accept no compromises
Showing 1 - 25 of 160 RSS Feed

Files

Red Hat Security Advisory 2017-1839-01
Posted Jul 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1839-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Security Fix: A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2017-7525
MD5 | 5cc448b43527b3900ed58e12d5861af8
Ubuntu Security Notice USN-3372-1
Posted Jul 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3372-1 - It was discovered that NSS incorrectly handled certain empty SSLv2 messages. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update causes NSS to limit use of the same symmetric key. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2016-2183, CVE-2017-7502
MD5 | ab98a35fa8ae3d8507d56b71d1998766
Red Hat Security Advisory 2017-1834-01
Posted Jul 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1834-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.0.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.6, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References. Security Fix: A deserialization flaw was discovered in jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of the ObjectMapper.

tags | advisory, java, code execution
systems | linux, redhat
advisories | CVE-2016-4978, CVE-2017-7525
MD5 | 22a0255bff9a6fd139fe7c5138dd8769
Red Hat Security Advisory 2017-1837-01
Posted Jul 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1837-01 - The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the eap7-jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 7.0.7.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2016-4978, CVE-2017-7525
MD5 | 0c9ff400d91d6d1099ed1adc9a4d2115
Red Hat Security Advisory 2017-1838-01
Posted Jul 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1838-01 - PostgreSQL is an advanced object-relational database management system. Security Fix: It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-7484, CVE-2017-7485, CVE-2017-7486
MD5 | 0f2190fe29afc319e7619f1b0cd2b8eb
Ubuntu Security Notice USN-3373-1
Posted Jul 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3373-1 - Emmanuel Dreyfus discovered that third-party modules using the ap_get_basic_auth_pw function outside of the authentication phase may lead to authentication requirements being bypassed. This update adds a new ap_get_basic_auth_components function for use by third-party modules. Vasileios Panopoulos discovered that the Apache mod_ssl module may crash when third-party modules call ap_hook_process_connection during an HTTP request to an HTTPS port. Various other issues were also addressed.

tags | advisory, web
systems | linux, ubuntu
advisories | CVE-2016-8743, CVE-2017-3167, CVE-2017-3169, CVE-2017-7668, CVE-2017-7679
MD5 | a4c4025dab59dae6931ec8faed33573f
Red Hat Security Advisory 2017-1835-01
Posted Jul 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1835-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.0.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.6, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References. Security Fix: A deserialization flaw was discovered in jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of the ObjectMapper.

tags | advisory, java, code execution
systems | linux, redhat
advisories | CVE-2016-4978, CVE-2017-7525
MD5 | 57b5b4fda7c2330aef55b7230594da48
Ubuntu Security Notice USN-3374-1
Posted Jul 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3374-1 - It was discovered that RabbitMQ incorrectly handled MQTT authentication. A remote attacker could use this issue to authenticate successfully with an existing username by omitting the password.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2016-9877
MD5 | 6685b33f1d0776f697501b2adfe43a88
Red Hat Security Advisory 2017-1840-01
Posted Jul 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1840-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Security Fix: A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2017-7525
MD5 | ce831e15241f2e98fe5b3da5f4934071
Ubuntu Security Notice USN-3363-2
Posted Jul 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3363-2 - USN-3363-1 fixed vulnerabilities in ImageMagick. The update caused a regression for certain users when processing images. The problematic patch has been reverted pending further investigation. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
MD5 | c0e883034c5e99b28eac5ed3d0e564c4
Ubuntu Security Notice USN-3366-2
Posted Jul 31, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3366-2 - USN-3366-1 fixed vulnerabilities in OpenJDK 8. Unfortunately, that update introduced a regression that caused some valid JAR files to fail validation. This update fixes the problem. It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a jpeg image file that when opened by a Java application would cause a denial of service. Various other issues were also addressed.

tags | advisory, java, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10078, CVE-2017-10081, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10115, CVE-2017-10116, CVE-2017-10118, CVE-2017-10135, CVE-2017-10176, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243
MD5 | 2a9baab186741fe731fd0793a6248350
Red Hat Security Advisory 2017-1833-01
Posted Jul 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1833-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 60.0.3112.78. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-5091, CVE-2017-5092, CVE-2017-5093, CVE-2017-5094, CVE-2017-5095, CVE-2017-5096, CVE-2017-5097, CVE-2017-5098, CVE-2017-5099, CVE-2017-5100, CVE-2017-5101, CVE-2017-5102, CVE-2017-5103, CVE-2017-5104, CVE-2017-5105, CVE-2017-5106, CVE-2017-5107, CVE-2017-5108, CVE-2017-5109, CVE-2017-5110, CVE-2017-7000
MD5 | 6f581973a0b25c1f61ceac994c4f5e46
Red Hat Security Advisory 2017-1833-01
Posted Jul 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1833-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 60.0.3112.78. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-5091, CVE-2017-5092, CVE-2017-5093, CVE-2017-5094, CVE-2017-5095, CVE-2017-5096, CVE-2017-5097, CVE-2017-5098, CVE-2017-5099, CVE-2017-5100, CVE-2017-5101, CVE-2017-5102, CVE-2017-5103, CVE-2017-5104, CVE-2017-5105, CVE-2017-5106, CVE-2017-5107, CVE-2017-5108, CVE-2017-5109, CVE-2017-5110, CVE-2017-7000
MD5 | 8d1af10363015e60e6ec7083f2de8964
Spider Player 2.5.3 DLL Hijacking
Posted Jul 29, 2017
Authored by Ye Yint Min Thu Htut

Spider Player version 2.5.3 suffers from a dll hijacking vulnerability.

tags | advisory
systems | windows
MD5 | af72530d6843a4b774d276db0bacc5c4
FTP Commander 8.02 DLL Hijacking
Posted Jul 29, 2017
Authored by Ye Yint Min Thu Htut

FTP Commander version 8.02 suffers from a dll hijacking vulnerability.

tags | advisory
systems | windows
MD5 | 7c3e0cb6cc1e25e5777d095f3a52b663
Ubuntu Security Notice USN-3371-1
Posted Jul 28, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3371-1 - It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. Alexander Potapenko discovered a race condition in the Advanced Linux Sound Architecture subsystem in the Linux kernel. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-9900, CVE-2017-1000380, CVE-2017-7346, CVE-2017-9605
MD5 | 5391562066bac61b8e2c8c8b2110eced
IBM Bluemix Broken Mutual TLS Authentication
Posted Jul 28, 2017
Authored by Oscar Martinez

IBM Bluemix suffers from a broken mutual TLS authentication vulnerability.

tags | advisory
MD5 | 855b313d6df245ff57d3c7e9016886c6
Ubuntu Security Notice USN-3370-1
Posted Jul 27, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3370-1 - Robert Swiecki discovered that the Apache HTTP Server mod_auth_digest module incorrectly cleared values when processing certain requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial or service, or possibly obtain sensitive information.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2017-9788
MD5 | 0351992c5c6292755bb3ff9a1fe16e1c
Ubuntu Security Notice USN-3369-1
Posted Jul 27, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3369-1 - Guido Vranken discovered that FreeRADIUS incorrectly handled memory when decoding packets. A remote attacker could use this issue to cause FreeRADIUS to crash or hang, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-10978, CVE-2017-10979, CVE-2017-10980, CVE-2017-10981, CVE-2017-10982, CVE-2017-10983, CVE-2017-10984, CVE-2017-10985, CVE-2017-10986, CVE-2017-10987
MD5 | c5dbb1add58a9a9ecbad68f218906843
Microsoft Security Bulletin CVE Update For July, 2017
Posted Jul 27, 2017
Site microsoft.com

This Microsoft bulletin summary lists multiple CVEs that have undergone a major revision increment.

tags | advisory
advisories | CVE-2017-8571, CVE-2017-8572, CVE-2017-8663
MD5 | c7609df1d0bcb1039bdc7939ff555614
Red Hat Security Advisory 2017-1809-01
Posted Jul 27, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1809-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. A vulnerability was discovered in Tomcat. When running an untrusted application under a SecurityManager it was possible, under some circumstances, for that application to retain references to the request or response objects and thereby access and/or modify information associated with another web application.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2017-5648, CVE-2017-5664
MD5 | a22634735b657874e95519653118885f
Ubuntu Security Notice USN-3366-1
Posted Jul 26, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3366-1 - It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a jpeg image file that when opened by a Java application would cause a denial of service. It was discovered that the JAR verifier in OpenJDK did not properly handle archives containing files missing digests. An attacker could use this to modify the signed contents of a JAR file. Various other issues were also addressed.

tags | advisory, java, denial of service
systems | linux, ubuntu
advisories | CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10078, CVE-2017-10081, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10115, CVE-2017-10116, CVE-2017-10118, CVE-2017-10135, CVE-2017-10176, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243
MD5 | 658e7009018bea7fcaaa8f27548c347b
HP Security Bulletin HPESBHF03765 1
Posted Jul 26, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBHF03765 1 - Potential security vulnerabilities in OpenSSL have been addressed in HPE Network Products including Comware v7 that is applicable for ConvergedSystem 700 solutions. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or disclosure of sensitive information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176
MD5 | c683a7b3bfd4e5f33311dd9c4610914c
Ubuntu Security Notice USN-3368-1
Posted Jul 26, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3368-1 - It was discovered that libiberty incorrectly handled certain string operations. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. It was discovered that libiberty incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-2226, CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4491, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131
MD5 | a499ba39c7aaf4f7e4c5320fc92b569a
Ubuntu Security Notice USN-3367-1
Posted Jul 26, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3367-1 - Hanno Bock discovered that gdb incorrectly handled certain malformed AOUT headers in PE executables. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. It was discovered that gdb incorrectly handled printing bad bytes in Intel Hex objects. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-8501, CVE-2014-9939, CVE-2016-2226, CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4491, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131
MD5 | 47b1d523dac4f2073a7f6fe03eaf06e7
Page 1 of 7
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Millions Of High Security Crypto Keys Crippled By Newly Discovered Flaw
Posted Oct 16, 2017

tags | headline, flaw, cryptography
Pizza Hut Latest To Be Hit In Card Data Breach
Posted Oct 16, 2017

tags | headline, hacker, privacy, bank, cybercrime, data loss, fraud
Artificial Intelligence - Hype, Hope, And Fear
Posted Oct 16, 2017

tags | headline, botnet, cyberwar
KRACK Attacks: Breaking WPA2 By Forcing Nonce Reuse
Posted Oct 16, 2017

tags | headline, privacy, phone, wireless, flaw, cryptography
Even Pokemon Go Was Used By Russia To Meddle In The Election
Posted Oct 13, 2017

tags | headline, government, usa, russia, cyberwar
US Voices Frustration With Warrant-Proof Encryption
Posted Oct 13, 2017

tags | headline, government, privacy, usa, cryptography
An Unknown Hacker Stole Sensitive Data On Australia's War Planes
Posted Oct 13, 2017

tags | headline, hacker, government, australia, data loss, cyberwar
Legacy Office Feature Used In Novel Document Attacks
Posted Oct 13, 2017

tags | headline, hacker, malware, microsoft, flaw
Equifax Rival TransUnion Also Sends Site Visitors To Malicious Pages
Posted Oct 12, 2017

tags | headline, malware
The Myth Of Responsible Encryption: Experts Say It Can't Work
Posted Oct 12, 2017

tags | headline, government, backdoor, cryptography
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close