Debian Linux Security Advisory 4131-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor.
9a6075fe7c2d434a17a673f5b2435797
Debian Linux Security Advisory 4120-2 - The security update announced as DSA-4120-1 caused regressions on the powerpc kernel architecture (random programs segfault, data corruption). Updated packages are now available to correct this issue.
0a50f2ddedcd136115af3db08ad9e09a
Debian Linux Security Advisory 4130-1 - Several vulnerabilities have been discovered in the Dovecot email server.
ff5358c46cf0f32f866398aa80f7ae8f
OWASP JoomScan is an opensource project for detecting Joomla CMS vulnerabilities. Written in Perl.
7e5b960ec4f8e2fef8be1674212bf52e
Debian Linux Security Advisory 4129-1 - Multiple heap buffer over reads were discovered in freexl, a library to read Microsoft Excel spreadsheets, which could result in denial of service.
506470e2adefab1575d5da7c329c33f2
Debian Linux Security Advisory 4128-1 - Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server. They could lead to the use of an incorrect upstream proxy, or allow a remote attacker to cause a denial-of-service by application crash.
9f749e62dd2b900735379f6dff507029
Ubuntu Security Notice 3588-1 - Daniel Shapira discovered an integer overflow issue in Memcached. A remote attacker could use this to cause a denial of service. It was discovered that Memcached listened to UDP by default. A remote attacker could use this as part of a distributed denial of service attack.
d801359fde7a431a2661008a3f1439a6
Ubuntu Security Notice 3587-1 - It was discovered that Dovecot incorrectly handled parsing certain email addresses. A remote attacker could use this issue to cause Dovecot to crash, resulting in a denial of service, or possibly obtain sensitive information. It was discovered that Dovecot incorrectly handled TLS SNI config lookups. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service. Various other issues were also addressed.
d950c50445bd3f0c41053e96a325ea91
Ubuntu Security Notice 3575-2 - USN-3575-1 fixed vulnerabilities in QEMU. The fix for CVE-2017-11334 caused a regression in Xen environments. This update removes the problematic fix pending further investigation. It was discovered that QEMU incorrectly handled guest ram. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. David Buchanan discovered that QEMU incorrectly handled the VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 17.10. Thomas Garnier discovered that QEMU incorrectly handled multiboot. An attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Various other issues were also addressed.
8897bd653068b95fd874eb483496b3a5
Chrome V8 JIT suffers from a type confusion vulnerability in GetSpecializationContext.
c1e3d25702ab92ccc6b9e4fa26a23ca8
Chrome V8 JIT JSBuiltinReducer::ReduceObjectCreate fails to ensure that the prototype is "null".
96db4756a94460953b8651efe3b9243c
Chrome V8 has an empty BytecodeJumpTable that may lead to an out-of-bounds read.
3ec3eecf67ab73ca7415c975c50dffbb
Chrome V8 JIT suffers from a simplified-lowererer IrOpcode::kStoreField, IrOpcode::kStoreElement optimization bug.
cf482c8ffa69e71cd5fd8a7fedeea173
Softros Network Time System Server version 2.3.4 suffers from a denial of service vulnerability.
8399908f436c56ef779abd559a2fef0a
CloudMe Sync version 1.9.2 remote buffer overflow exploit. Tested on Win7 32b SP1.
0aad6d2a48bef8836345a0cdb5dad99c