Adobe Flash suffers from a heap corruption vulnerability in the margin handling.
19f24cf279fd2e72d032220c5d8428c8270508c3c25f9006996eac40ba0cc4ad
Adobe Flash suffers from an out-of-bounds read in AVC deblocking.
750594de5f9554b1eb4832b7745301c0ab665475c1dbefff2c225998feca6426
It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). Andreas Gruenbacher and Jan Kara discovered that the filesystem implementation in the Linux kernel did not clear the setgid bit during a setxattr call. A local attacker could use this to possibly elevate group privileges.
bcd1da354e95152a1d55d4594bee07001348114c492bc49628b78a071250ded3
Ubuntu Security Notice 3293-1 - Dmitry Vyukov discovered that KVM implementation in the Linux kernel improperly emulated the VMXON instruction. A local attacker in a guest OS could use this to cause a denial of service in the host OS. Dmitry Vyukov discovered that the generic SCSI subsystem in the Linux kernel contained a stack-based buffer overflow. A local attacker with access to an sg device could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
28157ece7b6c36fc871846f3ef26802654c9896b6d03a1845e875c1ba8ff42c5
Ubuntu Security Notice 3292-2 - USN-3292-1 fixed a vulnerability in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. Jason Donenfeld discovered a heap overflow in the MACsec module in the Linux kernel. An attacker could use this to cause a denial of service or possibly execute arbitrary code.
c70c25536e78eb1d5e5730eb6cfcbdfa1a826986f0778fd2b9aafa9670420171
Ubuntu Security Notice 3292-1 - Jason Donenfeld discovered a heap overflow in the MACsec module in the Linux kernel. An attacker could use this to cause a denial of service or possibly execute arbitrary code.
15becdcfe59fab923e4f0382140bc6a53bdcc9af8157e9c595c1154313cb3a28
Ubuntu Security Notice 3291-1 - Dmitry Vyukov discovered that the generic SCSI subsystem in the Linux kernel contained a stack-based buffer overflow. A local attacker with access to an sg device could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a NULL pointer dereference existed in the Direct Rendering Manager driver for VMWare devices in the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
05f516d2c78087b37f79d5897941e0baeb1fa7d78c58cbca2ed7c06448fd6d02
Ubuntu Security Notice 3276-2 - USN-3276-1 intended to fix a vulnerability in su. The solution introduced a regression in su signal handling. This update modifies the security fix. Sebastian Krahmer discovered integer overflows in shadow utilities. A local attacker could possibly cause them to crash or potentially gain privileges via crafted input. Various other issues were also addressed.
196b09de8d68cc19eac4858a35f520d013c4a0d8bb8846854e50d6a4d29138bd
Ubuntu Security Notice 3290-1 - Marco Grassi discovered that the TCP implementation in the Linux kernel mishandles socket buffer truncation. A local attacker could use this to cause a denial of service.
563dfece3f8a1381536c36b79fbc4030397cf159f54546dca4e75ff220374ea6
Ubuntu Security Notice 3278-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash, or execute arbitrary code. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to spoof the addressbar contents, conduct cross-site scripting attacks, cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.
5918077f633274f279ab87c4b055ad1b8af6e26633eab66e02241fb795da1fa5
Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5 SP2 suffers from faulty access controls, stored cross site scripting, and information disclosure vulnerabilities
637d47762288a065abb2a7389848251703d887b374e4c7cdadcc2d3c44a2c27a
Sophos Web Appliance version 4.3.1.1 suffers from a session fixation vulnerability.
50104c16e61bf331cca13385710e48feaf4c03fa10d141d75f89fe85b2673a48
LabF nfsAxe ftp client version 3.7 suffers from a buffer overflow vulnerability.
21172dda65256d99b65a588422dfc1ba3443d59700c3ea4bf4852e4d14c2b0ed
Mozilla Firefox versions 50 through 55 suffer from a stack overflow denial of service vulnerability.
496d3fe6b582ccad08cca37270b28de1e1f2b55543965b032b3071d9d8886ead
WordPress EELV Newsletter plugin version 4.5 suffers from cross site request forgery and cross site scripting vulnerabilities.
ed9b4741ae9c7e9e168aa3084dcca418fd46cf5c966e1c17db39872a293fafb0
MikroTik RouterBoard version 6.38.5 suffers from a denial of service vulnerability.
4001fd282fffed16b5ad785b1d53ac73fab845e9ac37ffcfc5b516d70d7d657e
Mozilla Firefox version 52.02 and Tor Browser version 6.5.1 suffer from a denial of service vulnerability.
f0e5b537ef26ae911e34540be077e56bc1b0d16a55ab119f95a081e6a4574c9c
MobaXtrem version 10.2 telnet server remote code execution exploit.
fe06162616281f95456b2b71ae5d1c133b8fb681e9885e25401031ef5bf9ee49
Ubuntu Security Notice 3275-2 - USN-3275-1 fixed vulnerabilities in OpenJDK 8. This update provides the corresponding updates for OpenJDK 7. It was discovered that OpenJDK improperly re-used cached NTLM connections in some situations. A remote attacker could possibly use this to cause a Java application to perform actions with the credentials of a different user. Various other issues were also addressed.
4f21667f05e9140f4f1c8350046f6031922bc511769015c43e35d6c0ce3b2c5c
Red Hat Security Advisory 2017-1232-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system.
5320ffedef283ff1f76aecce917fe67e21a02ba281439a96af56abccb5937cff
Red Hat Security Advisory 2017-1233-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system.
aa5c908b13897fd2c9c4cf722fa84fe657869cd1437682227963a27f534ffa96
Ubuntu Security Notice 3272-2 - USN-3272-1 fixed vulnerabilities in Ghostscript. This change introduced a regression when the DELAYBIND feature is used with the eqproc command. This update fixes the problem. It was discovered that Ghostscript improperly handled parameters to the rsdparams and eqproc commands. An attacker could use these to craft a malicious document that could disable -dSAFER protections, thereby allowing the execution of arbitrary code, or cause a denial of service. Various other issues were also addressed.
89c2956bcc647b7f0010cbff3cb81eb6291d199296a26e5a2dd4b1eacc632b49
Ubuntu Security Notice 3289-1 - Li Qiang discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Jiangxin discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Li Qiang and Jiangxin discovered that QEMU incorrectly handled the Cirrus VGA device when being used with a VNC connection. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Various other issues were also addressed.
dde5185a850c3ac4a506f63cc22dbe863cf22505aee84dd81835562d4980c02a
NextCloud and OwnCloud suffer from a cross site scripting vulnerability in their error pages. OwnCloud versions 9.1.5 and below are affected. NextCloud versions prior to 11.0.3, 10.0.5, and 9.0.58 are affected.
65879de6c3bc16a06a84fa76fc56c4fec014ee26d19bb377b0cde628a8e097a2
HP ERK-321A is a wireless desktop set consisting of a mouse and a keyboard.
397d0a3e42b49ff649457998978949155ade071f9d5b96485fc2ed32dcb78d1b