Gentoo Linux Security Advisory 201706-22 - Multiple vulnerabilities have been found in libksba which might allow remote attackers to obtain sensitive information or crash an libksba-based application. Versions less than 1.3.5 are affected.
92182dff40a0bcb25b688b2ada8caaefDebian Linux Security Advisory 3890-1 - Emeric Boit of ANSSI reported that SPIP, a website engine for publishing, insufficiently sanitises the value from the X-Forwarded-Host HTTP header field. An unauthenticated attacker can take advantage of this flaw to cause remote code execution.
82f7dc777ed288bd4614a107d13dbf01Ubuntu Security Notice 3336-1 - It was discovered that NSS incorrectly handled certain empty SSLv2 messages. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service.
7617cdd35e7baf76e62633c0fac373e3Ubuntu Security Notice 3337-1 - It was discovered that Valgrind incorrectly handled certain string operations. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. It was discovered that Valgrind incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause Valgrind to crash, resulting in a denial of service. Various other issues were also addressed.
ea08dfb16ff10f314da98e02ad262c8aEMC Avamar suffers from authentication bypass and remote file upload vulnerabilities.
b4a0e80e752dee3e81b370f06160717eGentoo Linux Security Advisory 201706-20 - Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code. Versions less than 59.0.3071.104 are affected.
e2efc20bd50ffb701dff2f29b973cee5Gentoo Linux Security Advisory 201706-18 - Multiple vulnerabilities have been found in mbed TLS, the worst of which could lead to the remote execution of arbitrary code. Versions less than 2.4.2 are affected.
631b0ec529b0a091a4cd3805ecbe330dGentoo Linux Security Advisory 201706-17 - Multiple vulnerabilities have been found in Kodi, the worst of which could allow remote attackers to execute arbitrary code. Versions less than 17.2 are affected.
38505a8673f54044c110e545ae3b4eb0Gentoo Linux Security Advisory 201706-16 - A header injection vulnerability in GNU Wget might allow remote attackers to inject arbitrary HTTP headers. Versions less than 1.19.1-r1 are affected.
6e6c18e8b43fe45be92b4ff3365936e1D-Link ADSL DSL-2640B SEA_1.01 remote dns changer exploit.
42bf229f831e70ca320881f824bb980cRed Hat Security Advisory 2017-1499-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Security Fix: An input validation vulnerability was found in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.
c8ed20656fcb4e43961969692b35d3a5Beetel BCM96338 ADSL Router remote dns changer exploit.
2e02687e30079b52d3b80fe47e0ca4c5D-Link ADSL DSL-2640B GE_1.07 remote dns changer exploit.
2f0ad1c14b10a2f7fc27ca4fe09e7f31D-Link ADSL DSL-2640U IM_1.00 remote dns changer exploit.
61ce3e26bd5b9efd48b249d86763419bUTstarcom WA3002G4 remote dns changer exploit.
44267da336265ebaa27796e5f773cb7eiBall Baton iB-WRA150N remote dns changer exploit.
baf518f98729758d2308be2929dc6cdfJoomla JoomRecipe extension version 1.0.3 suffers from a remote SQL injection vulnerability.
06fcd38782a578eef82bcddccf2c25caRed Hat Security Advisory 2017-1476-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Security Fix: An input validation vulnerability was found in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.
f3ed6197b27f5f25320c55d8f4182a33nuevoMailer versions 6.0 and below suffer from a remote SQL injection vulnerability.
a42483e295f6acb38d72fda9b0e4dbc4KBVault MySQL version 0.16a suffers from a remote arbitrary file upload vulnerability.
beeaa30026309dadbd026daa7da8d258Ubuntu Security Notice 3319-1 - It was discovered that libmwaw incorrectly handled certain malformed document files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could cause libmwaw to crash, resulting in a denial of service, or possibly execute arbitrary code.
76f254bead5df0662c74a3eab069e762Ubuntu Security Notice 3320-1 - Agostino Sarubbo discovered that zziplib incorrectly handled certain malformed ZIP files. If a user or automated system were tricked into opening a specially crafted ZIP file, a remote attacker could cause zziplib to crash, resulting in a denial of service, or possibly execute arbitrary code.
7324e047f831f532d42a37367c635107Aerohive AP340 HiveOS versions prior to 6.1r5 suffers from a local file inclusion vulnerability that allows for remote code execution.
23f7f0efaf290260644702d2fc4ec176Alio Applicant Portal versions 6.0 and below suffer from a remote SQL injection vulnerability.
6d41e241a31095342486a5e551b4e449Red Hat Security Advisory 2017-1445-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: A redirect flaw, where the is_safe_url() function did not correctly sanitize numeric-URL user input, was found in python-django. A remote attacker could exploit this flaw to perform XSS attacks against the OpenStack dashboard.
ee95043b161c3d469e8d1b4030074244
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed