OpenBSD HTTP server versions up to 6.0 suffer from a denial of service vulnerability.
8cb179fc0c44b36068a2fb1ea7d4c3cb44fce813eaf3de73953f10a2bfceac82IVPN client for Windows version 2.6.6120.33863 suffers from a privilege escalation vulnerability.
185ca326d2cd94de8b1329af37794cc1820633da437111c56654fc5ab4c827e5PEAR HTML_AJAX versions 0.5.7 and below suffer from a PHP object injection vulnerability.
a877061f0b6d62d2472442db37c2d5befc021bed71668051a5dc42fa2dc94d4eUbuntu Security Notice 3193-1 - It was discovered that Nettle incorrectly mitigated certain timing side-channel attacks. A remote attacker could possibly use this flaw to recover private keys.
c99d17b3cb1a2dada1c04033fbb63bba3e4fad5be7282f2c74817a38efe879fbRed Hat Security Advisory 2017-0256-01 - QuickStart Cloud Installer is designed to drastically simplify the deployment experience of provisioning your private cloud infrastructure by orchestrating the installation work flow across different products. Instead of installing each product separately, QCI provides an intuitive, web-based graphical user interface to provision a fully functional cloud environment based on the combination of products selected by the user. Security Fix: It was found that several password fields in QCI failed to properly mask the password while it was being entered. An attacker with physical access or the ability to view the screen would be able to see the passwords as they are being entered, allowing them to later access accounts and services protected by those passwords.
90a8655a6f83725dc40b8f9c81c27557f74ec39c5147bf98ed5b387dc003d85dHPE Security Bulletin HPESBUX03699 SSRT110304 1 - Potential security vulnerabilities have been identified in the HP-UX BIND service running named. These vulnerabilities could be exploited remotely to create multiple Denial of Services (DoS). Revision 1 of this advisory.
4974b51e04bbd38c78bbd5e625800c16ba179f3441f644b2d153bb4599487f1bQuestions and Answers Script version 2.0.0 suffers from a remote SQL injection vulnerability.
8daeb4975b605e321aca5026b011c5e55a914f85ebbc63f5891d7204628399c9Ubuntu Security Notice 3192-1 - Saulius Lapinskas discovered that Squid incorrectly handled processing HTTP conditional requests. A remote attacker could possibly use this issue to obtain sensitive information related to other clients' browsing sessions. Felix Hassert discovered that Squid incorrectly handled certain HTTP Request headers when using the Collapsed Forwarding feature. A remote attacker could possibly use this issue to obtain sensitive information related to other clients' browsing sessions. This issue only applied to Ubuntu 16.04 LTS and Ubuntu 16.10. Various other issues were also addressed.
ecc79a8400c481bb6a4ba233b597c5ac2df390712e0587e5c7d78454b95f39f8Ubuntu Security Notice 3191-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
6a9ad9f78860c7c8393926f85e57df542778c6ae67a0c9dabc9778fd8af0574bRed Hat Security Advisory 2017-0252-01 - The Network Time Protocol is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: It was found that when ntp is configured with rate limiting for all associations the limits are also applied to responses received from its configured sources. A remote attacker who knows the sources can cause a denial of service by preventing ntpd from accepting valid responses from its sources.
e1bad53734e5d3bf7a50e7a4efe74c3ec410e5733fd4963d1997818ac1dd059fGentoo Linux Security Advisory 201702-2 - Multiple vulnerabilities have been found in RTMPDump, the worst of which could lead to arbitrary code execution. Versions less than 2.4_p20161210 are affected.
b5c502c26bd9816c054febb41de36acc73347b846ae8d28895edc4976323c149Red Hat Security Advisory 2017-0253-01 - The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor or on Red Hat Enterprise Virtualization Hypervisors. Security Fix: A vulnerability was discovered in spice in the server's protocol handling. An authenticated attacker could send crafted messages to the spice server causing a heap overflow leading to a crash or possible code execution.
3b05e371a8595c3a3a6ba71be3971ec45d371772de224a05c43bbab4abe10677Debian Linux Security Advisory 3781-1 - Luc Lynx discovered that SVG Salamander, a SVG engine for Java was susceptible to server side request forgery.
8b00da1a2c1f8f08c6c0ef0212d683658eb30aa83ae3b8aad3bc0f9bb00f2844POSNIC version 1.03 suffers from a remote shell upload vulnerability.
b0659cc1ef1702e8795081214734b821aa8dc6052f86b9ec6400a8635f7f89efThe first annual Amsterdam Technical Colloquium (TC) has announced its call for speakers. It will take place in Amsterdam, Netherlands from April 25th through the 26th, 2017.
426cd8f55e9daff8e03361ab5a56838e2d6a0d251e007142000510588b5aa8eeNewsBee CMS suffers from a remote SQL injection vulnerability.
eaaba667504693eaacaa8e46f660ec88f2feee056cd07d438c745b0e34485965Teleopti WFM versions 7.1.0 and below suffer from information disclosure and access control vulnerabilities.
6df9b06f877e2194fd3f0328fcc2aa7b53ddb69793bcb8827f9d5a35176c8d68Various ZoneMinder versions suffer from authentication bypass, cross site request forgery, cross site scripting, information disclosure, and file disclosure vulnerabilities.
f68406098b52c99e74b1f00852c84f5caac953bfa36f870cdd77222ec5580f4d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed