Red Hat Security Advisory 2017-3190-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Security Fix: A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.
0f66526d3adb74611a2e167794e574844c5c9f442aa93edb3aac396a40765ffe
Gentoo Linux Security Advisory 201711-12 - Multiple vulnerabilities have been found in eGroupWare, the worst of which allows remote attackers to execute arbitrary code. Versions less than 1.8.004.20120613 are affected.
37744d37c65dfee73209d39dfc358adb6757ead24256f4aed09c5774cf263a63
Gentoo Linux Security Advisory 201711-11 - A vulnerability was discovered in VDE which may allow local users to gain root privileges. Versions less than 2.3.2-r4 are affected.
d88345e855901432fe4a05639b963c71bbc0ffb8bbe1372674f0dbfa0a3b76fe
Red Hat Security Advisory 2017-3193-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.
c37bc00995e2ba215279de8aa06d048a284c1c0b8b6c3f26763b2c0337a767e7
Red Hat Security Advisory 2017-3189-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Security Fix: A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.
d827bd4f9f80195a614a921ac149b33e2a8efccbd3a08e8611dd7843b70ce7a3
WordPress Boozang plugin version 1.0.0 suffers from a cross site scripting vulnerability.
d5be64f855e3c6ed0e85994ffb5bd8bedfd5ede52a0209835fbca7a660bd2e2f
WordPress Cartogiraffe Map version 1.0 suffers from a persistent cross site scripting vulnerability.
873fe871e50fef95299934e75557c04db1b7cffd7587f4fe644f609828a82a8b
WordPress Appointments plugin version 2.2.2.2 suffers from a persistent cross site scripting vulnerability.
bd41bd6dcc873587a933738767ec2b11fe3a0b55eba9b913f34f1df3f495c5e0
Xlight FTP Server version 3.8.8.5 buffer overflow proof of concept exploit.
f79376c04b96ef64d71e45013448a23b12819e7f6618b4725d4b9f4c36e4b647
KirbyCMS versions prior to 2.5.7 suffer from a persistent cross site scripting vulnerability.
d4d79980910ad0c31e43a8388ef7879847d00922be17baf0b629c29e67726059
Gentoo Linux Security Advisory 201711-10 - Multiple vulnerabilities have been found in Cacti, the worst of which could lead to the remote execution of arbitrary code. Versions less than 1.1.20:1.1.20 are affected.
97704550c4ba8ab019b2d037f4857d6a56a9554e0fa2a554f38dfe3205a6fc63
Gentoo Linux Security Advisory 201711-9 - A vulnerability in LXC may lead to an unauthorized security bypass. Versions less than 2.0.7 are affected.
ed3a5291fafca8e6edf35b3f06d5ab7aefc6d5c9618d7a7d2921ee767d1cb618
Monstra CMS version 3.0.4 suffers from a cross site scripting vulnerability.
f22808a7c03e2fca3e2c17ccf6f519d0dfec2e1cc3cf90e6b4303b832dd1c96c
IKARUS AntiVirus version 2.16.7 suffers from an ntguard_x64 privilege escalation vulnerability.
7ff29cd9d3e648a1a4604d7d8610cc7d6c72e7b699b66509e885061371ea8efe
Web Viewer version 1.0.0.193 on Samsung SRN-1670D suffers from an unrestricted file upload vulnerability.
885ec7ceed2d053ced5d897f78056b1ccabe528cc26c52c64e50782a1b9d9921