HPE Security Bulletin HPESBHF03787 1 - Security vulnerabilities in HPE Intelligent Management Center (iMC) PLAT products could be exploited to allow Remote Code Execution. Revision 1 of this advisory.
048e7f04fe21a1795eaf32f8f6ee39d0f93b37113dd2f0fee5a796d0399b2d3eSync Breeze version 10.1.16 is vulnerable to a buffer overflow vulnerability, which can be exploited remotely or locally to achieve arbitrary code execution. The flaw is triggered by providing a long input into the "Destination directory" path of the application.
59c9d2495edf8a0486ff788f422643c727583429a515dece3fc0fe22ccb5eba7The vApp Manager which is embedded in EMC Unisphere for VMAX, Solutions Enabler, VASA Virtual Appliances, and EMC VMAX Embedded Management (eManagement) contains an authentication bypass vulnerability that may potentially be exploited by malicious users to compromise the affected system. Affected products include EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, and EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier).
f18d4b791aa5ab38928fc5023efe3fe370686f782ff9192339e3ecd5d208f81aEMC AppSync contains database accounts with hardcoded passwords that could potentially be exploited by malicious users to compromise the affected system. Versions prior to 3.5.0.1 are affected.
adb832e1561d998886665033dc9667b3881bbb1e7c69d63f3a0d223e4e111d17Red Hat Security Advisory 2017-3086-01 - Red Hat Proxy aStand-Alonea : Systems registered as clients to RHN via a Red Hat Satellite Proxy server are no longer a Red Hat supported deployment, and will no longer function as required.
0074a732069a5fbbd377da2677e8f112b44506bc1d2c5f1b8cb1b2762f037939Ubuntu Security Notice 3468-2 - USN-3468-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. It was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs. A local attacker in a guest VM could use this to cause a denial of service. It was discovered that the Flash-Friendly File System implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
47d0cfd351854611999665f04a62bff5bebaaf70ccb7778a12e28834ed22be13Ubuntu Security Notice 3468-1 - It was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs. A local attacker in a guest VM could use this to cause a denial of service. It was discovered that the Flash-Friendly File System implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
4351d0ac9d461f5f4d4e71ae65bcadc5bdb1901c5bd483b113516c2bb33b787aUbuntu Security Notice 3469-1 - Anthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. Bo Zhang discovered that the netlink wireless configuration interface in the Linux kernel did not properly validate attributes when handling certain requests. A local attacker with the CAP_NET_ADMIN could use this to cause a denial of service. Various other issues were also addressed.
04cc3e67a19f3ee8637e2800765e1cf7c138d3aee0e7534753e7272826f5de09Ubuntu Security Notice 3470-1 - Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build function in the Linux kernel. A local attacker could use to cause a denial of service or possibly execute arbitrary code with administrative privileges. Dmitry Vyukov discovered that a race condition existed in the timerfd subsystem of the Linux kernel when handling might_cancel queuing. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
79802aa159a36b07a77681f62d34e9d9160b1f7e1046cae1a8af43715e35697bUbuntu Security Notice 3469-2 - USN-3469-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Anthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. Various other issues were also addressed.
2581cae25d586f8b72eaa828c6ca5f97ec0fd29b3967bf2e5a8351f98d807994Ubuntu Security Notice 3468-3 - It was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs. A local attacker in a guest VM could use this to cause a denial of service. It was discovered that the Flash-Friendly File System implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
b0c7e1f5657c8f1a680373d7595b40ecf55695e2aab91e40342187daa8027ff6Microsoft Windows 10 Creators Update suffers from a 32-bit execution of ring-0 code from NULL page via NtQuerySystemInformation (class 185, Warbird functionality).
c9dba87848ba8309e2ef635f11fc4bb02d9040930b2591370ea21e0a1a27b79fUbuntu Security Notice 3459-2 - USN-3459-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 12.04 ESM. A Multiple security issues were discovered in MySQL and this update A includes new upstream MySQL versions to fix these issues. A MySQL has been updated to 5.5.58 in Ubuntu 12.04 ESM. Various other issues were also addressed.
70b7d12d84d4aa5120855332d774f53b647d9460ff4801984bc8ac3daf77b63cRed Hat Security Advisory 2017-3082-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 62.0.3202.75. Security Fix: A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.
524807a1eb1bf5c2f6d8bf017f507e705a7e2eb789944a6ac47b26f457f481c4Ubuntu Security Notice 3464-2 - USN-3464-1 fixed several vulnerabilities in Wget. This update provides the corresponding update for Ubuntu 12.04 ESM. A Antti Levomaki, Christian Jalio, and Joonas Pihlaja discovered that Wget incorrectly handled certain HTTP responses. A remote attacker could use this issue to cause Wget to crash, resulting in a denial of A service, or possibly execute arbitrary code. Various other issues were also addressed.
733a73af531d42ae891013006453221a631191deeaaf444b04f58f13f0b49b81Ubuntu Security Notice 3467-1 - It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service.
1df57a365ac818cf143477b1eb3886c6a673517536df6b6f2e33f24543f43b92Red Hat Security Advisory 2017-3081-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: A vulnerability was discovered in Tomcat's handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.
5ee983090f72ece9f5cb9792f0c4f5e3483212e72951bcc2f52b90e4f854419fRed Hat Security Advisory 2017-3080-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: A vulnerability was discovered in Tomcat's handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page.
72e971421dc578d94992998ea2583fa3d26096b02f8d1943c478536a76eccf76Gentoo Linux Security Advisory 201710-32 - Multiple vulnerabilities have been found in Apache, the worst of which may result in the loss of secrets. Versions less than 2.4.27-r1 are affected.
c4f07281c74492eeee76e5aa05668d9989fff715e4d08bed6c25d2d75755726cGentoo Linux Security Advisory 201710-31 - Multiple vulnerabilities have been found in Oracle's JDK and JRE software suites, the worst of which can be remotely exploited without authentication. Versions less than 1.8.0.152-r1 are affected.
2cf0328599c61e8d96a0c7644ff739c1e26ca5c16e25a38caa81567f6536847eGentoo Linux Security Advisory 201710-30 - Multiple vulnerabilities have been found in X.Org Server the worst of which could allow a local attacker to replace shared memory segments. Versions less than 1.19.4 are affected.
63eddffde35de0427f38fd9d9a39600951883ee472d11a47f0c8ae006c4c1d75Gentoo Linux Security Advisory 201710-29 - Multiple vulnerabilities have been found in Asterisk, the worst of which allows remote execution of arbitrary shell commands. Versions less than 11.25.3 are affected.
bbd17aa1a4e50cba5a594dc6393c36347884676996c12b476c34adadfbd094f3Gentoo Linux Security Advisory 201710-28 - A vulnerability in Jython may lead to arbitrary code execution. Versions less than 2.7.0-r2 are affected.
e334f40f5c60cd790418f9ac411648e3d33dc30481b9cbeb569a87b82da458d7PHP versions 4.2.0 and 4.2.1 suffer from an issue where depending on the processor architecture it may be possible for a remote attacker to either crash or compromise the web server.
a79bf56468ece73d79827db39c362a796db5dc8b60b2c782645b659672ab1f6bRSA Authentication Manager version 8.2 SP1 Patch 5 contains a fix for a reflected cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.
5b5645bda0f2b625a651131b4ff3abe2b01954d607cc2e4a1dd37367741a4bb6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed