722bcf37eb3cd5c16f529748ff9d4b17c5c7e4c15f8293942e38016191
LAquis SCADA version 4.1 suffers from access control issues.
86fbbd5516820667a46d0ba5ad09fd19f5f20c2b0184e3600ed71fd84482b636
DragonWave Horizon version 1.01.03 suffers from having hardcoded credentials embedded in the device.
07fb435be21a3d69e7b704cc6f1844bf8bd4a0b4dcbf64c0fbf09ed42effb437
The Apple Music Android application (version 1.2.1 and below) does not validate the SSL certificate received when connecting to the mobile application login and payment servers.
1422d48bcd8eed64fc465a014de8e359bdf5f4adb5d983d4dc5bc3f09063b2b3
Ubuntu Security Notice 3256-2 - USN-3256-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel for each of the respective prior Ubuntu LTS releases. Andrey Konovalov discovered that the AF_PACKET implementation in the Linux kernel did not properly validate certain block-size data. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
0a024b3bf399c95b2aeecc68c98b80da26d74f0a716f244a4f7a58f6f4bc64cc
Ubuntu Security Notice 3256-1 - Andrey Konovalov discovered that the AF_PACKET implementation in the Linux kernel did not properly validate certain block-size data. A local attacker could use this to cause a denial of service.
f4ca15580e67fd9476cb039ae24645bb0ce52d4a6c1d4964893c2575f2d9aa18
Red Hat Security Advisory 2017-0882-01 - V8 is Google's open source JavaScript engine. V8 is written in C++ and is used in Google Chrome, the open source browser from Google. V8 implements ECMAScript as specified in ECMA-262, 3rd edition. Security Fix: An integer-overflow flaw was found in V8's Zone class when allocating new memory and Zone::NewExpand()). An attacker with the ability to manipulate a large zone could crash the application or, potentially, execute arbitrary code with the application privileges.
b674a25c203085102059e046eef50d9ddd2935f8aeff93d3a82c1b92766c6b11
Red Hat Security Advisory 2017-0880-01 - V8 is Google's open source JavaScript engine. V8 is written in C++ and is used in Google Chrome, the open source browser from Google. V8 implements ECMAScript as specified in ECMA-262, 3rd edition. Security Fix: An integer-overflow flaw was found in V8's Zone class when allocating new memory and Zone::NewExpand()). An attacker with the ability to manipulate a large zone could crash the application or, potentially, execute arbitrary code with the application privileges.
b9bd3d751642aa95bc54de0d855132f51ca43ead478fb94dd12a4bd0281fe752
Red Hat Security Advisory 2017-0881-01 - V8 is Google's open source JavaScript engine. V8 is written in C++ and is used in Google Chrome, the open source browser from Google. V8 implements ECMAScript as specified in ECMA-262, 3rd edition. Security Fix: An integer-overflow flaw was found in V8's Zone class when allocating new memory and Zone::NewExpand()). An attacker with the ability to manipulate a large zone could crash the application or, potentially, execute arbitrary code with the application privileges.
bea0b64f2a4443e4c40404ed6aad20164128fc2a0cfcfd3afbadce45566f9ffb
Red Hat Security Advisory 2017-0879-01 - V8 is Google's open source JavaScript engine. V8 is written in C++ and is used in Google Chrome, the open source browser from Google. V8 implements ECMAScript as specified in ECMA-262, 3rd edition. Security Fix: An integer-overflow flaw was found in V8's Zone class when allocating new memory and Zone::NewExpand()). An attacker with the ability to manipulate a large zone could crash the application or, potentially, execute arbitrary code with the application privileges.
9cf7b3d5d5e9c44892f94ab840b31ca88fb08221f05cbfb0fa79ca231c9666f2
Ubuntu Security Notice 3255-1 - It was discovered that LightDM incorrectly handled home directory creation for guest users. A local attacker could use this issue to gain ownership of arbitrary directory paths and possibly gain administrative privileges.
e3c530aa3a6c8b4341919d114315f695cce907d048180f01f6fa591ffdad7621