ToorCon 19 has announced its call for papers. This conference will take place September 1st through the 3rd, 2017 in San Diego, CA, USA.
9378c58ee8df3c9b3b70a77e187a1b806f4b47c65b9841261fb86f6ccfbab2fe
Gentoo Linux Security Advisory 201707-14 - A vulnerability in Gajim might allow remote attackers to intercept encrypted communications. Versions less than 0.16.6-r1 are affected.
14061d651f634c181526cf898234562b16fc9cae65c32ce919e86bd8af592d5a
Apache Impala versions 2.7.0 through 2.8.0 suffers from an information disclosure vulnerability. During a routine security analysis, it was found that one of the ports sent data in plaintext even when the cluster was configured to use TLS. The port in question was used by the StatestoreSubscriber class which did not use the appropriate secure Thrift transport when TLS was turned on. It was therefore possible for an adversary, with access to the network, to eavesdrop on the packets going to and coming from that port and view the data in plaintext.
9d6740860e247c5122b885eb42592febbeb1b3bea900a57c4b0ef357fc6833f7
Apache Impala versions 2.7.0 through 2.8.0 suffers from an information disclosure vulnerability. It was noticed that a malicious process impersonating an Impala daemon could cause Impala daemons to skip authentication checks when Kerberos is enabled (but TLS is not). If the malicious server responds with 'COMPLETE' before the SASL handshake has completed, the client will consider the handshake as completed even though no exchange of credentials has happened.
42ff9ba9104648f3be1be36d796e18b3544aec2dd430aad20cabf54b1a48428f
Rise Ultimate Project Manager version 1.8 suffers from a cross site scripting vulnerability.
abbcd5b74402eca5065ba760c564c5efacf4dd08268be3358eabb0edc8f8137d
HPE Security Bulletin HPESBNS03755 1 - HPE NonStop Server using Samba is vulnerable to remote code execution and remote access restriction bypass. Revision 1 of this advisory.
6264307a040e00f452b44dd1e3a75e45b9b8464c01f2410521a492ef1512dc09
Pulse Connect Secure version 8.3R1 suffer from cross site scripting and cross site request forgery vulnerabilities.
ad86da8785aaa8ca2390ee8a6f874325abd63f699f8263e9bb32778e0cf32bb7
Slackware Security Advisory - New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
ea484f9cfc361229c332fca5451e66f92c9fad2b264d46630bff068eceece894
Gentoo Linux Security Advisory 201707-13 - Multiple vulnerabilities have been found in libcroco, the worst of which may have unspecified impacts. Versions less than 0.6.12-r1 are affected.
9e16b68d5b7bda87811348307004256bda84b56ed2cbbad18e0ca30251f8cebc
Debian Linux Security Advisory 3905-1 - Two security issues have been discovered in the X.org X server, which may lead to privilege escalation or an information leak.
84abeb4f6565c3c570841f0138f556386bae6f29d2bcc6bb544769112c3332da
Gentoo Linux Security Advisory 2017-07-12 - A vulnerability in MAN DB allows local users to gain root privileges. Versions less than 2.7.6.1-r2 are affected.
889c0eaa2230049d88045d612fc1dc464bcd4f1355d02360028969540c6b0cff
NfSen version 1.3.7 and AlienVault USM/OSSIM version 5.3.4 suffer from a remote command injection vulnerability.
95d2698b9bc2ea6a348d98c0e7be5759acfc23cd3feb8a3ccd45bbe1ab8f1470
NfSen versions 1.3.7 and below and AlienVault USM/OSSIM versions 5.3.6 and below suffer from a local privilege escalation vulnerability.
a8b33f56ffd726c88dbc984a9d7a8588f36a32cd8aedb73c518ecc1dead228c9
DNS/DNSSEC RR stub resolvers amplification distributed denial of service exploit.
48c04b12787ef447ed8fda946ee2b687a596c4a666617e2dc8df00396b64cc3b
This is a python script for testing CRLF injecting issues.
269d0bfcbe035b834d1b3fec15668b84eda71e5789d1c7ce78a66a85d86caf41