Microsoft Exchange suffers from an open redirect vulnerability.
984f3e5bf9a46dde0835b0d4970d3406f20883bb6d60759b4da0a53b6e0ee2ab
RSA Authentication Agent for Web for both IIS and Apache Web Server version 8.0. 1 and earlier contain multiple vulnerabilities that could potentially be exploit ed by malicious users to compromise affected systems. These issues include cross site scripting, buffer overflow, and information disclosure.
824af128e2d83214afc6cfd21dd6dd7b691bc610075d88c3421407f35c6e5466
Debian Linux Security Advisory 4153-1 - It was discovered that a use-after-free in the compositor of Firefox can result in the execution of arbitrary code.
6fdc327eeeed36a23c75517202563b99a3b87fd50fea612fd920dbbe3b88833b
ManageEngine Service Desk Plus versions prior to 9403 suffer from a cross site scripting vulnerability.
18c8b8c9f96e716e3767d9ce3cef7dc2fab52a801c35c39e4cdbdf13647d3e04
Debian Linux Security Advisory 4152-1 - Two vulnerabilities were discovered in MuPDF, a PDF, XPS, and e-book viewer, which may result in denial of service or remote code execution. An attacker can craft a PDF document which, when opened in the victim host, might consume vast amounts of memory, crash the program, or, in some cases, execute code in the context in which the application is running.
4cae0d16fb6f8a731689702d39274a33edc04ac35c3e35b8938bcc0b279edac0
Microsoft Skype Mobile versions 8.12 and 8.13 suffer from a denial of service vulnerability.
627876f417919cd828a3a6e72a859f920ead6c00795181bacedee7e3d7cd18cb
Sandoba CP:Shop CMS version 2016.1 suffers from multiple cross site scripting vulnerabilities.
64ca989b68e545c4ba0ee54044dee644fa3c5bfa7dc7a7e45edf2ff8068e580f
TestLink Open Source Test Management versions prior to 1.9.16 remote proof of concept code execution exploit.
7f1cec95295792a263ea245ef75d239589db9afc06b5a1a8e021fc6d031a4154
Open-AuditIT Professional version 2.1 suffers from a persistent cross site scripting vulnerability.
ad8b6267228824f15774008cba1ef47e47dc5d189886b7ab5d3f3ddfc68b62bc
Dell EMC ScaleIO customers are encouraged to update to ScaleIO version 2.5, which contains fixes for multiple security vulnerabilities in earlier ScaleIO software versions that could potentially be exploited by malicious users to compromise the affected system.
3507cdff27820aa937d3111f0f6bd571ce359e4860750499ab690e86563a2437
Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make. It is intended to do the same things as ttlscan, nmap, hping, queso, p0f, xprobe, arping, arp-sk, arpspoof, firewalk, irpas, tethereal, tcpdump, etc.
c3410d57e3a76cbe1bdfb3b36e321cab36c61de9cf16b9301782de853e40fbe9
AEF CMS version 1.0.9 suffers from a cross site scripting vulnerability.
739ebadac904c2e0ecabc85ae1478c4d95070c0f3f8ca05379bf94f63fb19574
Tenda N11 wireless router version 5.07.43_en_NEX01 cookie session weakness remote dns change proof of concept exploit.
7769592903cc52121c247391cc124a5d6218695a72a935e2c8c9d86e2641f44b
Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
df0aa4b0965da4bab70883e78846c348756967b65497f753bb791225f409c94a
Debian Linux Security Advisory 4151-1 - Bas van Schaik and Kevin Backhouse discovered a stack-based buffer overflow vulnerability in librelp, a library providing reliable event logging over the network, triggered while checking x509 certificates from a peer. A remote attacker able to connect to rsyslog can take advantage of this flaw for remote code execution by sending a specially crafted x509 certificate.
03bef87016943cf8c000ab439d8a73f722b0b3f8eb4dde15fbdd9741af026bfa
OpenSSL Security Advisory 20180327 - Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Other issues were also addressed.
06f896618c972892739490677cca48ef1283e588c8790590bbec26307dcc26b6
Weblication CMS Core and Grid version 12.6.24 suffers from multiple cross site scripting vulnerabilities.
d1f28592e1cc5ef115207e3e9b1b508f788fba37af1f62e9ce8f2fb27537bc28
Red Hat Security Advisory 2018-0592-01 - The Simple Logging Facade for Java or is a simple facade for various logging APIs allowing the end-user to plug in the desired implementation at deployment time. SLF4J also allows for a gradual migration path away from Jakarta Commons Logging. Issues addressed include a code execution vulnerability.
44499719d5db1934cda9adadcdd61989c34d033f0f25bd30b92ee6bf7ee05054
Red Hat Security Advisory 2018-0591-01 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Issues addressed include a bypass vulnerability.
9466c7fad42a7b2db119a2fd8ed5038da83e1f2e069300c3ca745f69d0391801
Red Hat Security Advisory 2018-0585-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby23-ruby, rh-ruby23-rubygems, rh-ruby23-rubygem-json, rh-ruby23-rubygem-minitest, rh-ruby23-rubygem-psych. Issues addressed include a code execution vulnerability.
32edc7a8e98876134eade824682c38c4747c8ccb99d1f61ad5768f31b8e2a899
Red Hat Security Advisory 2018-0586-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: rh-mysql57-mysql. Issues addressed include a denial of service vulnerability.
6a0383465921e6d276a3e32b78a816be133e7c7ef37a0d4a42126f41f8f52513
Red Hat Security Advisory 2018-0587-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: rh-mysql56-mysql. Issues addressed include a denial of service vulnerability.
2d69f3d47bf717cae435ed725d94feb898f884b9e386ab1041bbdd5a42395bc1
Red Hat Security Advisory 2018-0584-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby24-ruby. Issues addressed include a code execution vulnerability.
dea992b54e8cfb1c73003fbf6fcaec90a98151343a4ac0cbbb910ca2378daf62
Red Hat Security Advisory 2018-0583-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby22-ruby, rh-ruby22-rubygems, rh-ruby22-rubygem-psych, rh-ruby22-rubygem-json. Issues addressed include a code execution vulnerability.
d58b91f41c3af49c25194b7dd7e8e121612b8c39301ad79038c25380fc087b1d
Red Hat Security Advisory 2018-0582-01 - The Simple Logging Facade for Java or is a simple facade for various logging APIs allowing the end-user to plug in the desired implementation at deployment time. SLF4J also allows for a gradual migration path away from Jakarta Commons Logging. Issues addressed include a code execution vulnerability.
d4f27dc616cfbe1e5b22b462e975bb1d773dd59515f721c6edbe9dbc9fb92817