The Windows Attachment Manager does not correctly handle JAR files marked as high risk when accessed via Internet Explorer 11.
55d6f4555285c911f938d1c94208c74030f6f4131f6a8f5b3412527ade760885
Bamboo versions prior to 6.0.5, 6.1.4, and 6.2.1 suffer from a code execution vulnerability.
5122ff868395313b4aefc08b694740acaba7c14260c3145f90403015f091520e
Ubuntu Security Notice 3466-1 - Karim Hossen & Thomas Imbert discovered that systemd-resolved incorrectly handled certain DNS responses. A remote attacker could possibly use this issue to cause systemd to temporarily stop responding, resulting in a denial of service.
15654f7b9bfda368625350be74ee70e10914df21ae1590e6c0adaa651fe09731
Bomgar Remote Support suffers from a local privilege escalation vulnerability. Versions affected include 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4.
628baf055f0972c1c6fa79f1adf972440b7c5ee8c14fec41ee37efb1bf1f599e
Ubuntu Security Notice 3465-1 - Brian Carpenter discovered that Irssi incorrectly handled messages with invalid time stamps. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. Brian Carpenter discovered that Irssi incorrectly handled the internal nick list. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. Joseph Bisch discovered that Irssi incorrectly removed destroyed channels from the query list. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. Various other issues were also addressed.
5c34e3c728888e5bb51ce6fb31a8c69e09c89e18bf7c2c9c340b2b4830202fe0
Red Hat Security Advisory 2017-3075-01 - The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fix: A stack-based and a heap-based buffer overflow flaws were found in wget when processing chunked encoded HTTP responses. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit these flaws to potentially execute arbitrary code.
902f3f20b7a3e90d479fc1b3fd04bacf4050c8b64fac72cde48820817e759dfc
Ubuntu Security Notice 3464-1 - Antti Levomaki, Christian Jalio, and Joonas Pihlaja discovered that Wget incorrectly handled certain HTTP responses. A remote attacker could use this issue to cause Wget to crash, resulting in a denial of service, or possibly execute arbitrary code. Dawid Golunski discovered that Wget incorrectly handled recursive or mirroring mode. A remote attacker could possibly use this issue to bypass intended access list restrictions. Various other issues were also addressed.
25ac05cd4bd4147a63b1bd247d8cfad5fce3534a6793e49418e3508809cb3eff
Red Hat Security Advisory 2017-3071-01 - The Network Time Protocol is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: Two vulnerabilities were discovered in the NTP server's parsing of configuration directives. A remote, authenticated attacker could cause ntpd to crash by sending a crafted message.
83d626d761ac5b1571348346a206a3346fbe4cc8a141d14a89a1ac2a9aad2203
Ubuntu Security Notice 3463-1 - It was discovered that Werkzeug did not properly handle certain web scripts. A remote attacker could use this to inject arbitrary code via a field that contains an exception message.
8d133b0cb1c8a7c0ca926fa9d77a07bcfff12fefa3f47dc07a668322984d7532
Ubuntu Security Notice 3425-2 - USN-3425-1 fixed a vulnerability in Apache HTTP Server. This update provides the corresponding update for Ubuntu 12.04 ESM. Hanno Boeck discovered that the Apache HTTP Server incorrectly handled A Limit directives in .htaccess files. In certain configurations, a A remote attacker could possibly use this issue to read arbitrary server A memory, including sensitive information. This issue is known as A Optionsbleed. Various other issues were also addressed.
ec9e7c6f5d337302858cf2a0818db50e9651066e124b29ee53ae385d7ba5388c
Ubuntu Security Notice 3388-2 - USN-3388-1 fixed several vulnerabilities in Subversion. This update provides the corresponding update for Ubuntu 12.04 ESM. Ivan Zhakov discovered that Subversion did not properly handle some requests. A remote attacker could use this to cause a denial of service. Various other issues were also addressed.
a687e5391fa1b5969d8465cd6fe1b7abad9ba098f227067976e565ef0aebea20
Debian Linux Security Advisory 4006-1 - Multiple vulnerabilities have been found in MuPDF, a PDF file viewer, which may result in denial of service or the execution of arbitrary code.
