Ubuntu Security Notice 3350-1 - Aleksandar Nikolic discovered that poppler incorrectly handled JPEG 2000 images. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. Jiaqi Peng discovered that the poppler pdfunite tool incorrectly parsed certain malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause poppler to crash, resulting in a denial of service. Various other issues were also addressed.
52d790ac54064768358ec37b1553501b9e555e8c4d911d7636cbcb7a25c1132c
Yaws version 1.91 suffers from an unauthenticated remote file disclosure vulnerability.
75629368ff456f6677d01b2c26f455cf606a3403736db99f79919f9e33af3230
Firefox version 54.0.1 suffers from a denial of service vulnerability.
3644ea8959431b6023ecedbd76add9ecd1247d5501ecede377afba4f441df58e
Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious node is a member of the cluster. So, if Solr users have enabled BasicAuth authentication mechanism using the BasicAuthPlugin or if the user has implemented a custom Authentication plugin, which does not implement either "HttpClientInterceptorPlugin" or "HttpClientBuilderPlugin", his/her servers are vulnerable to this attack. Users who only use SSL without basic authentication or those who use Kerberos are not affected. Versions 5.3 through 5.5.4 and 6.0 through 6.5.1 are affected.
6c61f7b4afc578465540747541333350b5a441f277a267e49bdeb7f8ff5ec221
Microsoft Office 365 Enterprise E3 suffers from an insufficient session expiration vulnerability.
71b7c538dc235667bda1e21c050149a2a4aa82d2b550a41e97c9f1758d8d7dbf
EMC ESRS Policy Manager is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system. Versions prior to 6.8 are affected.
a87cd48c69fcdf45011328a78ebafc29111d5605f8614d3c1dc95fcd245c5db9
EMC Data Protection Advisor versions prior to 6.4 suffer from remote SQL injection and path traversal vulnerabilities.
05cb312b3d51461c4a374866f6a1305114602a8066f88e5c75ce51159ee2643d
Solarwinds Log and Event Manager Virtual Appliance version 6.3.1 has hard-coded credentials.
db2280c889805e3b1cc8bca7d28bca9faff15b7e7003176695d43071203d731f
Barracuda WAF V360 with firmware 8.0.1.014 suffers from a support tunnel hijacking vulnerability.
b5f3e2e56c5e431a0f7904096cd26eb5b819f5e04765f0ca18b7e34eeb0f1740
Microsoft .NET suffers from a privilege escalation vulnerability.
156ffe5f8f2e0bd1e5ac5eda8e6abbdda326e4a2e4b7bd5843f3169e215c36ca