Red Hat Security Advisory 2018-0296-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database. This release of Red Hat JBoss Data Virtualization 6.4 serves as a replacement for Red Hat JBoss Data Virtualization 6.3.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
909456f2be517d3304345be770455bd334dcc4e6a487e1d12447841d1ee55bce
Debian Linux Security Advisory 4111-2 - Mikhail Klementev, Ronnie Goodrich and Andrew Krasichkov discovered that missing restrictions in the implementation of the WEBSERVICE function in LibreOffice could result in the disclosure of arbitrary files readable by the user who opens a malformed document.
d2adb550f067e2edb76fce3aa20fd6c76d87d59c6385b5ad1948e55508ed501b
Ubuntu Security Notice 3568-1 - Hanno Böck discovered that WavPack incorrectly handled certain WV files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Joonun Jang discovered that WavPack incorrectly handled certain RF64 files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 17.10. Various other issues were also addressed.
85a3ebe5c233f84d7efdbe94a831b0b2e8ab84740324ddf683d38e1f8068dc02
HPE Security Bulletin HPESBHF03819 1 - HPE XP Storage using Hitachi Global Link Manager (HGLM) has a local authenticated information disclosure vulnerability in HGLM version HGLM 6.3.0-00 to 8.5.2-00. Revision 1 of this advisory.
35412125b1056d70fc173b7471d15999f77adad0b6754e06982fde2be9037cc2
Red Hat Security Advisory 2018-0294-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 7.1.2 serves as a replacement for Red Hat JBoss Data Grid 7.1.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
f2c0ba8fb22651464db4fbf62c82d8cd5f89c3ba24bbae2bbea751eb86fcd9ae
Ubuntu Security Notice 3567-1 - It was discovered that Puppet incorrectly handled permissions when unpacking certain tarballs. A local user could possibly use this issue to execute arbitrary code.
9434dc6d9c56d9942b10646124862d1540e85a682ffac1a663d97c167652188b
Ubuntu Security Notice 3566-1 - It was discovered that PHP incorrectly handled the PHAR 404 error page. A remote attacker could possibly use this issue to conduct cross-site scripting attacks. It was discovered that PHP incorrectly handled memory when unserializing certain data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
3adcbbffd16eff5d2ca7db2a1a78133bcd14add6d43c9adf00bb524218d2aef4
CloudMe Sync versions 1.10.9 and below suffer from an unauthenticated remote buffer overflow vulnerability.
307a174d4e2ca11e05d03cb3342637326e0256f73524c109407bcf4616f06332
LogicalDOC Enterprise version 7.7.4 suffers from a post-authentication command execution vulnerability via binary path manipulation.
3b03afdfaa77fee2d69c4848111c8815b8b03aee1e29ac73c8fe9f2fda0e9e18
LogicalDOC Enterprise version 7.7.4 suffers from a username enumeration weakness vulnerability.
3341c6779b81ffecf5473a04978fa7c12903c213c570b25e23f72268fefccb43
LogicalDOC Enterprise version 7.7.4 suffers from directory traversal vulnerabilities.
508c6f5721028eadfaa7ac845fbf4adcff64d55e84ecf6e72abdcf804aeaf570
LogicalDOC Enterprise version 7.7.4 suffers from reflected cross site scripting vulnerabilities.
8bf528995af19cea1bc75484ef4b44a00f1f023281194fde4e256b56cfd94f21
Ubuntu Security Notice 3565-1 - Meh Chang discovered that Exim incorrectly handled memory in certain decoding operations. A remote attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code.
af6290b7d81b5f37c8718f3ea211ac9f5fe0e3ba2706920599cde51286c5524b
Gentoo Linux Security Advisory 201802-1 - Multiple vulnerabilities have been found in VirtualBox, the worst of which could allow an attacker to take control of VirtualBox. Versions prior to 5.1.32 are affected.
3eff27ee3cb3fac8ed2fbe42a43b2e137e3f1e761b264492611f01f3ae88462a
Whitepaper called TCP Starvation. It discusses a new variant of a denial of service attack.
0353ba67461158e572c7a028373eee036d6bd86a09387a03ac20ae202c31dd03
Ciesto Solutions ERP System suffers from a remote SQL injection vulnerability that allows for authentication bypass.
46cc8f0a5502245c50fc47f466d15fa69244c93103ee459775af3a90f92ff478
Advantech WebAccess Node version 8.3.0 suffers from an AspVBObj.dll code execution dll hijacking vulnerability.
f23fb09d3ddbd27b28a36a2345a48287617cdb0794f4b2379069d512284d3b79