SlimarUSER Management version 1.0 suffers from a remote SQL injection vulnerability.
2bec07fb52df7d10da97a4351f54a57c0ba6975f4a18e6dd9aab8b86b68a133a
Red Hat Security Advisory 2017-0250-01 - The jboss-ec2-eap package provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.12. Security Fix: It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation.
6d46c7993d4b72d6357975682bceafd58c2ddeb3b0052ded0a7ba19dd6ed624f
Red Hat Security Advisory 2017-0244-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.12, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation.
7cde72c7b38ffd626b749a5c8ce756bb67ab67324138e797aa214bf9745b3e04
Red Hat Security Advisory 2017-0245-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.12, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation.
6ddb91c98ce43b9ca6121e31a310a74f7b6d054aa1cd611d9d1afbcfc85d4d97
Red Hat Security Advisory 2017-0247-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.12, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation.
bc217e17297df960be2b6d4db841ade55294aa7a5a2a05ee5211270f502537fe
Red Hat Security Advisory 2017-0246-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.12, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation.
3c07dd40714955d355bb85794292fb5fe8501c325022200a66ec0006227929d7
Red Hat Security Advisory 2017-0249-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.4.1 serves as a replacement for Red Hat JBoss BPM Suite 6.4.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Multiple security issues have been addressed.
9d51aac2883a730212656b77c265059107cc080452c8f58055fcabe65e8f7390
Red Hat Security Advisory 2017-0248-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.4.1 serves as a replacement for Red Hat JBoss BRMS 6.4.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that the parsing of XMP and other XML formats in PDF by Apache PDFBox would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
d1e4ce5ea0eaa0f332f13f9d1bf8bbbb135064a9a8be019689c2e44073a2e731
Ubuntu Security Notice 3189-1 - Mikulas Patocka discovered that the asynchronous multibuffer cryptographic daemon in the Linux kernel did not properly handle being invoked with incompatible algorithms. A local attacker could use this to cause a denial of service. Qidan He discovered that the ICMP implementation in the Linux kernel did not properly check the size of an ICMP header. A local attacker with CAP_NET_ADMIN could use this to expose sensitive information. Various other issues were also addressed.
0f3136fcfb20894c5f31c658da4570ea1617117f25f703bedd4422456e8c8b6e
Ubuntu Security Notice 3189-2 - USN-3189-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Mikulas Patocka discovered that the asynchronous multibuffer cryptographic daemon in the Linux kernel did not properly handle being invoked with incompatible algorithms. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
852d2ecf12fb5e32e229fe893e3cd546f2ac5e0aedf19d8cb685eabd45e1317e
Ubuntu Security Notice 3190-1 - Mikulas Patocka discovered that the asynchronous multibuffer cryptographic daemon in the Linux kernel did not properly handle being invoked with incompatible algorithms. A local attacker could use this to cause a denial of service. It was discovered that a use-after-free existed in the KVM susbsystem of the Linux kernel when creating devices. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
bd67da6c07218157f0d827497e94107d511dd272fd135c5e7062763994f1a47d
Ubuntu Security Notice 3188-1 - Andrey Konovalov discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. A remote attacker could use this to cause a denial of service.
2d86a5668ca445385ed856b341052e55b2ca7a7739ca9710f3274ae11772545e
Ubuntu Security Notice 3188-2 - USN-3188-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Andrey Konovalov discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. A remote attacker could use this to cause a denial of service. Various other issues were also addressed.
d90dd1042ccad8a5d25b41985f7a8c9c0960542e13b81ad7480577fd19738c9e
Ubuntu Security Notice 3187-1 - Andrey Konovalov discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. A remote attacker could use this to cause a denial of service. It was discovered that multiple memory leaks existed in the XFS implementation in the Linux kernel. A local attacker could use this to cause a denial of service.
544e67175d92577d34104f1d7c597e124f390d4def78f2384361ab8c583eab43
Ubuntu Security Notice 3177-2 - USN-3177-1 fixed vulnerabilities in Tomcat. The update introduced a regression in environments where Tomcat is started with a security manager. This update fixes the problem. It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn't exist. A remote attacker could possibly use this issue to enumerate usernames. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Alvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly limited use of a certain utility method. A malicious application could possibly use this to bypass Security Manager restrictions. Various other issues were also addressed.
57a72bb771cc2225db7906a9c2ff594538c87f4e7e8aaf43d8de9b80f0774ac5
Itech Multi Vendor Script version 6.49 suffers from multiple remote SQL injection vulnerabilities.
b894bf251e9277f7fe9945e846aef0cd0c4f2eeca860a4b18f67e3c9fb72e817
Netwave IP camera suffers from a password disclosure vulnerability.
423b8d3c8f5472069ad1533abd2953bb63d0ac772c89b0857f70c3b4b96acd56
CUPS versions prior to 2.0.3 reference count over decrement remote code execution exploit.
9952774461bb22bab55621db41a0c77cb15b0319086b5d190546e343fd847c8f
The Copenhagen CyberCrime conference has announced its call for speakers. It will take play May 24th, 2017 in Copenhagen, Denmark.
81516fb031ce3c7337839b17c7e6fede767bd88af5f8b8444b59b9495f4b315d