Debian Linux Security Advisory 3856-1 - Two vulnerabilities have been discovered in the web interface of the Deluge BitTorrent client (directory traversal and cross-site request forgery).
ffd4b2a7a8f00187b94f35a5055d76e483f4645d61a3bcd2ed54463b4ab27be8HPE Security Bulletin HPESBGN03748 1 - A potential security vulnerability has been identified in HPE Cloud Optimizer. The vulnerability could be remotely exploited resulting in disclosure of information. Revision 1 of this advisory.
7483e63110b0bf1c8c541a2f924bb2bf09ca0c60d99d6ea43f0e7571351d4d97Ceragon FibeAir IP-10 versions 7.2.0 and below suffer from a hidden user backdoor vulnerability.
19d0253d67bfd5628b69787c405f7a3c2992c6236010db3ca5711b8a3408d169Western Digital TV Media Player version 1.03.07 suffers from file upload, local file inclusion, cross site request forgery, private key issue, remote SQL injection, and other vulnerabilities.
385687d49d2c40482bc4095866410a41b9a17b1428c065bcb0a4be85c09e9a45Red Hat Security Advisory 2017-1256-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.15 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.14, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.
66a0b9ebd91f3d58b18c164ce18f959b822d47b029a739de04202319a8322641Red Hat Security Advisory 2017-1253-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.15 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.14, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.
5a4ec3b1227c9241673259dff46a3a8629ad441ccc88aaeb18290d488426c5d1Red Hat Security Advisory 2017-1259-01 - Spacewalk is an Open Source systems management solution that provides system provisioning, configuration and patching capabilities. Security Fix: It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py.
42ce9b171df841e7dba3df7165abf9639f62c061e6efdad41a6d0829ddcebc04Ubuntu Security Notice 3275-3 - USN-3275-2 fixed vulnerabilities in OpenJDK 7. Unfortunately, the update introduced a regression when handling TLS handshakes. This update fixes the problem. It was discovered that OpenJDK improperly re-used cached NTLM connections in some situations. A remote attacker could possibly use this to cause a Java application to perform actions with the credentials of a different user. Various other issues were also addressed.
b6267488b59a31e9e6e0acbee223e59d7a111c146fc457952a554fc22c390435Ubuntu Security Notice 3295-1 - It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user or automated system using JasPer were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.
b62194c8b668f64ae29e7257348391b5c012a8addd0decc9b4f7c298876675a3Red Hat Security Advisory 2017-1255-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.15 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.14, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.
908877da3f1cfc9dfca69965316818a94445a7d83eafed2908514e284a7b6ae4Red Hat Security Advisory 2017-1260-01 - The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.15. Security Fix: It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.
f8dede59460b3e91131da210ce201d95cfb51359708c5aedfa61beace085aa8cRed Hat Security Advisory 2017-1254-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.15 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.14, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.
4a6d3b6826b17d73c6e89756d374ffc7b8d743c626ed1841cace3e0cb5b75665Kodak InSite versions 6.5. through 8.0 suffer from a cross site scripting vulnerability.
edfdb5072d2100ae5816327aa1047bf156b40a14eb41a16b1e0dfe93a6055864Nixauditor is a script to audit linux and unix distributions based mainly on the CIS standards and universal linux hardening guidelines.
c895b4f499689b377e4a2360b02832996b972639b6e2ed8b1a1c145eefa9cfa1WhatsApp Messenger for Android does not delete sent and received files from the SD card on the device when chats are cleared, deleted or the application is uninstalled from the device. Additionally, the application stores sent and received files in the SD card without encryption where they are accessible to any applications with storage permissions.
33e5802bd2f7506103d2ccc503733ef058009d057af1f25c56e0615d0d99772fBelden GarrettCom 6K and 10KT series suffer from suffers from buffer overflow, authentication bypass, information disclosure, and other vulnerabilities.
49d1717295169be58fe33b4c7d8306f29f0d9e8f045dbaf9cda485d36d3f2e48
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed