Red Hat Security Advisory 2017-2832-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application.
f6d25e475ba88f963fde6ff80256abf19259f2246d2704c39da7cb1f4cbe6eceRed Hat Security Advisory 2017-2831-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.4.0 ESR. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
f890e6d4a2503e3c55f1573641340308744535c5bcaee7b7230a65dd9586e88cRed Hat Security Advisory 2017-2818-01 - In accordance with the Red Hat Virtualization 3.x Support Life Cycle Policy, support will end on September 30, 2017. Red Hat will not provide extended support for the Red Hat Virtualization Manager and Red Hat Virtualization Host. Customers are requested to migrate to the newer Red Hat Virtualization product prior to the end of the life cycle for Red Hat Virtualization 3.x. After September 30, 2017, technical support through Red Hatas Global Support Services will no longer be provided, other than assisting in upgrades. We encourage customers to plan their migration from Red Hat Virtualization 3.x to the latest version of Red Hat Virtualization. Please contact your Red Hat account representative if you have questions and/or concerns on this matter.
c8ac9668781707c88654fb8b7ba988adc3f1702f87b57c04ccfad1dec5d0d034HPE Security Bulletin HPESBGN03773 2 - A potential security vulnerability has been identified in Application Performance Management (BSM) Platform. The vulnerability could be remotely exploited to allow code execution. Revision 2 of this advisory.
b9537e8d57a0d231e698e3b91604a181835b850d18eb806d57883a364fa1ef95SAP Enterprise Portal versions 7.50 and below suffer from a cross site scripting vulnerability.
4503b81eaafa421596f9ee7c02f6584b28692f5ce5d6d382856e0da15b47ab1bA Linux PIE/stack corruption vulnerability exists. Most notably, all versions of CentOS 7 before 1708 (released on September 13, 2017), all versions of Red Hat Enterprise Linux 7 before 7.4 (released on August 1, 2017), and all versions of CentOS 6 and Red Hat Enterprise Linux 6 are exploitable.
e629fc1437f3afd0ad4608b004f8c31a78825d7d031176a742308b19fc02b46dDebian Linux Security Advisory 3984-1 - joernchen discovered that the git-cvsserver subcommand of Git, a distributed version control system, suffers from a shell command injection vulnerability due to unsafe use of the Perl backtick operator. The git-cvsserver subcommand is reachable from the git-shell subcommand even if CVS support has not been configured (however, the git-cvs package needs to be installed).
45c5b391bc95f3cc52114ee4a0b69f4f29bc0b3cde6352f0143c59740c21e65fEMC AppSync host plug-in on Windows platform includes a denial of service (DoS) vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versions 3.5 and below are affected.
7ebe2b6f0ac9b5e9121b9f4b3b3575a777b179ff319af54ce97240772f5fcfcbECS versions prior to 3.1 contain an undocumented account (emcservice) that is protected with a default password. This user account is intended for use by customer support representatives to troubleshoot ECS configuration issues. A remote malicious user with the knowledge of the default password could potentially login to compromise the affected system.
25337f0cf2611f718c36d835f6039844f57b35756a5bcdf2fb0cbd23997d38dbApple Security Advisory 2017-09-25-9 - macOS Server 5.4 is now available and addresses multiple vulnerabilities in FreeRADIUS.
55e8bc0b8dac96f5d4ea0c8772595685f930c0aabdaf38ed83e4aefe2c18f431Apple Security Advisory 2017-09-25-8 - iTunes 12.7 for Windows addresses code execution, memory corruption, and various other vulnerabilities.
844525a770503a5f08fcf669cfae57d133eac33ea6b77faf7a8364c493185997Apple Security Advisory 2017-09-25-7 - iTunes 12.7 addresses a backup disclosure vulnerability.
7f4987f9069c845d48314bb01725d3c4c9f6bb37294502738cde72a273a6d822Apple Security Advisory 2017-09-25-6 - tvOS 11 addresses denial of service, code execution, and various other vulnerabilities.
53eb4a2acf7b564fb6f43daa73fe1c337e985950b8484de9a126198169c002c6Apple Security Advisory 2017-09-25-5 - watchOS 4 addresses denial of service, memory corruption, and various other vulnerabilities.
d5a111413d289178bede9544ded91507b5c752cecc04b196f9d4d463c663aab9Apple Security Advisory 2017-09-25-4 - iOS 11 addresses denial of service, service impersonation, and various other vulnerabilities.
63d7ee9aed6f2dbe84b1bde7894ca17abe7eb97f4cfd69dcb8570468e235d4a4Apple Security Advisory 2017-09-25-3 - Safari 11 addresses address bar spoofing, code execution, and various other vulnerabilities.
b42508f43e48cdb9c1330f8c1a56d05183154dfbc70bdf83c126097950d887deApple Security Advisory 2017-09-25-2 - iCloud for Windows 7 is now available and addresses memory corruption, arbitrary code execution, and various other vulnerabilities.
65aaa5944b9609f7a1730e416108280016984c29dded803ab627f79f44c58986Apple Security Advisory 2017-09-25-1 - macOS High Sierra 10.13 is now available and addresses denial of service, insecure transit, and various other vulnerabilities.
56a33c5e5ed39ad993bf22ead073e39949c0c55274f11b40248081e1873fc193Broadcom suffers from denial of service and out-of-bounds read vulnerabilities in TCP KeepAlive Offloading.
0fd01faa7f991415a9981c3f63751b39f36aaeb1dec6b946eaed0cb7adfa715fBitdefender Total Security 2017 suffers from an unquoted service path vulnerability.
2826282b80d6d3b6a1814dd14a44b77fa18de68ea4d071a11564a8c58e249c79Red Hat Security Advisory 2017-2795-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable, the loader could allow part of that application's data segment to map over the memory area reserved for its stack, potentially resulting in memory corruption. An unprivileged local user with access to SUID PIE binary could use this flaw to escalate their privileges on the system.
934a940dab30a592a02e07455e3094183299356243b334ef95ac79e84914895aRed Hat Security Advisory 2017-2802-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable, the loader could allow part of that application's data segment to map over the memory area reserved for its stack, potentially resulting in memory corruption. An unprivileged local user with access to SUID PIE binary could use this flaw to escalate their privileges on the system.
bfd0689a6c80bfdd023af7ba1544e909bd3742cffc39037e70d4907f9e378ac9Red Hat Security Advisory 2017-2809-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.0.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application.
2cd12b03d2f33b5eca8602b894a216c2a22849b1ada1361fa1119aa29110e876Red Hat Security Advisory 2017-2811-01 - The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the eap7-jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 7.0.8.
4625335874434e605c89b642c9228227df29e49da115ed2ae5344ae66dd9f48cRed Hat Security Advisory 2017-2808-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.0.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application.
f6590a11f2604542166e3cc7b6db6117e23303732c6aef136befc45deb5384eb
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed