A fix is available for certain versions of VNX Control Station for VNX1 and VNX2 that contain a reflected cross site scripting vulnerability. This vulnerability could potentially be exploited by malicious users to compromise the affected system. Affected includes Dell EMC VNX2 versions prior to Operating Environment for File 8.1.9.217 and Dell EMC VNX1 versions prior to Operating Environment for File 7.1.80.8.
99343fb6161a01f1c71e556f948f72ca4e3105c28fce577b9044d0c611e294d5Asterisk Project Security Advisory - A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and using the PJSIP channel driver, it would cause Asterisk to crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled a user would have to first be authorized before reaching the crash point.
ed053308e894898a480e92d5016c992527cc685883fe08d5de10e9577ba6d611ServersCheck Monitoring Software versions prior to 14.2.3 suffers from a cross site scripting vulnerability.
049e6c97e6148e6901b69dff7cce9f1a2c50b27b741b2ba8c7a09abd0fa80032Red Hat Security Advisory 2017-3493-01 - In accordance with the Red Hat Enterprise MRG Life Cycle policy, Red Hat Enterprise MRG Version 2 for Red Hat Enterprise Linux 6 will be retired as of June 30, 2018, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise MRG Version 2 for Red Hat Enterprise Linux 6 after June 30, 2018.
65cc7970229898edd557390fddb2305a0a3af2d26e99dcab3be4a943f80283b5Red Hat Security Advisory 2017-3490-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.7 will be retired as of December 31, 2018, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.7 EUS after December 31, 2018.
063aa42d2af5b317a96e97efaea11552d50af6f7771cc01899ff970dc90a99c4EMC Isilon OneFS requires a security update to address an issue that may potentially allow NFS clients to access certain NFS exports using a weaker authentication flavor when default NFS export settings are modified.
2742a8ffcef95a8e023a78f43f34950ad54b1bba89d6fe49410cccd2cfc50ddfEMC Data Domain DD OS includes a memory overflow vulnerability in the SMB1 handler. Many versions are affected.
6374f5d7456b80eb09d37970db7dadebea51f50a17d57d392e6ff189cbc5fee8Vulnerabilities were identified in the iStar Ultra and IP-ACM boards offered by Software House. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is encrypted in CBC mode and restarts with the fixed IV, leading to replay attacks of entire messages. There is no authentication of messages beyond the use of the fixed AES key, so message forgery is also possible.
204786b1402fdbec34ba89ae4fe9ceed678dd3d6096ef0880cd0a2f1ff6cb00dMicrosoft Windows 10 offers a biometric authentication mechanism using "near infrared" face recognition technology with specific Windows Hello compatible cameras. Due to an insecure implementation of the biometric face recognition in some Windows 10 versions, it is possible to bypass the Windows Hello face authentication via a simple spoofing attack using a modified printed photo of an authorized person.
a28797336445a321ee3b9f535cf1f6527d20a26299595c9bcfc659a304c665cdRed Hat Security Advisory 2017-3485-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby24-ruby. Security Fix: A buffer underflow was found in ruby's sprintf function. An attacker, with ability to control its format string parameter, could send a specially crafted string that would disclose heap memory or crash the interpreter.
b19febc2e65ff51a5e7e50e13c140bf754767a3fbfaae851f26d0fc137086b0bRed Hat Security Advisory 2017-3484-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. CloudForms Management Engine Appliance. CloudForms Management Engine Gemset. Multiple security issues have been addressed.
4a3692d773dfdb3a0baf0904f7370f30464bfe25a4d3d753f236f35e7b82503aUbuntu Security Notice 3382-2 - USN-3382-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that the PHP URL parser incorrectly handled certain URI components. A remote attacker could possibly use this issue to bypass hostname-specific URL checks. Various other issues were also addressed.
4730777f8234166a0aca926651b742452e288c5899a8de45f4f97da1ed324225Red Hat Security Advisory 2017-3481-01 - Heketi provides a RESTful management interface which can be used to manage the life cycle of GlusterFS volumes. With Heketi, cloud services like OpenStack Manila, Kubernetes, and OpenShift can dynamically provision GlusterFS volumes with any of the supported durability types. Heketi will automatically determine the location for bricks across the cluster, making sure to place bricks and its replicas across different failure domains. Heketi also supports any number of GlusterFS clusters, allowing cloud services to provide network file storage without being limited to a single GlusterFS cluster. Multiple security issues have been addressed.
37310c779e064bd1d7d3d726dd8ed07e73249d8788c2ea3f5b64215f3705bdfbRed Hat Security Advisory 2017-3479-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 63.0.3239.108. Security Fix: A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.
4f3439f884f8dc482d88454ac75499493936b0ea2e792493d4e8193172ac20a9Red Hat Security Advisory 2017-3477-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2, and includes bug fixes.
822ce2a5a2219e619fcb8712952a12baa3716903009d2d8afeb6607985aa478aRed Hat Security Advisory 2017-3476-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2, and includes bug fixes.
e524f8ce7b2aeed25d1c47f9cedff0e1cc57e3fbd7aa76b24a33091b5f3ff83dRed Hat Security Advisory 2017-3475-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as a replacement of Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes.
7a80ddd064b974806ee57d0ef30c611ff93aa622e38490ed53afce00dc512af4VLC versions 2.2.8 and below suffer from a type conversion vulnerability in the MP4 demux module.
517f22e30a6a226acec48ea2f884e2b4a520164bd32f90f3aac8dc1b5d910d2aApple Security Advisory 2017-12-13-6 - iOS 11.2 addresses issues relating to interception, memory corruption, and more. This advisory provides additional information for APPLE-SA-2017-12-6-2.
0700b7d62c4bc3fe36c2ec7cfeb5c1c5e6e09967ad7b4c1009f717451ef3dc57Apple Security Advisory 2017-12-13-4 - iTunes 12.7.2 for Windows is now available and addresses code execution and privacy issues.
aa5097596f2bfaeb9ab9082bdbe17fa9e65549381b08ac0d414c19deb07a1d1cApple Security Advisory 2017-12-13-3 - iCloud for Windows 7.2 is now available and addresses code execution and privacy issues.
7ac83185c9a1a9ac2f52891fd6ae1e94392155c4ba0d8b820fb7de7b325c1d7eRed Hat Security Advisory 2017-3474-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An assertion-failure flaw was found in the Network Block Device server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.
b146276f21006a6482f059705c18a8672e10a014be7b092c305842e8f3060279Red Hat Security Advisory 2017-3466-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An assertion-failure flaw was found in the Network Block Device server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.
84a7b3f4ea4874af0ae1de4c1762b18a68c9aebe5f589fd042d64b0f18ab77f6Gentoo Linux Security Advisory 201712-4 - Multiple vulnerabilities have been found in cURL, the worst of which may allow execution of arbitrary code. Versions less than 7.57.0 are affected.
597b708be3f8393ef070dd7b2ba23730c0c91e9c3cab36fa3d956ca7f5c01a08Gentoo Linux Security Advisory 201712-3 - Multiple vulnerabilities have been found in OpenSSL, the worst of which may lead to a Denial of Service condition. Versions less than 1.0.2n are affected.
fce3728192f2ad29f4f85aa453b99dae4b60a8dc3c7ceb2e2bc45239433e0b60
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed