Red Hat Security Advisory 2017-3115-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. It includes bug fixes and enhancements, which are documented in the readme.txt file included with the patch files. Multiple security issues have been addressed.
c0bed40df8f1940b41e2482af7c455e5c471ee724837c44da6bf160cf08f7a3d
Red Hat Security Advisory 2017-3113-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. This release provides an update to httpd, OpenSSL and Tomcat 6/7 for Red Hat JBoss Web Server 2.1.2. The updates are documented in the Release Notes document linked to in the References.
e80b0fcbb38aa711afd94164c46a4d66836309940cad5bd3b018175cafbed643
Ubuntu Security Notice 3426-2 - USN-3426-1 fixed several vulnerabilities in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM.
bfd937d0e01692d9c76f33269e5debe131991da86cfc1bd357bfb8608560ef41
Sera version 1.2 suffers from a password disclosure that can allow for root privilege escalation.
b40c40f21695e8a70fab3e8d47b4b3d24b514004d77578dfa5b2c9d1d8dbe425
Ubuntu Security Notice 3472-1 - Marcin Noga discovered that LibreOffice incorrectly handled PPT documents. If a user were tricked into opening a specially crafted PPT document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. Marcin Noga discovered that LibreOffice incorrectly handled Word documents. If a user were tricked into opening a specially crafted Word document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. Various other issues were also addressed.
3a14e514401bd5afb4da87c104e745d1ef0cdb872b922b8440bfa960ad12bece
Red Hat Security Advisory 2017-3114-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. This release provides an update to httpd, OpenSSL and Tomcat 6/7 for Red Hat JBoss Web Server 2. The updates are documented in the Release Notes document linked to in the References.
8f2eec1450923a924fac99bd469b6cfb955af68e4eb0c7360e7582feb701dd46
Red Hat Security Advisory 2017-3111-01 - Liblouis is an open source braille translator and back-translator named in honor of Louis Braille. It features support for computer and literary braille, supports contracted and uncontracted translation for many languages and has support for hyphenation. New languages can easily be added through tables that support a rule or dictionary based approach. Liblouis also supports math braille. Security Fix: Multiple flaws were found in the processing of translation tables in liblouis. An attacker could crash or potentially execute arbitrary code using malicious translation tables.
da1453cf82bc82b73c5047b5b93e098a64a25ac8e7fff1925f0e6f9ccd75c2da
Red Hat Security Advisory 2017-3110-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: It was discovered that the RHSA-2017:2858 erratum for Red Hat Gluster Storage 3.3 for Red Hat Enterprise Linux 6 did not include the documented security fixes for issues CVE-2017-12150, CVE-2017-12151, and CVE-2017-12163. This update correctly applies fixes for those issues.
f59d585eae0b525a88712aeeef4f123e614a706c68fe9fb2d6335fd98c8bb9c5
Apple Security Advisory 2017-10-31-8 - Additional information for the APPLE-SA-2017-09-25-1 macOS High Sierra 10.13 advisory has been provided that relates to Apache and various other software.
dd6b5b4eac263ebc5404ceffc22559c55c0e9ecea353a5fb6bd44a6814913f91
Apple Security Advisory 2017-10-31-5 - Safari 11.1 is now available and addresses address bar spoofing, memory corruption, and various other vulnerabilities.
488f12cc7348edfbc2b43a70a772b34454439ef04d59c631b8e5438e04c86db0
Apple Security Advisory 2017-10-31-1 - iOS 11.1 is now available and addresses denial of service, code execution, and various other vulnerabilities.
dfa2d5d72332c1c3cd1b74e98afb886ddf907cb8d065169c43abed21bd113cbf
Vir.IT eXplorer Anti-Virus suffers from a privilege escalation vulnerability.
5758a680a8b760819f59763fee8432040b4935fce44b576cf2c24ca742ce21f7
Oracle Java SE installs a protocol handler in the registry as "HKEY_CLASSES_ROOT\jnlp\Shell\Open\Command\Default" 'C:\Program Files\Java\jre1.8.0_131\bin\jp2launcher.exe" -securejws "%1"'. This can allow allow an attacker to launch remote jnlp files with little user interaction. A malicious jnlp file containing a crafted XML XXE attack can be leveraged to disclose files, cause a denial of service or trigger SSRF. Versions v8u131 and below are affected.
95eeae9eabde4f8ff4be6539a758b833f6a5e74bc86b983863634a6eabcb0b56
Protected Links suffers from a remote SQL injection vulnerability.
2c8bf53676ab4b2a87fb26ac56939c4f30cc23b453e32d4a01c79eeebbd3e66c
AROX School ERP PHP Script suffers from a remote SQL injection vulnerability.
8702e1f94fa111809bea821a9fa79af1afe94711cdf3564fb33abc6ccc64bdc5
Newspaper Magazine and Blog CMS version 1.0 suffers from a remote SQL injection vulnerability.
daad1593b5cd99aa32ee695deeeb7018fdaad52082a7dcfcdeb9f9bc1b419e04
Shareet Photo Sharing Social Network suffers from a remote SQL Injection vulnerability.
3798aa7ec7ebe96887f284ab0a595332ae34922a919e85ede183fa3f04d9ff7a
US Zip Codes Database suffers from a remote SQL injection vulnerability.
612d21157bf2a3e87ec6b26311a4239a7d9092440b51b23cc13a9cc1526800b9
Ingenious School Management System version 2.3.0 suffers from a remote SQL injection vulnerability.
174924638cd920c5ab06d05981b32edb9fab138fa593586b3faf702939c5cb79
OctoberCMS version 1.0.426 (Build 426) suffers from a cross site request forgery vulnerability.
ccff89bd09fbd52d37f55db26fc77ecdbafe040098e2fd831759890dff129ae2
The ZyXEL PK5001Z modem has a hardcoded backdoor admin account that allows escalation to root.
ae06b605e42c5422c5b0475605eaacc869041e877d92ebe35503b4e9d2ccc096
News Magazine and Blog CMS version 1.0 suffers from a remote SQL injection vulnerability.
ad119677bd3b5ee69ce79d90fbd3e8c8c316a1fb149edcffe67ada18179702c5
MyMagazine Magazine and Blog CMS version 1.0 suffers from a remote SQL injection vulnerability.
c56720f80b25717116a4051a297ac468ab2ef31c7e0a7a399351a2876e677409
Creative Management System CMS Lite version 1.4 suffers from a remote SQL injection vulnerability.
2f903f5a8770d76dad24cd71420870640dffcb342d372bac4d5ba358f55abbdf
Basic B2B Script suffers from a remote SQL injection vulnerability.
78426c2adb33b82166b12881adf2029647e516522efc3ca586f6faf35170e0b7