Dell EMC ScaleIO customers are encouraged to update to ScaleIO version 2.5, which contains fixes for multiple security vulnerabilities in earlier ScaleIO software versions that could potentially be exploited by malicious users to compromise the affected system.
3507cdff27820aa937d3111f0f6bd571ce359e4860750499ab690e86563a2437
Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make. It is intended to do the same things as ttlscan, nmap, hping, queso, p0f, xprobe, arping, arp-sk, arpspoof, firewalk, irpas, tethereal, tcpdump, etc.
c3410d57e3a76cbe1bdfb3b36e321cab36c61de9cf16b9301782de853e40fbe9
AEF CMS version 1.0.9 suffers from a cross site scripting vulnerability.
739ebadac904c2e0ecabc85ae1478c4d95070c0f3f8ca05379bf94f63fb19574
Tenda N11 wireless router version 5.07.43_en_NEX01 cookie session weakness remote dns change proof of concept exploit.
7769592903cc52121c247391cc124a5d6218695a72a935e2c8c9d86e2641f44b
Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
df0aa4b0965da4bab70883e78846c348756967b65497f753bb791225f409c94a
Debian Linux Security Advisory 4151-1 - Bas van Schaik and Kevin Backhouse discovered a stack-based buffer overflow vulnerability in librelp, a library providing reliable event logging over the network, triggered while checking x509 certificates from a peer. A remote attacker able to connect to rsyslog can take advantage of this flaw for remote code execution by sending a specially crafted x509 certificate.
03bef87016943cf8c000ab439d8a73f722b0b3f8eb4dde15fbdd9741af026bfa
OpenSSL Security Advisory 20180327 - Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Other issues were also addressed.
06f896618c972892739490677cca48ef1283e588c8790590bbec26307dcc26b6
Weblication CMS Core and Grid version 12.6.24 suffers from multiple cross site scripting vulnerabilities.
d1f28592e1cc5ef115207e3e9b1b508f788fba37af1f62e9ce8f2fb27537bc28
Red Hat Security Advisory 2018-0592-01 - The Simple Logging Facade for Java or is a simple facade for various logging APIs allowing the end-user to plug in the desired implementation at deployment time. SLF4J also allows for a gradual migration path away from Jakarta Commons Logging. Issues addressed include a code execution vulnerability.
44499719d5db1934cda9adadcdd61989c34d033f0f25bd30b92ee6bf7ee05054
Red Hat Security Advisory 2018-0591-01 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Issues addressed include a bypass vulnerability.
9466c7fad42a7b2db119a2fd8ed5038da83e1f2e069300c3ca745f69d0391801
Red Hat Security Advisory 2018-0585-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby23-ruby, rh-ruby23-rubygems, rh-ruby23-rubygem-json, rh-ruby23-rubygem-minitest, rh-ruby23-rubygem-psych. Issues addressed include a code execution vulnerability.
32edc7a8e98876134eade824682c38c4747c8ccb99d1f61ad5768f31b8e2a899
Red Hat Security Advisory 2018-0586-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: rh-mysql57-mysql. Issues addressed include a denial of service vulnerability.
6a0383465921e6d276a3e32b78a816be133e7c7ef37a0d4a42126f41f8f52513
Red Hat Security Advisory 2018-0587-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: rh-mysql56-mysql. Issues addressed include a denial of service vulnerability.
2d69f3d47bf717cae435ed725d94feb898f884b9e386ab1041bbdd5a42395bc1
Red Hat Security Advisory 2018-0584-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby24-ruby. Issues addressed include a code execution vulnerability.
dea992b54e8cfb1c73003fbf6fcaec90a98151343a4ac0cbbb910ca2378daf62
Red Hat Security Advisory 2018-0583-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby22-ruby, rh-ruby22-rubygems, rh-ruby22-rubygem-psych, rh-ruby22-rubygem-json. Issues addressed include a code execution vulnerability.
d58b91f41c3af49c25194b7dd7e8e121612b8c39301ad79038c25380fc087b1d
Red Hat Security Advisory 2018-0582-01 - The Simple Logging Facade for Java or is a simple facade for various logging APIs allowing the end-user to plug in the desired implementation at deployment time. SLF4J also allows for a gradual migration path away from Jakarta Commons Logging. Issues addressed include a code execution vulnerability.
d4f27dc616cfbe1e5b22b462e975bb1d773dd59515f721c6edbe9dbc9fb92817