Red Hat Security Advisory 2017-3470-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An assertion-failure flaw was found in the Network Block Device server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.
efb4335c9408229c495f95ad12044120be9a1e15087a66ae9adce3583c29740dGentoo Linux Security Advisory 201712-1 - Multiple vulnerabilities have been discovered in WebKitGTK+, the worst of which may lead to arbitrary code execution. Versions less than 2.18.3 are affected.
32a6a6bff020e5e331002d89377e2a56a25905507ff282e33df24d6f1ef4e1deRed Hat Security Advisory 2017-3463-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix: An arbitrary command execution flaw was found in the way Go's "go get" command handled the checkout of source code repositories. A remote attacker capable of hosting malicious repositories could potentially use this flaw to cause arbitrary command execution on the client side. It was found that smtp.PlainAuth authentication scheme in Go did not verify the TLS requirement properly. A remote man-in-the-middle attacker could potentially use this flaw to sniff SMTP credentials sent by a Go application.
34fc4cb4409bacd861fabab79b86a4ada6ca60f08cdf7237d43f8b4401e9eae2Red Hat Security Advisory 2017-3471-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An assertion-failure flaw was found in the Network Block Device server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.
6c949e978f3129a4fa9524d05a3e6a59fc158b36609c374f54dd21fcdd7bb992Debian Linux Security Advisory 4064-1 - Several vulnerabilities have been discovered in the chromium web browser.
7d0e4cd3d3c5dd5c3b29957e44a289f54af873db69adb1158d9dff1610da210bThis Metasploit module generates an DDE command to place within a word document, that when executed, will retrieve a HTA payload via HTTP from an web server.
c78e1c6fecbebe56444e1bea5963cf977f091c6e851633f4e7b05b3de8fff37bAsterisk Project Security Advisory - If a compound RTCP packet is received containing more than one report (for example a Receiver Report and a Sender Report) the RTCP stack will incorrectly store report information outside of allocated memory potentially causing a crash.
ad570e142eb4ed64ce1d02cb9f2d12edb9da7bbfbc9262b5c740e7b5ad1dc490WordPress WooPay Inicis plugin version 1.1.3 suffers from a cross site scripting vulnerability.
8f5e2628d12376dd320e1b0adaf823b98f0f5181d77ec8bcf44e0693143102d9WordPress WordApp Mobile App plugin version 2.0.3 suffers from a cross site scripting vulnerability.
3676a99218434ed451a6b893a3010c3d8dc84c177e96d5d6bfc67c5dc5a1f3e1Wordpress Qiniu Cloudtuchuang (七牛云图床) plugin version 1.8 is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
f4bd2905852b0a1b3ce77319befd9d8b6de05261e4c403b77caaa24f86ee7186Red Hat Security Advisory 2017-3458-01 - The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the eap7-jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 7.1.
a6bc536fb4e9a0a5347c1f3d161bd02b0c46b316d4a5e926a1fc2455bbb97398Red Hat Security Advisory 2017-3455-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.0 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: A Denial of Service can be caused when a long request is sent to EAP 7.
eb03f49d76de756a7684d3922ce2c0add51cd14586df2064a9bd1e0d59a01ffcRed Hat Security Advisory 2017-3454-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.0 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: A Denial of Service can be caused when a long request is sent to EAP 7.
12cf1837656dfd68a114723efd474d6ce65db36dfdd284c5ac3bfd17e3d2b387Red Hat Security Advisory 2017-3456-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.0 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: A Denial of Service can be caused when a long request is sent to EAP 7.
28a3ebd18bae2ae54a432880cb23717b5cd055b67867d19ac18aa8f011ca235dRed Hat Security Advisory 2017-3453-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP5. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
5cdbf5273d807c44144081264433f64aca62c27845caebf77dc83aeda8dbc521
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed