Gentoo Linux Security Advisory 201707-15 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 26.0.0.137 are affected.
45afa64a6b1c6faf4e76710b92a00baaTeleves COAXDATA GATEWAY 1Gbps suffers from credential disclosure, arbitrary password change, unrestricted backup restore, and various other vulnerabilities.
11e5fce5fce1522aabed9b6b047e5214Ubuntu Security Notice 3361-1 - USN-3358-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Please note that this update changes the Linux HWE kernel to the 4.10 based kernel from Ubuntu 17.04, superseding the 4.8 based HWE kernel from Ubuntu 16.10. Ben Harris discovered that the Linux kernel would strip extended privilege attributes of files when performing a failed unprivileged system call. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
2a81ab5a406b26495cf15b17d009be23Apple Security Advisory 2017-07-19-7 - iCloud for Windows 6.2.2 is now available and addresses information disclosure, code execution, and various other vulnerabilities.
4f380c77e8e99020d7e7e86a74e6ebaeApple Security Advisory 2017-07-19-6 - iTunes 12.6.2 is now available and addresses code execution, information disclosure, and various other vulnerabilities.
fff71b887019a0188bc4405b1923235dUbuntu Security Notice 3360-2 - USN-3360-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
a52c36d22ff0b5f4c7d35c0b403f353cApple Security Advisory 2017-07-19-5 - Safari 10.1.2 is now available and addresses spoofing, cross origin, and various other vulnerabilities.
1ed95c0427dc5589003399ef7858d3bdApple Security Advisory 2017-07-19-4 - tvOS 10.2.2 is now available and addresses code execution, memory corruption, and various other vulnerabilities.
4f066bec91e8241104ce852a7eb1146aHP Security Bulletin HPESBHF03766 1 - Potential security vulnerabilities with NTP have been addressed for HPE network products including Comware 5 used in certain ConvergedSystem 700 solutions. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or unauthorized modification, or locally exploited resulting in Denial of Service (DoS). Revision 1 of this advisory.
a39834881c545886ee1c449eb45b4cbfApple Security Advisory 2017-07-19-2 - macOS 10.12.6 is now available and addresses code execution, memory corruption, and various other vulnerabilities.
ab1fccb72cc38d3e81f21dd4540e1ae3Apple Security Advisory 2017-07-19-1 - iOS 10.3.3 is now available and addresses code execution, memory corruption, and various other vulnerabilities.
8c0895fdc3becd88ea61b4c102a0c59bApple Security Advisory 2017-07-19-3 - watchOS 3.2.2 is now available and addresses buffer overflow, memory corruption, and various other vulnerabilities.
ec5cc4db1b6bbf46b6628e302c5f538aRed Hat Security Advisory 2017-1790-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 141. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
37519fdd6b3d13b38bbfcdb906a26668Red Hat Security Advisory 2017-1791-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 151. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
4682419af3fce97dc8cb9fee340bdd86Red Hat Security Advisory 2017-1792-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 161. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
631eef9814b47bcc6675d40fa8cc567dWordPress Task Manager Pro version 1.31 suffers from multiple cross site scripting vulnerabilities.
277685ee784f659f986136cf25ef9665PEGA Platform versions 7.2 ML0 and below suffer from missing access control and cross site scripting vulnerabilities.
938c5f42465df06a9e5c4c2fc3e83ed2Orangescrum version 1.6.1 suffers from cross site scripting and remote file upload vulnerabilities.
9693daf187246491e666ce159587cc45Belkin NetCam F7D7601 suffers from remote command execution, network fingerprinting, and hard-coded password vulnerabilities.
e937ccdeddaba497377af60a275dbe5aAndrey Konovalov discovered a use-after-free vulnerability in the DCCP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges. Various other vulnerabilities were addressed.
f33f9e8f678adbf7a3a32f53939cff60Cisco DDR2200 and 2201v1 ADSL2+ Residential Gateway devices suffer from insecure direct object reference vulnerabilities that allow for remote code execution as well as a path traversal issue.
3d75aff532e38b6b2a6184d2c0b2e44dOrion Elite Hidden IP Browser Pro versions 1.0 through 7.9 have insecure versions of Tor and OpenSSL included and also suffer from man-in-the-middle vulnerabilities.
68730712ee35e24f1a27c5cc9655094aSitecore CMS version 8.2 suffers from cross site scripting and file disclosure vulnerabilities.
4858233c0ae712bdc0b065aba7a0cab1Multiple RSA Identity Governance and Lifecycle products suffer from remote file upload and cross site scripting vulnerabilities. Affected products include RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels, RSA Via Lifecycle and Governance version 7.0, all patch levels, and RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels.
e4d5560e1af72698b914df2a682e9f6bAGFEO Smart Home ES 5xx / 6xx versions 1.9b and 1.10 suffers from authentication bypass, cross site scripting, and hard-coded private key vulnerabilities.
d8b060c4416bc13adecea2847e56ea96
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed