Debian Linux Security Advisory 4039-1 - Rod Widdowson of Steading System Software LLP discovered a coding error in the OpenSAML library, causing the DynamicMetadataProvider class to fail configuring itself with the filters provided and omitting whatever checks they are intended to perform.
e013e1cc9b769a5ff67039bf6c4a2bb9bcad2f624a60e4f9b66102f6842650c3
HPE Security Bulletin HPESBMU03794 1 - Security vulnerabilities have been identified in HPE Insight Control that could be exploited remotely. Revision 1 of this advisory.
02b1ee186e8ae5b533667437df51c5aece3e083cb6d07af4e217f0507e87d313
HPE Security Bulletin HPESBMU03795 1 - Security vulnerabilities have been identified in HPE Matrix Operating Environment (MOE) on Windows. The vulnerabilities could be exploited remotely resulting in Unauthenticated Disclosure of Information and indirect vulnerabilities. Revision 1 of this advisory.
c4842032ed3ca83e50e22618f2adb360877f5bd6109ce3b358d4c27d49f5870c
Debian Linux Security Advisory 4037-1 - It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, improperly validated user input prior to set of classes was identified as unsafe for deserialization.
7a455ad321d90ebf5a8b6b75cdee7ba7bb19d9827d306543a7dfceb8fee01eac
FreeBSD Security Advisory - The kernel does not properly clear the memory of the kld_file_stat structure before filling the data. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information from the kernel stack is possible. Some bytes from the kernel stack can be observed in userspace.
4747ef53ae3d01cfbdb74523b4c0142847012112af85ec44a34e4e3530f2ba3b
FreeBSD Security Advisory - Named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. A malicious user that has access to a jailed system is able to abuse shared memory by injecting malicious content in the shared memory region. This memory region might be executed by applications trusting the shared memory, like Squid. This issue could lead to a Denial of Service or local privilege escalation.
f573e47d312f137d9ed081a3149506ed860e451e5a090be1013a7bc8d5badb5e
Debian Linux Security Advisory 4036-1 - Multiple security vulnerabilities have been discovered in MediaWiki, a website engine for collaborative work.
92051c71c5e7f3b02542f455970863face0fe5ba0e836ff5631021494f14badc
Debian Linux Security Advisory 4035-1 - Several security issues have been found in the Mozilla Firefox web implementation errors may lead to the execution of arbitrary code, denial of service or bypass of the same origin policy.
1acda4f902a26eda78668456bf7fdcdef130e7ff2ba1aa57be0f39a6e75d307d
HPE Security Bulletin HPESBHF03705 4 - A potential security vulnerability has been identified in HPE iLO 4, 3, 2 and Moonshot RCA. The vulnerability could be exploited remotely to allow disclosure of information. Revision 4 of this advisory.
9cde426e10c4e05d876ecfbb00edb8ff683793406910e0c6dc0fdc048127bb2d
D-Link DIR605L versions 2.08 and below suffer from a denial of service vulnerability via a simple HTTP GET.
5e2db716ffb704216a68d8836c2e2f0029bc36eef29b0931c8dc4c36e24af98b
Microsoft Edge Chakra suffers from a JIT issue where bailouts must be generated for OP_Memset.
813f916e60e3c818e09d0aa0e00886f53566a473ca6fc2113ff8368a345fb8a3
Microsoft Edge Chakra suffers from a Jit related incorrect integer overflow check in Lowerer::LowerBoundCheck.
e4b35e91b6f40a067301e0b8e804b7a217babf9712c7528d497a6c100e94631c
Microsoft Edge Chakra suffers from a JIT related type confusion vulnerability with switch statements.
ca3df13fbd157d87f293cdb6967b460b973c034f3fae68595d56e4b1786c606f
Microsoft Edge suffers from a memory corruption vulnerability in Object.setPrototypeOf.
ce996aa3102a5844deb5a4ab534f854386a6e434cf3673fd468e8d74d57de3d2
Ubuntu Security Notice 3480-1 - Sander Bos discovered that Apport incorrectly handled core dumps for setuid binaries. A local attacker could use this issue to perform a denial of service via resource exhaustion or possibly gain root privileges. Sander Bos discovered that Apport incorrectly handled core dumps for processes in a different PID namespace. A local attacker could use this issue to perform a denial of service via resource exhaustion or possibly gain root privileges. Various other issues were also addressed.
09137c1fbaf7e18961d69b5a64675bac70595a32d5682ca8359c67c1190ed506