b434341ba675edfdd0294230b93749bfaba7130b722225d87a404cf8baf4122b
Ubuntu Security Notice 3411-2 - USN-3411-1 fixed a vulnerability in Bazaar. This update provides the corresponding update for Ubuntu 12.04 ESM. A Adam Collard discovered that Bazaar did not properly handle host names A in 'bzr+ssh://' URLs. A remote attacker could use this to construct A a bazaar repository URL that when accessed could run arbitrary code A with the privileges of the user. Various other issues were also addressed.
d2232a8ccd4ab791bae18f23bd07111564d267f8de4f31375381fb47c7d63efd
Ubuntu Security Notice 3454-2 - USN-3454-1 fixed a vulnerability in libffi. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that libffi incorrectly enforced an executable stack. An attacker could possibly use this issue, in combination with another vulnerability, to facilitate executing arbitrary code.
62b33122a47c2d2785fafce032f896394e71015210dec7a602eea5b7d6c67445
Ubuntu Security Notice 3462-1 - Jan PokornA1/2 and Alain Moulle discovered that Pacemaker incorrectly handled the IPC interface. A local attacker could possibly use this issue to execute arbitrary code with root privileges. Alain Moulle discovered that Pacemaker incorrectly handled authentication. A remote attacker could possibly use this issue to shut down connections, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.
4384b399869b60d559505c227d7dc753f73aa1b36d2bf6994fcaa90ab5ac8b80
Red Hat Security Advisory 2017-3047-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 171. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
bbe7908cff164751122dfd84e70eaebcd87444c60de530d15e00c3e33022eecd
Red Hat Security Advisory 2017-3046-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 161. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
bd482745f8dc0e105bc099c629ff47658c99a2f53808a47cb77e614bf18e5a9b
Red Hat Security Advisory 2017-3018-01 - The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. The following packages have been upgraded to a later upstream version: httpd24-httpd. Security Fix: A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash.
d125b2cd5c8a0482de5892becffd1b21cbff9d42397e85f157d298a35d83f3f1
HPE Security Bulletin HPESBHF03779 1 - A remotely exploitable denial of service vulnerability has been identified in HPE Fabric OS (FOS) running OpenSSH. This impacts versions prior to FOS v7.4.2. Revision 1 of this advisory.
e2d2b9631edb30a7ff9049c57731463bbe76cb777245783bd044fe3d853f4acf
Cisco Umbrella Virtual Appliance versions 2.0.3 and below contain an undocumented, auto-initiated reverse SSH tunnel which allows the Cisco Umbrella support team to have persistent and unrestricted access to the virtual appliance.
5e84ae818066bb4ac19ab58bf8766980a52ebe49a4dd880c31b67e49f4cb6e1b
Apple Support iOS application versions 1.1.1 and below send potentially sensitive information such as mobile carrier, install date and time, number of app launches, device model, iOS version and screen resolution, unencrypted to a third party site (Adobe Marketing Cloud).
b2897fa68d98d0bcdeca83e54c19b2cbffb7823e51716ff60960f9cc3e3d0cdb
Tuleap versions 9.6 and below suffer from a second order PHP object injection vulnerability.
614615fd533a9914f7dae0fc5c046315ec0b6c9faa00541179463892e627fd24
Red Hat Security Advisory 2017-3005-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. The following packages have been upgraded to a later upstream version: ansible-tower, cfme, cfme-appliance, cfme-gemset, rabbitmq-server, rh-ruby23-rubygem-nokogiri, supervisor.
5d6f2f797bc66745530e056e45966de331b7f4a4d539e9494b41c8fdfc0f84eb
Ubuntu Security Notice 3434-2 - USN-3434-1 fixed a vulnerability inA A Libidn. This update provides the corresponding update for Ubuntu 12.04 ESM. A It was discovered that Libidn incorrectly handled decoding certain A digits. A remote attacker could use this issue to cause Libidn to A crash, resulting in a denial of service, or possibly execute arbitrary A code. Various other issues were also addressed.
e6c33dd10d015020c636bc7afe366c9d89616515cf6e13fda233ed454b556d18
Ubuntu Security Notice 3441-2 - USN-3441-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 12.04 ESM. A Daniel Stenberg discovered that curl incorrectly handled large A floating point output. A remote attacker could use this issue to cause A curl to crash, resulting in a denial of service, or possibly execute A arbitrary code. Various other issues were also addressed.
7aae14ec5ba893ef0d780ab62a86bba669dd2dbe21dca9f3ab0beb40cb92a0f0