Ubuntu Security Notice 3350-1 - Aleksandar Nikolic discovered that poppler incorrectly handled JPEG 2000 images. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. Jiaqi Peng discovered that the poppler pdfunite tool incorrectly parsed certain malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause poppler to crash, resulting in a denial of service. Various other issues were also addressed.
52d790ac54064768358ec37b1553501b9e555e8c4d911d7636cbcb7a25c1132cYaws version 1.91 suffers from an unauthenticated remote file disclosure vulnerability.
75629368ff456f6677d01b2c26f455cf606a3403736db99f79919f9e33af3230Firefox version 54.0.1 suffers from a denial of service vulnerability.
3644ea8959431b6023ecedbd76add9ecd1247d5501ecede377afba4f441df58eApache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious node is a member of the cluster. So, if Solr users have enabled BasicAuth authentication mechanism using the BasicAuthPlugin or if the user has implemented a custom Authentication plugin, which does not implement either "HttpClientInterceptorPlugin" or "HttpClientBuilderPlugin", his/her servers are vulnerable to this attack. Users who only use SSL without basic authentication or those who use Kerberos are not affected. Versions 5.3 through 5.5.4 and 6.0 through 6.5.1 are affected.
6c61f7b4afc578465540747541333350b5a441f277a267e49bdeb7f8ff5ec221Microsoft Office 365 Enterprise E3 suffers from an insufficient session expiration vulnerability.
71b7c538dc235667bda1e21c050149a2a4aa82d2b550a41e97c9f1758d8d7dbfEMC ESRS Policy Manager is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system. Versions prior to 6.8 are affected.
a87cd48c69fcdf45011328a78ebafc29111d5605f8614d3c1dc95fcd245c5db9EMC Data Protection Advisor versions prior to 6.4 suffer from remote SQL injection and path traversal vulnerabilities.
05cb312b3d51461c4a374866f6a1305114602a8066f88e5c75ce51159ee2643dSolarwinds Log and Event Manager Virtual Appliance version 6.3.1 has hard-coded credentials.
db2280c889805e3b1cc8bca7d28bca9faff15b7e7003176695d43071203d731fBarracuda WAF V360 with firmware 8.0.1.014 suffers from a support tunnel hijacking vulnerability.
b5f3e2e56c5e431a0f7904096cd26eb5b819f5e04765f0ca18b7e34eeb0f1740Microsoft .NET suffers from a privilege escalation vulnerability.
156ffe5f8f2e0bd1e5ac5eda8e6abbdda326e4a2e4b7bd5843f3169e215c36ca
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed