Debian Linux Security Advisory 3953-1 - Zane Bitter from Red Hat discovered a vulnerability in Aodh, the alarm engine for OpenStack. Aodh does not verify that the user creating the alarm is the trustor or has the same rights as the trustor, nor that the trust is for the same project as the alarm. The bug allows that an authenticated users without a Keystone token with knowledge of trust IDs to perform unspecified authenticated actions by adding alarm actions.
b852fd7ecd286f6539eacf7df6220d7b6245d0b7ac2a1d9c823d9d20266e3fc4Red Hat Security Advisory 2017-2530-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 6 to version 6 SR16-FP50. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
f5c9687c4bf79d6f277442191c422c31b1f4ffc77e93628a29f07ca77a7109d8Automated Logic WebCTRL version 6.5 suffers from an unrestricted file upload vulnerability that allows for remote code execution.
f5ec309a0e465dfbc002ea0bfd08d04c0e3c48c4ed331bc5cb59e3536bddbd2eAutomated Logic WebCTRL version 6.1 suffers from path traversal and arbitrary file write vulnerabilities.
d3b951db8409e19b78475f9fb44d79c63325ddae62a4de844e546024fb5b2b8cAutomated Logic WebCTRL version 6.5 suffers from an insecure file permission privilege escalation vulnerability.
95c0566949ebd8616eb1141368a70cdd203cf64dc7a16064ae2eb534e123d8f5Progress Sitefinity version 9.1 suffers from cross site scripting, broken session management, and open redirection vulnerabilities.
6dba45f7f59d22b91a7da1e062d47503339c845d05f06925c38ebfe93cd3ddb8RedTeam Pentesting discovered that attackers can configure a proxy host and port to be used when fetching print jobs with WebClientPrint Processor (WCPP). This proxy setting may be distributed via specially crafted websites and is set without any user interaction as soon as the website is accessed. Version 2.0.15.109 is affected.
09c0e3cd68348e506a9714a171060413afaa79dbee57b201c4d67e7fd6a31b1cRedTeam Pentesting discovered that rogue updates trigger a remote code execution vulnerability in WebClientPrint Processor (WCPP). These updates may be distributed through specially crafted websites and are processed without any user interaction as soon as the website is accessed. However, the browser must run with administrative privileges. Version 2.0.15.109 is affected.
16d24709c0cb5cba7e8f5f98b3f1f03545ac4ec24730922aafb7e643bd7c27d7RedTeam Pentesting discovered that WebClientPrint Processor (WCPP) does not validate TLS certificates when initiating HTTPS connections. Thus, a man-in-the-middle attacker may intercept and/or modify HTTPS traffic in transit. This may result in a disclosure of sensitive information and the integrity of printed documents cannot be guaranteed. Version 2.0.15.109 is affected.
d5d5ce3f3fb5bf4d769947dc95fa513fec9e066196c762f799c032bd2ce628d1WebClientPrint Processor version 2.0.15.109 suffers from a remote code execution vulnerability via print jobs.
76fbb2cc02917553f3f3564e781c290894efa3b6b06fcd52855df0eeb4b137ecBackdrop CMS versions 1.7.1 and below suffer from a persistent cross site scripting vulnerability.
3a131c576e912714853a602a6727328fd8a1c421a17ee63b991836fc04035f40Red Hat Security Advisory 2017-2524-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a later upstream version: ansible. Multiple security issues have been addressed.
33d24d0ae6ef6c520ee5abc9a80f8d042eb685f1a5d9a37ffb1c2af99bff2122Ubuntu Security Notice 3401-1 - It was discovered that TeX Live incorrectly handled certain system commands. If a user were tricked into processing a specially crafted TeX file, a remote attacker could execute arbitrary code.
e2dd15b88bd511cf338df474d6659910010ee0c046f5ebf774a500cbf8251847Debian Linux Security Advisory 3951-1 - Sebastian Krahmer discovered that a programming error in the mount helper binary of the Smb4k Samba network share browser may result in local privilege escalation.
f090c64e83c637a740e51341916f0499c6f32755580e47146fb7b8bf082aafbdDebian Linux Security Advisory 3950-1 - Hossein Lotfi and Jakub Jirasek from Secunia Research have discovered multiple vulnerabilities in LibRaw, a library for reading RAW images. An attacker could cause a memory corruption leading to a DoS (Denial of Service) with craft KDC or TIFF file.
6bd640d22d0636b104d231b80f39fb8bd250f4aa1590299391ca0277bd425d7b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed