RSA Adaptive Authentication (On-Premise) contains a fix for a cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.
60841db3a89cf5bc561e20c79328b9076579fff729097e687074894019a71cddEMC Isilon OneFS is affected by an NFS export vulnerability. Under certain conditions, after upgrading a cluster from OneFS 7.1.1.x or earlier, users may have unexpected levels of access to some NFS exports.
de25c6348c924c6dfa69d9df7b13126a18f28e1043a6fcb218e94b04c9409761WordPress User Access Manager plugin versions 1.2.14 and below suffer from a cross site scripting vulnerability.
09545f801ff1acb709699d02dc43f9d5883e32d10d20f5e627e63b082bed884dWordPress Tracking Code Manager plugin versions 1.11.1 and below suffer from cross site scripting and denial of service vulnerabilities.
525a48c4b569474acd49d965d41d3a6780cb169f74c155f89936037739c44f62Ubuntu Security Notice 3260-2 - USN-3260-1 fixed vulnerabilities in Firefox. The update caused the date picker panel and form validation errors to close immediately on opening. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, spoof the addressbar contents or other UI elements, escape the sandbox to read local files, conduct cross-site scripting attacks, cause a denial of service via application crash, or execute arbitrary code. A flaw was discovered in the DRBG number generation in NSS. If an attacker were able to perform a man-in-the-middle attack, this flaw could potentially be exploited to view sensitive information. Various other issues were also addressed.
4516672128a2c863308c540e8b88eefd6516196d22c6093ee8fb3334947b872fRed Hat Security Advisory 2017-1228-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 58.0.3029.96. Security Fix: A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.
a5da2c946e1c640b2fdbef733cc780ef38c004db8e8fa43f661bd7c8e4149a55Ubuntu Security Notice 3275-1 - It was discovered that OpenJDK improperly re-used cached NTLM connections in some situations. A remote attacker could possibly use this to cause a Java application to perform actions with the credentials of a different user. It was discovered that an untrusted library search path flaw existed in the Java Cryptography Extension component of OpenJDK. A local attacker could possibly use this to gain the privileges of a Java application. Various other issues were also addressed.
757d5f0438477f6893fd4224ae266090be51e7aa5c576e42f2194a28bab494a8Ubuntu Security Notice 3284-1 - It was discovered that OpenVPN improperly triggered an assert when receiving an oversized control packet in some situations. A remote attacker could use this to cause a denial of service. It was discovered that OpenVPN improperly triggered an assert when packet ids rolled over. An authenticated remote attacker could use this to cause a denial of service. Various other issues were also addressed.
d0323cbce6c72f6e323f9f5f4a6bca483302ed4b2d91ef985a627a4d571e8433Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016. Original exploit by Zhiniang Peng and Chen Wu.
dd14beacc3e87b7064dc160534d469a79690ec06c3cb5fdddd8acbce04733db8QNAP PhotoStation version 5.2.4 and MusicStation version 4.8.4 suffer from an authentication bypass vulnerability.
e4e12a638d7f717f67ffad95e2b0629cfc618118c243ffb76a043bd3e7b2a344Gongwalker API Manager version 1.1 suffers from cross site request forgery vulnerabilities.
8b307dd2ea477cf0ff836b4f2d41fdf196108e16aed4acd1fe031bd91eec60beGongwalker API Manager version 1.1 suffers from a remote blind SQL injection vulnerability.
9666aeffc998daefb34def4a59cb23e9f365216256b77473d54dabef6b07b926BanManager WebUI version 1.5.8 suffers from PHP code injection and cross site scripting vulnerabilities.
c5d2c32d7f25a3d40e819ebb383669f899494ed3e6d249f90a8f687b4d6e9374This archive contains numerous TDS streams that cause segmentation faults in the FreeTDS library. The 'tsql' binary was used for the fuzzing, so these most likely only affect client-side functionality. These have been resolved on master and the 1.0 branch.
66f3f4a74d00b0e618225737ba456b7a11922247bc49c5ae8f7ef7ad115866f7Microsoft MsMpEng suffers from an issue where the UIF decoder will spin forever processing sparse blocks.
6836f45a69f6f071caf05f74b515b151a7337c71a449b6d44cc02c812c149f3e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed