The Trend Micro Enterprise Mobile Security android application suffers from a man-in-the-middle SSL certificate vulnerability.
3be0a3916b23746808c0c776f1e66acee4ee7df205c6f4e4557903bacd4c08eb
HPE Security Bulletin HPESBHF03723 1 - A potential security vulnerability has been identified in HPE Aruba ClearPass Policy Manager. The vulnerability could be remotely exploited to allow execution of code. **Note:** The ClearPass Policy Manager administrative Web interface is affected by the vulnerability. ClearPass Guest, Insight, and Graphite are NOT impacted. Revision 1 of this advisory.
d6e597c7bb73b8b7ba06f660e94513f08f799d97c77d1c9cf31cc41c314e3fa6
HPE Security Bulletin HPESBUX03725 1 - Potential security vulnerabilities have been identified with HP-UX Web Server Suite running Apache on HP-UX 11iv3. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), Unauthorized Read Access to Data and other impacts including: * Padding Oracle attack in Apache mod_session_crypto * Apache HTTP Request Parsing Whitespace Defects. Revision 1 of this advisory.
5df1b537a3a2899886f0263d940c4193b758bfc583dd96021c5e940a90f029a8
Ubuntu Security Notice 3251-2 - USN-3251-1 fixed a vulnerability in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service or execute arbitrary code with administrative privileges. Various other issues were also addressed.
b1d487963e5c52b099632d8ab214ebd2e907b74a6c379f725d804c0da4616fcb
Ubuntu Security Notice 3251-1 - It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service or execute arbitrary code with administrative privileges.
1ca3a3e8ffe4e088904c9f1b8447dbb3bf2c0b1d8c96424615dc666524cfd330
Ubuntu Security Notice 3250-1 - It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service or execute arbitrary code with administrative privileges.
e0d47a21fe1bda95bc4b052c9f7665e52054b71dab369a17a44a17c1ebde95d4
Ubuntu Security Notice 3250-2 - USN-3250-1 fixed a vulnerability in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service or execute arbitrary code with administrative privileges. Various other issues were also addressed.
b422cb5aab80fdbf0c348767b7d781f06b31e9fe1bd2d4d06b44326a9ad12b40
Ubuntu Security Notice 3249-2 - USN-3249-1 fixed a vulnerability in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service or execute arbitrary code with administrative privileges. Various other issues were also addressed.
460470cda31135e28bf5e1bede438fdd331eba3492c08a19c3210a779e90f05a
Ubuntu Security Notice 3248-1 - It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service or execute arbitrary code with administrative privileges.
b2af43e9ee4661670491287b35ae5b6204a60fd2e6cb9ae3dbee38243de221bd
Ubuntu Security Notice 3249-1 - It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service or execute arbitrary code with administrative privileges.
8e6a027bf065ecdae1744051be9c1eeb8feffddb13c1d70f176316aecc5f924c
Ubuntu Security Notice 3236-1 - Multiple vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, spoof application UI by causing the security status API or webview URL to indicate the wrong values, bypass security restrictions, cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.
7069b55c974764404a6bd3c1a7386f8efd74a673a5217b50585d13825906a1ff
Debian Linux Security Advisory 3824-1 - George Noseevich discovered that firebird2.5, a relational database system, did not properly check User-Defined Functions (UDF), thus allowing remote authenticated users to execute arbitrary code on the firebird server.
77569fa3e3fe5a77943c7cab473511a3a5e942a79f3b4057eec65f15d8cdbc0e
Debian Linux Security Advisory 3798-2 - DSA-3798-1 for tnef introduced a regression that caused crashes on some attachments.
91907dc419eacbfe525acaae6b9baccfc9233d9873b50246b5cf24e06fb463de
Red Hat Security Advisory 2017-0847-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: It was found that the fix for CVE-2015-3148 in curl was incomplete. An application using libcurl with HTTP Negotiate authentication could incorrectly re-use credentials for subsequent requests to the same server.
974b5fabd635b171138950d3c4169a2374eec8a7fa006d510de7b420497dd80f
Slackware Security Advisory - New mariadb packages are available for Slackware 14.2 and -current to fix security issues.
d28bdd977d39f007c77399f719272fae2c4233f4574b5f1bad80d829ac511400
Amazon S3 suffers from an open redirection vulnerability.
cc5afbb9a4b12138b7c5db47bdc0b8bb94e014dae51869e09b079aaf22a799b5
EMC Isilon OneFS versions 7.1.0 through 7.1.1.10, 7.2.0 through 7.2.1.3, and 8.0.0 through 8.0.0.1 suffer from a path traversal vulnerability.
e19aca5b754771c11a24391d2108333efd59db0c26f9b6719e2dd9b3d446f54c
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. This is the cross platform package.
c60b5a14421f20d997492599b2a550ece3abc6760ea94785b093769ac8c5b272
Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
748845b6c31f8c95295db678c0d4310f7e7ca8a444f9f4f2835073ad72a63d37
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
6be0dcb0e3c66c76266944b1c5b6f1d8ba617dc1ce89b8d278f4e1f990a6f70a
Pixie version 1.0.4 suffers from a cross site scripting vulnerability.
1bfb97f0b476e0247458cce92c0e867e76225fb7c98585669be0eec4d91c07f8
MacOS/iOS suffer from an issue where mach_msg does not copy memory in a certain case.
311975d6c6410fc74e8c9b4e249484bd7519ec1515eba64cd53af81d9d333a20
Microsoft Visual Basic for Applications versions 6.5 through 7.1 suffer from a malicious hidden module issue.
1b1fb21479c9efc8470b2ac366523aa69e0f3f5599cec5c5c3acb8af5ef31702
Samsumg suffers from an RKP kernel protection bypass via lack of MSR trapping on Qualcomm devices.
0dbe80fe47e0d163198f99af0f2dd6414287047cc82447e99da5cf0bff3da457
Safari performs an out-of-bounds read when calling the bound function.
c34419dbfdc88927512ecd0928e9ba0ad20ee01eb077380d69ea9fd9a6bd1bc8