The Windows Attachment Manager does not correctly handle JAR files marked as high risk when accessed via Internet Explorer 11.
55d6f4555285c911f938d1c94208c74030f6f4131f6a8f5b3412527ade760885Bamboo versions prior to 6.0.5, 6.1.4, and 6.2.1 suffer from a code execution vulnerability.
5122ff868395313b4aefc08b694740acaba7c14260c3145f90403015f091520eUbuntu Security Notice 3466-1 - Karim Hossen & Thomas Imbert discovered that systemd-resolved incorrectly handled certain DNS responses. A remote attacker could possibly use this issue to cause systemd to temporarily stop responding, resulting in a denial of service.
15654f7b9bfda368625350be74ee70e10914df21ae1590e6c0adaa651fe09731Bomgar Remote Support suffers from a local privilege escalation vulnerability. Versions affected include 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4.
628baf055f0972c1c6fa79f1adf972440b7c5ee8c14fec41ee37efb1bf1f599eUbuntu Security Notice 3465-1 - Brian Carpenter discovered that Irssi incorrectly handled messages with invalid time stamps. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. Brian Carpenter discovered that Irssi incorrectly handled the internal nick list. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. Joseph Bisch discovered that Irssi incorrectly removed destroyed channels from the query list. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. Various other issues were also addressed.
5c34e3c728888e5bb51ce6fb31a8c69e09c89e18bf7c2c9c340b2b4830202fe0Red Hat Security Advisory 2017-3075-01 - The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fix: A stack-based and a heap-based buffer overflow flaws were found in wget when processing chunked encoded HTTP responses. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit these flaws to potentially execute arbitrary code.
902f3f20b7a3e90d479fc1b3fd04bacf4050c8b64fac72cde48820817e759dfcUbuntu Security Notice 3464-1 - Antti Levomaki, Christian Jalio, and Joonas Pihlaja discovered that Wget incorrectly handled certain HTTP responses. A remote attacker could use this issue to cause Wget to crash, resulting in a denial of service, or possibly execute arbitrary code. Dawid Golunski discovered that Wget incorrectly handled recursive or mirroring mode. A remote attacker could possibly use this issue to bypass intended access list restrictions. Various other issues were also addressed.
25ac05cd4bd4147a63b1bd247d8cfad5fce3534a6793e49418e3508809cb3effRed Hat Security Advisory 2017-3071-01 - The Network Time Protocol is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: Two vulnerabilities were discovered in the NTP server's parsing of configuration directives. A remote, authenticated attacker could cause ntpd to crash by sending a crafted message.
83d626d761ac5b1571348346a206a3346fbe4cc8a141d14a89a1ac2a9aad2203Ubuntu Security Notice 3463-1 - It was discovered that Werkzeug did not properly handle certain web scripts. A remote attacker could use this to inject arbitrary code via a field that contains an exception message.
8d133b0cb1c8a7c0ca926fa9d77a07bcfff12fefa3f47dc07a668322984d7532Ubuntu Security Notice 3425-2 - USN-3425-1 fixed a vulnerability in Apache HTTP Server. This update provides the corresponding update for Ubuntu 12.04 ESM. Hanno Boeck discovered that the Apache HTTP Server incorrectly handled A Limit directives in .htaccess files. In certain configurations, a A remote attacker could possibly use this issue to read arbitrary server A memory, including sensitive information. This issue is known as A Optionsbleed. Various other issues were also addressed.
ec9e7c6f5d337302858cf2a0818db50e9651066e124b29ee53ae385d7ba5388cUbuntu Security Notice 3388-2 - USN-3388-1 fixed several vulnerabilities in Subversion. This update provides the corresponding update for Ubuntu 12.04 ESM. Ivan Zhakov discovered that Subversion did not properly handle some requests. A remote attacker could use this to cause a denial of service. Various other issues were also addressed.
a687e5391fa1b5969d8465cd6fe1b7abad9ba098f227067976e565ef0aebea20Debian Linux Security Advisory 4006-1 - Multiple vulnerabilities have been found in MuPDF, a PDF file viewer, which may result in denial of service or the execution of arbitrary code.
b434341ba675edfdd0294230b93749bfaba7130b722225d87a404cf8baf4122bUbuntu Security Notice 3411-2 - USN-3411-1 fixed a vulnerability in Bazaar. This update provides the corresponding update for Ubuntu 12.04 ESM. A Adam Collard discovered that Bazaar did not properly handle host names A in 'bzr+ssh://' URLs. A remote attacker could use this to construct A a bazaar repository URL that when accessed could run arbitrary code A with the privileges of the user. Various other issues were also addressed.
d2232a8ccd4ab791bae18f23bd07111564d267f8de4f31375381fb47c7d63efdUbuntu Security Notice 3454-2 - USN-3454-1 fixed a vulnerability in libffi. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that libffi incorrectly enforced an executable stack. An attacker could possibly use this issue, in combination with another vulnerability, to facilitate executing arbitrary code.
62b33122a47c2d2785fafce032f896394e71015210dec7a602eea5b7d6c67445Ubuntu Security Notice 3462-1 - Jan PokornA1/2 and Alain Moulle discovered that Pacemaker incorrectly handled the IPC interface. A local attacker could possibly use this issue to execute arbitrary code with root privileges. Alain Moulle discovered that Pacemaker incorrectly handled authentication. A remote attacker could possibly use this issue to shut down connections, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.
4384b399869b60d559505c227d7dc753f73aa1b36d2bf6994fcaa90ab5ac8b80Red Hat Security Advisory 2017-3047-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 171. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
bbe7908cff164751122dfd84e70eaebcd87444c60de530d15e00c3e33022eecdRed Hat Security Advisory 2017-3046-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 161. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
bd482745f8dc0e105bc099c629ff47658c99a2f53808a47cb77e614bf18e5a9bRed Hat Security Advisory 2017-3018-01 - The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. The following packages have been upgraded to a later upstream version: httpd24-httpd. Security Fix: A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash.
d125b2cd5c8a0482de5892becffd1b21cbff9d42397e85f157d298a35d83f3f1HPE Security Bulletin HPESBHF03779 1 - A remotely exploitable denial of service vulnerability has been identified in HPE Fabric OS (FOS) running OpenSSH. This impacts versions prior to FOS v7.4.2. Revision 1 of this advisory.
e2d2b9631edb30a7ff9049c57731463bbe76cb777245783bd044fe3d853f4acfCisco Umbrella Virtual Appliance versions 2.0.3 and below contain an undocumented, auto-initiated reverse SSH tunnel which allows the Cisco Umbrella support team to have persistent and unrestricted access to the virtual appliance.
5e84ae818066bb4ac19ab58bf8766980a52ebe49a4dd880c31b67e49f4cb6e1bApple Support iOS application versions 1.1.1 and below send potentially sensitive information such as mobile carrier, install date and time, number of app launches, device model, iOS version and screen resolution, unencrypted to a third party site (Adobe Marketing Cloud).
b2897fa68d98d0bcdeca83e54c19b2cbffb7823e51716ff60960f9cc3e3d0cdbTuleap versions 9.6 and below suffer from a second order PHP object injection vulnerability.
614615fd533a9914f7dae0fc5c046315ec0b6c9faa00541179463892e627fd24Red Hat Security Advisory 2017-3005-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. The following packages have been upgraded to a later upstream version: ansible-tower, cfme, cfme-appliance, cfme-gemset, rabbitmq-server, rh-ruby23-rubygem-nokogiri, supervisor.
5d6f2f797bc66745530e056e45966de331b7f4a4d539e9494b41c8fdfc0f84ebUbuntu Security Notice 3434-2 - USN-3434-1 fixed a vulnerability inA A Libidn. This update provides the corresponding update for Ubuntu 12.04 ESM. A It was discovered that Libidn incorrectly handled decoding certain A digits. A remote attacker could use this issue to cause Libidn to A crash, resulting in a denial of service, or possibly execute arbitrary A code. Various other issues were also addressed.
e6c33dd10d015020c636bc7afe366c9d89616515cf6e13fda233ed454b556d18Ubuntu Security Notice 3441-2 - USN-3441-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 12.04 ESM. A Daniel Stenberg discovered that curl incorrectly handled large A floating point output. A remote attacker could use this issue to cause A curl to crash, resulting in a denial of service, or possibly execute A arbitrary code. Various other issues were also addressed.
7aae14ec5ba893ef0d780ab62a86bba669dd2dbe21dca9f3ab0beb40cb92a0f0
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed