Debian Linux Security Advisory 3917-1 - A heap-based buffer underflow flaw was discovered in catdoc, a text extractor for MS-Office files, which may lead to denial of service (application crash) or have unspecified other impact, if a specially crafted file is processed.
e18aa80fe160c85aeb41c39f7c873e510009aa5be648fa9d3b79b320e6108ea9
Slackware Security Advisory - New seamonkey packages are available for Slackware 14.2 and -current to fix security issues.
96d35ec68c9ee27e749ff85d952f5cca158b5ea68e93bb4df1ee36d85919a2db
HPE Security Bulletin HPESBHF03745 3 - Potential security vulnerabilities have been identified in HPE Intelligent Management Center (iMC) PLAT. The vulnerabilities could be exploited remotely to allow execution of code. Revision 3 of this advisory.
23505b51f81192e0e759e9785464536c2a54464f9d9e61cf59d1be481622ca5c
Ubuntu Security Notice 3364-2 - USN-3364-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
7ab39edea8d33fac19ee690f5410d949caf2f5e5bf4c3d8797fa3459ba097f19
Ubuntu Security Notice 3364-1 - It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. It was discovered that the Linux kernel did not properly restrict access to /proc/iomem. A local attacker could use this to expose sensitive information. Alexander Potapenko discovered a race condition in the Advanced Linux Sound Architecture subsystem in the Linux kernel. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
8d4d1e11cb0c3c986ec4d3a563f90d8fb81893599073f102feea772fe215fc10
Ubuntu Security Notice 3357-2 - USN-3357-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 12.04 ESM. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.57 in Ubuntu 12.04 ESM. Various other issues were also addressed.
0304a68c6e688014707da8b747f7f0a8129b4d77e29441a211c6400b20ba5436
Red Hat Security Advisory 2017-1798-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.
d7fbdf9c2cd18bbe7d153272c9cd6d59b1ed37ac316ab5f8b1c93111f6d3d2d3
Ubuntu Security Notice 3353-4 - USN-3353-1 fixed a vulnerability in Heimdal. This update provides the corresponding update for Samba. Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that Samba clients incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network services or perform other attacks. Various other issues were also addressed.
7c09a6af549fe30854b045c32074e166bbbf5c708363f2e4c5748923ff9b2cbc
Ubuntu Security Notice 3362-1 - It was discovered that the X.Org X server incorrectly handled endianness conversion of certain X events. An attacker able to connect to an X server, either locally or remotely, could use this issue to crash the server, or possibly execute arbitrary code as an administrator. It was discovered that the X.Org X server incorrectly handled endianness conversion of certain X events. An attacker able to connect to an X server, either locally or remotely, could use this issue to possibly obtain sensitive information. Various other issues were also addressed.
56b068bc59fd1a458b3be77ea77eeae726c0089dc065eed37fd85b7b8f25855e
Ubuntu Security Notice 3363-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.
0d473eb083bcd86c94caf39c0fb9c06426aef9aa6f82ebc89985e654cd408cb1
Ubuntu Security Notice 3353-3 - USN-3353-1 fixed a vulnerability in Heimdal. This update provides the corresponding update for Ubuntu 12.04 ESM.
3dde3ad1d2e695ae1308459430ccfaa414e1c07743a075e784a97bebaa8f329a
MAWK versions 1.3.3-17 and below are susceptible to a stack-based buffer overflow vulnerability.
8ae22f24c6687d7f34733d9e6e83cb7ac1404a6bfaedd4166e57d39f5962fe1d
RedTeam Pentesting discovered an arbitrary file disclosure vulnerability in the REDDOXX appliance software, which allows unauthenticated attackers to download arbitrary files from the affected system. Affected versions include build 2032 and 2.0.625.
73f166953c9826d6cb5ced2e73d23f83f1666942751bbe3a859d6bd211d10a9a
This Metasploit module exploits a vulnerability found in ManageEngine Desktop Central 10. When uploading a file, the FileUploadServlet class does not check the user-controlled fileName parameter. This allows a remote attacker to create a malicious file and place it under a directory that allows server-side scripts to run, which results in remote code execution under the context of SYSTEM. This exploit was successfully tested on version 10, build 100087.
890ea76a03a7ffc9458899b7ae1381272680a62d4a6c1693ff6dec23f6adde77
RedTeam Pentesting discovered a cross site scripting (XSS) vulnerability in the REDDOXX appliance software, which allows attackers to inject arbitrary JavaScript code via a crafted URL. Affected versions include build 2032 and 2.0.625.
24d8f1cffd703098f7bc99803e67978d1404d5582276c79f31555172622b593b
RedTeam Pentesting discovered an arbitrary file disclosure vulnerability in the REDDOXX appliance software, which allows unauthenticated attackers to list directory contents and download arbitrary files from the affected system with root permissions. Affected versions include build 2032 and 2.0.625.
4b2a83e33f783d6780df2b94816103795f01791ce55f04a8febcf31ae4a50c00
RedTeam Pentesting discovered an information disclosure vulnerability in the REDDOXX appliance software, which allows unauthenticated attackers to extract valid session IDs. Affected versions include build 2032 and 2.0.625.
c1999c59bf1a49e27b345dcd1c7259a0a82d09f67464808f16ff746ad4c41449
PaulShop suffers from cross site scripting and remote SQL injection vulnerabilities.
7c3af021c23b188fe48f320ae94baafff3bb919f1fe1a6986ef714449c4046f4
Microsoft Internet Explorer mshtml.dll remote code execution exploit that leverages the issue noted in MS17-007.
849f2394e75f12bb7326f5a6a2dac97c8926f31c414519308124090678a4e556