SlimarUSER Management version 1.0 suffers from a remote SQL injection vulnerability.
2bec07fb52df7d10da97a4351f54a57c0ba6975f4a18e6dd9aab8b86b68a133aRed Hat Security Advisory 2017-0250-01 - The jboss-ec2-eap package provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.12. Security Fix: It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation.
6d46c7993d4b72d6357975682bceafd58c2ddeb3b0052ded0a7ba19dd6ed624fRed Hat Security Advisory 2017-0244-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.12, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation.
7cde72c7b38ffd626b749a5c8ce756bb67ab67324138e797aa214bf9745b3e04Red Hat Security Advisory 2017-0245-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.12, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation.
6ddb91c98ce43b9ca6121e31a310a74f7b6d054aa1cd611d9d1afbcfc85d4d97Red Hat Security Advisory 2017-0247-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.12, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation.
bc217e17297df960be2b6d4db841ade55294aa7a5a2a05ee5211270f502537feRed Hat Security Advisory 2017-0246-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.12, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation.
3c07dd40714955d355bb85794292fb5fe8501c325022200a66ec0006227929d7Red Hat Security Advisory 2017-0249-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.4.1 serves as a replacement for Red Hat JBoss BPM Suite 6.4.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Multiple security issues have been addressed.
9d51aac2883a730212656b77c265059107cc080452c8f58055fcabe65e8f7390Red Hat Security Advisory 2017-0248-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.4.1 serves as a replacement for Red Hat JBoss BRMS 6.4.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that the parsing of XMP and other XML formats in PDF by Apache PDFBox would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
d1e4ce5ea0eaa0f332f13f9d1bf8bbbb135064a9a8be019689c2e44073a2e731Ubuntu Security Notice 3189-1 - Mikulas Patocka discovered that the asynchronous multibuffer cryptographic daemon in the Linux kernel did not properly handle being invoked with incompatible algorithms. A local attacker could use this to cause a denial of service. Qidan He discovered that the ICMP implementation in the Linux kernel did not properly check the size of an ICMP header. A local attacker with CAP_NET_ADMIN could use this to expose sensitive information. Various other issues were also addressed.
0f3136fcfb20894c5f31c658da4570ea1617117f25f703bedd4422456e8c8b6eUbuntu Security Notice 3189-2 - USN-3189-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Mikulas Patocka discovered that the asynchronous multibuffer cryptographic daemon in the Linux kernel did not properly handle being invoked with incompatible algorithms. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
852d2ecf12fb5e32e229fe893e3cd546f2ac5e0aedf19d8cb685eabd45e1317eUbuntu Security Notice 3190-1 - Mikulas Patocka discovered that the asynchronous multibuffer cryptographic daemon in the Linux kernel did not properly handle being invoked with incompatible algorithms. A local attacker could use this to cause a denial of service. It was discovered that a use-after-free existed in the KVM susbsystem of the Linux kernel when creating devices. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
bd67da6c07218157f0d827497e94107d511dd272fd135c5e7062763994f1a47dUbuntu Security Notice 3188-1 - Andrey Konovalov discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. A remote attacker could use this to cause a denial of service.
2d86a5668ca445385ed856b341052e55b2ca7a7739ca9710f3274ae11772545eUbuntu Security Notice 3188-2 - USN-3188-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Andrey Konovalov discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. A remote attacker could use this to cause a denial of service. Various other issues were also addressed.
d90dd1042ccad8a5d25b41985f7a8c9c0960542e13b81ad7480577fd19738c9eUbuntu Security Notice 3187-1 - Andrey Konovalov discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. A remote attacker could use this to cause a denial of service. It was discovered that multiple memory leaks existed in the XFS implementation in the Linux kernel. A local attacker could use this to cause a denial of service.
544e67175d92577d34104f1d7c597e124f390d4def78f2384361ab8c583eab43Ubuntu Security Notice 3177-2 - USN-3177-1 fixed vulnerabilities in Tomcat. The update introduced a regression in environments where Tomcat is started with a security manager. This update fixes the problem. It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn't exist. A remote attacker could possibly use this issue to enumerate usernames. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Alvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly limited use of a certain utility method. A malicious application could possibly use this to bypass Security Manager restrictions. Various other issues were also addressed.
57a72bb771cc2225db7906a9c2ff594538c87f4e7e8aaf43d8de9b80f0774ac5Itech Multi Vendor Script version 6.49 suffers from multiple remote SQL injection vulnerabilities.
b894bf251e9277f7fe9945e846aef0cd0c4f2eeca860a4b18f67e3c9fb72e817Netwave IP camera suffers from a password disclosure vulnerability.
423b8d3c8f5472069ad1533abd2953bb63d0ac772c89b0857f70c3b4b96acd56CUPS versions prior to 2.0.3 reference count over decrement remote code execution exploit.
9952774461bb22bab55621db41a0c77cb15b0319086b5d190546e343fd847c8fThe Copenhagen CyberCrime conference has announced its call for speakers. It will take play May 24th, 2017 in Copenhagen, Denmark.
81516fb031ce3c7337839b17c7e6fede767bd88af5f8b8444b59b9495f4b315d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed