Gentoo Linux Security Advisory 201710-26 - Multiple vulnerabilities have been found in OpenJPEG, the worst of which may allow remote attackers to execute arbitrary code. Versions less than 2.3.0:2 are affected.
869f6c6e091d19293a71cba637355cc94a93b938d26ef5543bfaaf688f1098ed
Gentoo Linux Security Advisory 201710-25 - Multiple vulnerabilities have been found in the PCRE Library, the worst of which may allow remote attackers to cause a Denial of Service condition. Versions less than 8.41 are affected.
2193225aa04df440a7b00f39ed529a699177212702436597ca09649b8e8a3b5d
Red Hat Security Advisory 2017-3002-01 - Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. The following packages have been upgraded to a later upstream version: rh-nodejs4-nodejs. Security Fix: It was found that Node.js was using a non-randomized seed when populating hash tables. An attacker, able to supply a large number of inputs, could send specially crafted entries to the Node.js application, maximizing hash collisions to trigger an excessive amount of CPU usage, resulting in a denial of service.
b7c8154b1f5237a078676a57b89ad1b4f6366494158e4a90b9f5691fbdad6562
Red Hat Security Advisory 2017-2999-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 151. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
5a4ce654a7f1a56a3e0c28d38c35a7bd07a67e4a9e13e00e1109d326f55215e6
Gentoo Linux Security Advisory 201710-24 - Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the execution of arbitrary code. Versions less than 62.0.3202.62 are affected.
a3f601b3c1424c220b0f15954ed5a1dea8576ebb6231a9b661bad5f2fb60ea2d
Gentoo Linux Security Advisory 201710-23 - Multiple vulnerabilities have been found in Go, the worst of which may result in the execution of arbitrary commands. Versions less than 1.9.1 are affected.
bf94b265f8846c16e26ea3dc339c3f0268d4a939482de4292f29ffc877facace
Gentoo Linux Security Advisory 201710-22 - A vulnerability in Adobe Flash Player might allow remote attackers to execute arbitrary code. Versions less than 27.0.0.170 are affected.
dc65b829c89803538e09910cafc7de0940c865803aba55f2c2c947582b61ed06
Ubuntu Security Notice 3459-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.58 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, Ubuntu 17.04 and Ubuntu 17.10 have been updated to MySQL 5.7.20. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
60e04cc4314d1e6802ea9de37fddc302419ea27711619e9ac828c586652f347f
Ubuntu Security Notice 3457-1 - Brian Carpenter discovered that curl incorrectly handled IMAP FETCH response lines. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code.
1b115a38c70e2d18635e3fe9217eb65e896a4c7c70caa393bd607a28352ff906
This article presents a cross-platform test harness written in Python that assists the user in searching for vulnerabilities in web browsers, specifically by fuzzing their font parsing functionality. The tool automates the delivery of test cases (font files in this context) into a web browser. The creation of a corpus of mutated TTF font files suitable for use in fuzzing is also covered.
c8318c528d7e608b8d2215bee4998862b6f54b96d2c952d42a31f344c81b6f0d
Gentoo Linux Security Advisory 201710-21 - An integer overflow vulnerability in Kodi could result in remote execution of arbitrary code. Versions less than 17.3-r1 are affected.
84bfb4ee2a2a384556e350a2a66a5e47192c14f3b6f8ead872a09962a4d84543
WordPress Polls plugin version 1.2.4 suffers from a remote SQL injection vulnerability.
a6ba9010e04933cab84af84ab72bdfc4866a13c72509317287f71e3ee5be2651
It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system.
c07f8ac2534501db5e1a2107a31c98fc3673f2ae2e3ea7c80d835f8d110dc418
It was discovered that the Unitrends bpserverd proprietary protocol, as exposed via xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system.
105d0c7def915f528b4d6cbefeecd7e3bcaf3c9c59297fc9da4d9ce27c8a4197
The login component of the Polycom Command Shell on Polycom HDX video endpoints, running software versions 3.0.5 and earlier, is vulnerable to an authorization bypass when simultaneous connections are made to the service, allowing remote network attackers to gain access to a sandboxed telnet prompt without authentication. Versions prior to 3.0.4 contain OS command injection in the ping command which can be used to execute arbitrary commands as root.
737f912aedaeba8a1d57b9dc8bd11fe5911f1fbdc0923fc3bb63f868636273f6
Numerous remote code execution paths were discovered in TP-Link's WR940N home WiFi router. Valid credentials are required for this attack path. It is possible for an authenticated attacker to obtain a remote shell with root privileges.
f9296dc8812d8e69de6b37a3d231d5c083e5f15ec68836881c1907683ff30c7e
ZKTime Web Software version 2.0 suffers from an insecure direct object reference vulnerability.
086c126d09d75f6b2bebdd1eae661a5c4bf54763d352e0a9b2713fb0387890ff
ZKTime Web Software version 2.0 suffers from a cross site request forgery vulnerability.
b393a5b065f892f1f065e41560ffdd03037d90766136ecc9b1376a194be73079
Red Hat Security Advisory 2017-2998-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. It was discovered that the Kerberos client implementation in the Libraries component of OpenJDK used the sname field from the plain text part rather than encrypted part of the KDC reply message. A man-in-the-middle attacker could possibly use this flaw to impersonate Kerberos services to Java applications acting as Kerberos clients.
a337858a09a369e61815370528ea0d53e9969dac321888bb5e09ec6b4b74c965
Red Hat Security Advisory 2017-2997-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 62.0.3202.62. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.
fc22ff81f7f5826e9ef487dc00d5dd07e8b39802cf85aaee383913881fef2261
Debian Linux Security Advisory 4003-1 - Daniel P. Berrange reported that Libvirt, a virtualisation abstraction library, does not properly handle the default_tls_x509_verify (and related) parameters in qemu.conf when setting up TLS clients and servers in QEMU, resulting in TLS clients for character devices and disk devices having verification turned off and ignoring any errors while validating the server certificate.
47dab0a633f9c9c0444db6888c21643f68245d42df4f35f7137e9f48d551ead4
Debian Linux Security Advisory 4002-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.58, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details.
68f93aef09af0e6ae943b84a23a35ea8bf29c4a41f71b94e5cb287c8eddc7bfc
tenshi is a log monitoring program, designed to watch one or more log files for lines matching user defined regular expressions and report on the matches. The regular expressions are assigned to queues which have an alert interval and a list of mail recipients. Queues can be set to send a notification as soon as there is a log line assigned to it, or to send periodic reports.
9b7e72b6496e2f6abd77d1dd3c4c6b77bdce61ca5531f9f1c62376b020904db7
Mozilla Firefox versions prior to 55 suffer from a long username denial of service vulnerability.
1e67d4b10623455ab0f8b3ff5a9d0b963774dff648680400fd02d406c3ecc952
Check_mk versions 1.2.8p25 and below suffer from a save_users() race condition that leads to sensitive information disclosure.
3817f4097ba3c193b240667f3e9f94890b3c36bbafc096a89f647938a535aa59