Red Hat Security Advisory 2017-3270-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. Security Fix: An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak.
ac092a4be485ac7d15c938e50713a1d1b80f85f242be87121a1bb281cf5c2665Red Hat Security Advisory 2017-3269-01 - The procmail packages contain a mail processing tool that can be used to create mail servers, mailing lists, sort incoming mail into separate folders or files, preprocess mail, start any program upon mail arrival, or automatically forward selected incoming mail. Security Fix: A heap-based buffer overflow flaw was found in procmail's formail utility. A remote attacker could send a specially crafted email that, when processed by formail, could cause formail to crash or, possibly, execute arbitrary code as the user running formail.
5622b099a9dfdea7d27cd19e91fd3673e0d1f340111ff01937ce5596b21a9dafRed Hat Security Advisory 2017-3188-01 - Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. The OpenShift Container Platform 3.7 Release Notes provides information about new features, bug fixes, and known issues. This advisory contains the RPM packages for this release.
0fe9fc5b2a90021d45b19857908bc1ef158f71fdbebf89369594e79322e8773fRed Hat Security Advisory 2017-3268-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP15. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
4d3f99353fc0df0e6a3b532ab60da83e1644f085c1e6bc829589edb141973576Red Hat Security Advisory 2017-3267-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP5. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
1cbdf57cadd1e25962575914fcbe68c5198cbbf91b9a933acd1c4fc9b599ac7dUbuntu Security Notice 3496-3 - USN-3496-1 fixed a vulnerability in Python2.7. This update provides the corresponding update for versions 3.4 and 3.5. It was discovered that Python incorrectly handled decoding certain strings. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.
25ec9bbd468ed0c82e0fe30a2b0f52afae748c6e3c5db5c64cdf86ebbf0c6b12The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. This is the cross platform package.
dc4fa60c53f1fc1f05479780e9ee5c0f3399b9a27a10a6faa06ea7036a46b8e0pfSense versions 2.3.1_1 and below contain a remote command execution vulnerability post authentication in the system_groupmanager.php page.
7e95005faf5bd57e5f8dd4d924787a1fff296c90c38c30c7cdaff7910db8bb51This Microsoft bulletin summary holds information regarding an update to ADV170020 and CVE-2017-11882.
8c08d2b67f5fdd5c140f53076710a906d0d8f284ac320f33f211d5650d20f612Ubuntu Security Notice 3496-2 - USN-3496-1 fixed a vulnerability in Python. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Python incorrectly handled decoding certain strings. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.
4a22f21aff027378e07779d79dadfe00a297d9391643a87ff58a459c0677471eUbuntu Security Notice 3496-1 - It was discovered that Python incorrectly handled decoding certain strings. An attacker could possibly use this issue to execute arbitrary code.
80fb3c8c7fa006d1e08575782e3dce959bd30004b0f4f8b9f5c5278cc9fbc1e9TempestSDR is an open source tool that allows you to use any SDR that has a supporting ExtIO (such as RTL-SDR, Airspy, SDRplay, HackRF) to receive the unintentional signal radiation from a screen, and turn that signal back into a live image. This is a pre-compiled version of the project that is built to work on Windows with ExtIO interfaces.
8ba8910a4bf58caeac2cb02e3f6edbd07a32333f3304c30c83828aab87b3c55fThis project is a software toolkit for remotely eavesdropping video monitors using a Software Defined Radio (SDR) receiver. It exploits compromising emanations from cables carrying video signals. Raster video is usually transmitted one line of pixels at a time, encoded as a varying current. This generates an electromagnetic wave that can be picked up by an SDR receiver. The software maps the received field strength of a pixel to a gray-scale shade in real-time. This forms a false colour estimate of the original video signal. The toolkit uses unmodified off-the-shelf hardware which lowers the costs and increases mobility compared to existing solutions. It allows for additional post-processing which improves the signal-to-noise ratio. The attacker does not need to have prior knowledge about the target video display. All parameters such as resolution and refresh rate are estimated with the aid of the software. The software consists of a library written in C, a collection of plug-ins for various Software Define Radio (SDR) front-ends and a Java based Graphical User Interface (GUI). It is a multi-platform application, with all native libraries pre-compiled and packed into a single Java jar file. This forked variant of the original contains an updated Makefile to support Windows with ExtIO interfaces.
913741b472128ad1b2ac7ab93cbf5301bd4d26b65a78782bde70fd5f962156a4HikVision Wi-Fi IP cameras come with a default SSID "davinci", with a setting of no WiFi encryption or authentication. Depending on the firmware version, there is no configuration option within the camera to turn off Wi-Fi. If a camera is deployed via wired ethernet, then the WiFi settings won't be adjusted, and a rogue AP with the SSID "davinci" can be associated to the camera to provide a new attack vector via WiFi to a wired network camera. Tested on firmware versions 5.3.0, 5.4.0, and 5.4.5 and model number DS-2CD2432F-IW.
f5308846195618c1d90deb701b32687a1044057024da5ebb8faa201a03647d06There is a directory traversal issue in attachment downloads in Gmail. For non-gmail accounts, there is no path sanitization on the attachment filename in the email, so when attachments are downloaded, a file with any name and any contents can be written to anywhere on the filesystem that the Gmail app can access.
acde40f4552aa5149be44a28077696e55fd9ef012ef17e6a02fc5ba02d2dce2c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed