The Trend Micro Enterprise Mobile Security android application suffers from a man-in-the-middle SSL certificate vulnerability.
3be0a3916b23746808c0c776f1e66acee4ee7df205c6f4e4557903bacd4c08ebHPE Security Bulletin HPESBHF03723 1 - A potential security vulnerability has been identified in HPE Aruba ClearPass Policy Manager. The vulnerability could be remotely exploited to allow execution of code. **Note:** The ClearPass Policy Manager administrative Web interface is affected by the vulnerability. ClearPass Guest, Insight, and Graphite are NOT impacted. Revision 1 of this advisory.
d6e597c7bb73b8b7ba06f660e94513f08f799d97c77d1c9cf31cc41c314e3fa6HPE Security Bulletin HPESBUX03725 1 - Potential security vulnerabilities have been identified with HP-UX Web Server Suite running Apache on HP-UX 11iv3. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), Unauthorized Read Access to Data and other impacts including: * Padding Oracle attack in Apache mod_session_crypto * Apache HTTP Request Parsing Whitespace Defects. Revision 1 of this advisory.
5df1b537a3a2899886f0263d940c4193b758bfc583dd96021c5e940a90f029a8Ubuntu Security Notice 3251-2 - USN-3251-1 fixed a vulnerability in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service or execute arbitrary code with administrative privileges. Various other issues were also addressed.
b1d487963e5c52b099632d8ab214ebd2e907b74a6c379f725d804c0da4616fcbUbuntu Security Notice 3251-1 - It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service or execute arbitrary code with administrative privileges.
1ca3a3e8ffe4e088904c9f1b8447dbb3bf2c0b1d8c96424615dc666524cfd330Ubuntu Security Notice 3250-1 - It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service or execute arbitrary code with administrative privileges.
e0d47a21fe1bda95bc4b052c9f7665e52054b71dab369a17a44a17c1ebde95d4Ubuntu Security Notice 3250-2 - USN-3250-1 fixed a vulnerability in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service or execute arbitrary code with administrative privileges. Various other issues were also addressed.
b422cb5aab80fdbf0c348767b7d781f06b31e9fe1bd2d4d06b44326a9ad12b40Ubuntu Security Notice 3249-2 - USN-3249-1 fixed a vulnerability in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service or execute arbitrary code with administrative privileges. Various other issues were also addressed.
460470cda31135e28bf5e1bede438fdd331eba3492c08a19c3210a779e90f05aUbuntu Security Notice 3248-1 - It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service or execute arbitrary code with administrative privileges.
b2af43e9ee4661670491287b35ae5b6204a60fd2e6cb9ae3dbee38243de221bdUbuntu Security Notice 3249-1 - It was discovered that the xfrm framework for transforming packets in the Linux kernel did not properly validate data received from user space. A local attacker could use this to cause a denial of service or execute arbitrary code with administrative privileges.
8e6a027bf065ecdae1744051be9c1eeb8feffddb13c1d70f176316aecc5f924cUbuntu Security Notice 3236-1 - Multiple vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, spoof application UI by causing the security status API or webview URL to indicate the wrong values, bypass security restrictions, cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.
7069b55c974764404a6bd3c1a7386f8efd74a673a5217b50585d13825906a1ffDebian Linux Security Advisory 3824-1 - George Noseevich discovered that firebird2.5, a relational database system, did not properly check User-Defined Functions (UDF), thus allowing remote authenticated users to execute arbitrary code on the firebird server.
77569fa3e3fe5a77943c7cab473511a3a5e942a79f3b4057eec65f15d8cdbc0eDebian Linux Security Advisory 3798-2 - DSA-3798-1 for tnef introduced a regression that caused crashes on some attachments.
91907dc419eacbfe525acaae6b9baccfc9233d9873b50246b5cf24e06fb463deRed Hat Security Advisory 2017-0847-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: It was found that the fix for CVE-2015-3148 in curl was incomplete. An application using libcurl with HTTP Negotiate authentication could incorrectly re-use credentials for subsequent requests to the same server.
974b5fabd635b171138950d3c4169a2374eec8a7fa006d510de7b420497dd80fSlackware Security Advisory - New mariadb packages are available for Slackware 14.2 and -current to fix security issues.
d28bdd977d39f007c77399f719272fae2c4233f4574b5f1bad80d829ac511400Amazon S3 suffers from an open redirection vulnerability.
cc5afbb9a4b12138b7c5db47bdc0b8bb94e014dae51869e09b079aaf22a799b5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed