Red Hat Security Advisory 2017-3470-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An assertion-failure flaw was found in the Network Block Device server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.
efb4335c9408229c495f95ad12044120be9a1e15087a66ae9adce3583c29740d
Gentoo Linux Security Advisory 201712-1 - Multiple vulnerabilities have been discovered in WebKitGTK+, the worst of which may lead to arbitrary code execution. Versions less than 2.18.3 are affected.
32a6a6bff020e5e331002d89377e2a56a25905507ff282e33df24d6f1ef4e1de
Red Hat Security Advisory 2017-3463-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix: An arbitrary command execution flaw was found in the way Go's "go get" command handled the checkout of source code repositories. A remote attacker capable of hosting malicious repositories could potentially use this flaw to cause arbitrary command execution on the client side. It was found that smtp.PlainAuth authentication scheme in Go did not verify the TLS requirement properly. A remote man-in-the-middle attacker could potentially use this flaw to sniff SMTP credentials sent by a Go application.
34fc4cb4409bacd861fabab79b86a4ada6ca60f08cdf7237d43f8b4401e9eae2
Red Hat Security Advisory 2017-3471-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An assertion-failure flaw was found in the Network Block Device server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.
6c949e978f3129a4fa9524d05a3e6a59fc158b36609c374f54dd21fcdd7bb992
Debian Linux Security Advisory 4064-1 - Several vulnerabilities have been discovered in the chromium web browser.
7d0e4cd3d3c5dd5c3b29957e44a289f54af873db69adb1158d9dff1610da210b
This Metasploit module generates an DDE command to place within a word document, that when executed, will retrieve a HTA payload via HTTP from an web server.
c78e1c6fecbebe56444e1bea5963cf977f091c6e851633f4e7b05b3de8fff37b
Asterisk Project Security Advisory - If a compound RTCP packet is received containing more than one report (for example a Receiver Report and a Sender Report) the RTCP stack will incorrectly store report information outside of allocated memory potentially causing a crash.
ad570e142eb4ed64ce1d02cb9f2d12edb9da7bbfbc9262b5c740e7b5ad1dc490
WordPress WooPay Inicis plugin version 1.1.3 suffers from a cross site scripting vulnerability.
8f5e2628d12376dd320e1b0adaf823b98f0f5181d77ec8bcf44e0693143102d9
WordPress WordApp Mobile App plugin version 2.0.3 suffers from a cross site scripting vulnerability.
3676a99218434ed451a6b893a3010c3d8dc84c177e96d5d6bfc67c5dc5a1f3e1
Wordpress Qiniu Cloudtuchuang (七牛云图床) plugin version 1.8 is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
f4bd2905852b0a1b3ce77319befd9d8b6de05261e4c403b77caaa24f86ee7186
Red Hat Security Advisory 2017-3458-01 - The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the eap7-jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 7.1.
a6bc536fb4e9a0a5347c1f3d161bd02b0c46b316d4a5e926a1fc2455bbb97398
Red Hat Security Advisory 2017-3455-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.0 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: A Denial of Service can be caused when a long request is sent to EAP 7.
eb03f49d76de756a7684d3922ce2c0add51cd14586df2064a9bd1e0d59a01ffc
Red Hat Security Advisory 2017-3454-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.0 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: A Denial of Service can be caused when a long request is sent to EAP 7.
12cf1837656dfd68a114723efd474d6ce65db36dfdd284c5ac3bfd17e3d2b387
Red Hat Security Advisory 2017-3456-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.0 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: A Denial of Service can be caused when a long request is sent to EAP 7.
28a3ebd18bae2ae54a432880cb23717b5cd055b67867d19ac18aa8f011ca235d
Red Hat Security Advisory 2017-3453-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP5. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
5cdbf5273d807c44144081264433f64aca62c27845caebf77dc83aeda8dbc521