WordPress Podlove Podcast Publisher plugin versions 2.5.3 and below suffer from a remote SQL injection vulnerability.
dc7e4831715fbb93ca6ee18c38fa2fb87560853f28673c4b78848d8a2c9b707eWordPress PressForward plugin versions 4.3.0 and below suffer from a cross site scripting vulnerability.
9149d5fd6fd493f3e94be2c3cc8a6fe5c63013bed56d64669eb18d0a79c6e30bWordPress Easy Modal plugin versions 2.0.17 and below suffer multiple remote SQL injection vulnerabilities.
531b64bb4ea2633f1109cd2e973907718935841b00e20a5924166294adf23b0dRed Hat Security Advisory 2017-2429-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.
35f09b561cc3a73c346f0cf027292fad0f419e997312ef76f43aa53292831960Ubuntu Security Notice 3381-2 - USN-3381-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Peter Pi discovered that the colormap handling for frame buffer devices in the Linux kernel contained an integer overflow. A local attacker could use this to disclose sensitive information. Various other issues were also addressed.
489b6e193ebc3ef47b3f2c9c6ca9f481dfc633a32d41a0677dabd8b8895df88dUbuntu Security Notice 3381-1 - Peter Pi discovered that the colormap handling for frame buffer devices in the Linux kernel contained an integer overflow. A local attacker could use this to disclose sensitive information. It was discovered that the Linux kernel did not properly restrict RLIMIT_STACK size. A local attacker could use this in conjunction with another vulnerability to possibly execute arbitrary code. Various other issues were also addressed.
c59a0e7f3fcafa98c5a9b1e95b8d8c5172f2b12fde13c8be4473a277582b448eUbuntu Security Notice 3380-1 - It was discovered that FreeRDP incorrectly handled certain width and height values. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. It was discovered that FreeRDP incorrectly handled certain values in a Scope List. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
21a7bcf6ea1779f95874edb4e02a17ae58572f33f2ab7e0cfa75d484d24397f2Red Hat Security Advisory 2017-2428-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.
b24276eaab78eefda1c8a01d0de84da7f77925100ae63c535bc7aa1c40f37577Debian Linux Security Advisory 3927-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
9f9c5bb5b6146a8be5b426602758bdbc89de02e6443b2d13e49692986ac5645eRed Hat Security Advisory 2017-2423-01 - Log4j is a tool to help the programmer output log statements to a variety of output targets. Security Fix: It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application.
84382255e826dea01a925431a5a2c76c94c7e4af2c60c0fdce397f830546649aRed Hat Security Advisory 2017-2425-01 - PostgreSQL is an advanced object-relational database management system. The following packages have been upgraded to a later upstream version: rh-postgresql95-postgresql. Security Fix: A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code.
ca8ad47d3f723a61273cac1700b53c8711537097c80d0745760b2136039712beUbuntu Security Notice 3379-1 - It was discovered that Shotwell is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission.
4fb37cfe2d2d21f94a8c8c8411163380d8b6a86ca72a5b7c899747bc6b5cd93dRed Hat Security Advisory 2017-2424-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. Multiple flaws were discovered in the RMI, JAXP, ImageIO, Libraries, AWT, Hotspot, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions.
324dc935f9f63578837b9393e96e87eaa7c0668e94af4e508c55421246d2aa72Ubuntu Security Notice 3339-2 - USN-3339-1 fixed several issues in OpenVPN. This update provides the corresponding update for Ubuntu 12.04 ESM. A Guido Vranken discovered that OpenVPN incorrectly handled an HTTP A proxy with NTLM authentication. A remote attacker could use this issue A to cause OpenVPN clients to crash, resulting in a denial of service, A or possibly expose sensitive memory contents. Various other issues were also addressed.
641ac152ac3ba505d9a7362ea8e3560555245dddfbb68bb739fa139421132dbfUbuntu Security Notice 3212-4 - USN-3212-1 fixed several issues in LibTIFF. This update provides a subset of corresponding update for Ubuntu 12.04 ESM. Mei Wang discovered a multiple integer overflows in LibTIFF which allows remote attackers to cause a denial of service or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write. It was discovered that LibTIFF is vulnerable to a heap buffer overflow in the resulting in DoS or code execution via a crafted BitsPerSample value. Various other issues were also addressed.
625841e6e136c10df9842e2ab1d565a61bef90e5e8d2f253eb6dd50f01f6ddc9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed