SAP E-Recruiting versions 605, 606, 616, and 617 suffer from an email verification bypass vulnerability.
f7872424a2554686226a1a479c765245cbc5fb05e0518567d3bfd78a6384b4bcRed Hat Security Advisory 2017-2679-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel, an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature, an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 privileges.
5051ae2161e52e21821566bf701bfe49f04ac521aa23e8549dc072ef0fbe81b0Red Hat Security Advisory 2017-2698-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fix: An unsigned integer wrap around that led to a buffer over-read was found when parsing OFPT_QUEUE_GET_CONFIG_REPLY messages in Open vSwitch. An attacker could use this issue to cause a remote denial of service attack. While parsing an OpenFlow role status message Open vSwitch, a call to the abort() function for undefined role status reasons in the function 'ofp_print_role_status_message' in 'lib/ofp-print.c' could be misused for a remote denial of service attack by a malicious switch.
db5b6265a0cb2d3e10f79bbbcdaea23943dc9bf119d53dc2b76cf33b5831d1b0Red Hat Security Advisory 2017-2693-01 - instack-undercloud provides a collection of scripts and elements that can be used to install an OpenStack undercloud. Security Fix: A flaw was found in instack-undercloud where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files. This issue was discovered by Matthew Booth.
121fa107e28d6d2b0e969f4ed53ae37600d8d2c2127a97e810145aa52a8d298aDebian Linux Security Advisory 3970-1 - Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code execution when rendering text/enriched MIME data (e.g. when using Emacs-based mail clients).
fa5d34e4b05dca735740e7b2194471ca04e5f3c7ff0339f53e34908f87d6cf1bRed Hat Security Advisory 2017-2683-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel, an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature, an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 privileges.
836911b12d6d9c7265e4250e6a496b935be0667c59bdbfffa9aeb91b7ec81612Red Hat Security Advisory 2017-2685-01 - The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts, and pcmcia configuration files. Security Fix: An information-disclosure flaw was found in the bluetoothd implementation of the Service Discovery Protocol. A specially crafted Bluetooth device could, without prior pairing or user interaction, retrieve portions of the bluetoothd process memory, including potentially sensitive information such as Bluetooth encryption keys.
4ad0396446edfa9b38da0c8e754bcf1e12663a24e02c45b05a3464921a4c8f61Ubuntu Security Notice 3413-1 - It was discovered that an information disclosure vulnerability existed in the Service Discovery Protocol implementation in BlueZ. A physically proximate unauthenticated attacker could use this to disclose sensitive information.
2b247b3301912be8404e2924d6964a468cdcb4bc1a40ca02f149d814157a9a75Red Hat Security Advisory 2017-2681-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel, an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature, an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 privileges.
4fa9cf26f5640fa2f977ac1a0515b7490c857afc9658336ac833a838ea2b8232Red Hat Security Advisory 2017-2682-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel, an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature, an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 privileges.
10816ea5c3a4d6a61d81c2d95052a5420c1437a7af6e54841215e2f8122b7f4bRed Hat Security Advisory 2017-2680-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel, an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature, an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 privileges.
d0976006fd595a172a26d079957bb5050c01e46658523ebf2b773fe75f7da603Red Hat Security Advisory 2017-2692-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fix: An unsigned integer wrap around that led to a buffer over-read was found when parsing OFPT_QUEUE_GET_CONFIG_REPLY messages in Open vSwitch. An attacker could use this issue to cause a remote denial of service attack. While parsing an OpenFlow role status message Open vSwitch, a call to the abort() function for undefined role status reasons in the function 'ofp_print_role_status_message' in 'lib/ofp-print.c' could be misused for a remote denial of service attack by a malicious switch.
2a4cd5e3e961a4a1168fdc14660418964f24500a363ecfd4fce71c4f6852e263Red Hat Security Advisory 2017-2687-01 - instack-undercloud provides a collection of scripts and elements that can be used to install an OpenStack undercloud. Security Fix: A flaw was found in instack-undercloud where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files. This issue was discovered by Matthew Booth .
57ef17828da9f61aa0d97b870090b6b69b38a62115e3a7f514ba1dba2e728322inClick Cloud Server version 5.0 suffers from a remote SQL injection vulnerability.
d16e4965620544d855fde621b405bf60449b97bb05b24068009b0b006385d180EduStar Udemy Clone Script version 1.0 suffers from a remote SQL injection vulnerability.
f0e6e3ffd74500d0f8d5cea0c835b6e19ce7d1674893557e79535c5d3e364846iTech StockPhoto Script version 2.02 suffers from a remote SQL injection vulnerability.
9a5062f73427033c07223e9522ec20e23eb637877d6a897805f5757fa4ef1661iTech Book Store Script version 2.02 suffers from cross site scripting and remote SQL injection vulnerabilities.
28a5ba9a80819a6775f78a631a5fb1183573ab5e2ff0b137181a5c8ff9f94fbaJobStar Monster Clone Script version 1.0 suffers from a remote SQL injection vulnerability.
2a4b86825868538a6812566f44b022728f3f1aad231e4164209a261a1a1bfc53This Microsoft bulletin lists dozens of updates for September, 2017.
0c2637ff9a562410721b403bb8ef157d7576f67d130bb9fe79297abef59ecbf9This Microsoft bulletin summary lists multiple CVEs and security bulletins that have undergone a major revision increment.
eababca54a5e69c929203189a103b998d524e2a8df353bda61af2ebc48310d42
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed