RSA Adaptive Authentication (On-Premise) contains a fix for a cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.
60841db3a89cf5bc561e20c79328b9076579fff729097e687074894019a71cdd
EMC Isilon OneFS is affected by an NFS export vulnerability. Under certain conditions, after upgrading a cluster from OneFS 7.1.1.x or earlier, users may have unexpected levels of access to some NFS exports.
de25c6348c924c6dfa69d9df7b13126a18f28e1043a6fcb218e94b04c9409761
WordPress User Access Manager plugin versions 1.2.14 and below suffer from a cross site scripting vulnerability.
09545f801ff1acb709699d02dc43f9d5883e32d10d20f5e627e63b082bed884d
WordPress Tracking Code Manager plugin versions 1.11.1 and below suffer from cross site scripting and denial of service vulnerabilities.
525a48c4b569474acd49d965d41d3a6780cb169f74c155f89936037739c44f62
Ubuntu Security Notice 3260-2 - USN-3260-1 fixed vulnerabilities in Firefox. The update caused the date picker panel and form validation errors to close immediately on opening. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, spoof the addressbar contents or other UI elements, escape the sandbox to read local files, conduct cross-site scripting attacks, cause a denial of service via application crash, or execute arbitrary code. A flaw was discovered in the DRBG number generation in NSS. If an attacker were able to perform a man-in-the-middle attack, this flaw could potentially be exploited to view sensitive information. Various other issues were also addressed.
4516672128a2c863308c540e8b88eefd6516196d22c6093ee8fb3334947b872f
Red Hat Security Advisory 2017-1228-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 58.0.3029.96. Security Fix: A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.
a5da2c946e1c640b2fdbef733cc780ef38c004db8e8fa43f661bd7c8e4149a55
Ubuntu Security Notice 3275-1 - It was discovered that OpenJDK improperly re-used cached NTLM connections in some situations. A remote attacker could possibly use this to cause a Java application to perform actions with the credentials of a different user. It was discovered that an untrusted library search path flaw existed in the Java Cryptography Extension component of OpenJDK. A local attacker could possibly use this to gain the privileges of a Java application. Various other issues were also addressed.
757d5f0438477f6893fd4224ae266090be51e7aa5c576e42f2194a28bab494a8
Ubuntu Security Notice 3284-1 - It was discovered that OpenVPN improperly triggered an assert when receiving an oversized control packet in some situations. A remote attacker could use this to cause a denial of service. It was discovered that OpenVPN improperly triggered an assert when packet ids rolled over. An authenticated remote attacker could use this to cause a denial of service. Various other issues were also addressed.
d0323cbce6c72f6e323f9f5f4a6bca483302ed4b2d91ef985a627a4d571e8433
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016. Original exploit by Zhiniang Peng and Chen Wu.
dd14beacc3e87b7064dc160534d469a79690ec06c3cb5fdddd8acbce04733db8
QNAP PhotoStation version 5.2.4 and MusicStation version 4.8.4 suffer from an authentication bypass vulnerability.
e4e12a638d7f717f67ffad95e2b0629cfc618118c243ffb76a043bd3e7b2a344
Gongwalker API Manager version 1.1 suffers from cross site request forgery vulnerabilities.
8b307dd2ea477cf0ff836b4f2d41fdf196108e16aed4acd1fe031bd91eec60be
Gongwalker API Manager version 1.1 suffers from a remote blind SQL injection vulnerability.
9666aeffc998daefb34def4a59cb23e9f365216256b77473d54dabef6b07b926
BanManager WebUI version 1.5.8 suffers from PHP code injection and cross site scripting vulnerabilities.
c5d2c32d7f25a3d40e819ebb383669f899494ed3e6d249f90a8f687b4d6e9374
This archive contains numerous TDS streams that cause segmentation faults in the FreeTDS library. The 'tsql' binary was used for the fuzzing, so these most likely only affect client-side functionality. These have been resolved on master and the 1.0 branch.
66f3f4a74d00b0e618225737ba456b7a11922247bc49c5ae8f7ef7ad115866f7
Microsoft MsMpEng suffers from an issue where the UIF decoder will spin forever processing sparse blocks.
6836f45a69f6f071caf05f74b515b151a7337c71a449b6d44cc02c812c149f3e