OpenText Documentum Content Server version 7.3 suffers from a remote SQL injection vulnerability due to a previously announced fix being incomplete.
ace149b822a50c7993d6f686c8031fafa0ff63437d3e979c07952eb853919ff7Trendmicro InterScan version 6.5-SP2_Build_Linux_1548 suffers from a remote root access vulnerability.
8207670b7b23f48f93f2a7d157326bcd7fa8384a29863a9824938cd6f5929a09Trendmicro InterScan version 6.5-SP2_Build_Linux_1548 suffers from a privilege escalation vulnerability.
d466b761795d8d3086d31d2d398c036a70a01e03515283ad16085a4bf3fe529fTrendmicro InterScan version 6.5-SP2_Build_Linux_1548 suffers from an arbitrary file write vulnerability that can lead to remote command execution.
26ab7b4f02561adad2e13b1c460f10e7406f2bed3b1a400caf9cd13b6a2cc8daUbuntu Security Notice 3198-1 - Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes them to be used only if no non-legacy algorithms can be negotiated. It was discovered that OpenJDK accepted ECSDA signatures using non-canonical DER encoding. An attacker could use this to modify or expose sensitive data. Various other issues were also addressed.
401231d16faaf570a0694163991be2f69899e60a6316f4ea5ccc0ea0741ef00fRed Hat Security Advisory 2017-0282-01 - The Oslo concurrency library has utilities for safely running multi-thread, multi-process applications using locking mechanisms, and for running external processes. OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. OpenStack Image Service provides discovery, registration, and delivery services for disk and server images. The service provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services.
5fd712c87b8881f2c1c11ceb138da557ae0c18a97e0eaffd9f628cfb8aad3438Ubuntu Security Notice 3197-1 - Kuang-che Wu discovered that multiple integer overflow vulnerabilities existed in libgc. An attacker could use these to cause a denial of service or possibly execute arbitrary code.
9660c57eca69d7e5b5e3f1edab1ac7798f8fe091d546ea992308803cdc972e83Cisco Security Advisory - A vulnerability in the web-based GUI of Cisco UCS Director could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile. The vulnerability is due to improper role-based access control (RBAC) after the Developer Menu is enabled in Cisco UCS Director. Attackers could exploit this vulnerability by enabling Developer Mode for their user profile with an end-user profile and then adding new catalogs with arbitrary workflow items to the profile. An exploit could allow attackers to perform any actions defined by these workflow items, including actions affecting other tenants. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
af8ddd4b376f7c30e09926c47b62cf5a42d2a31626a7239edac7bdaa02886344Red Hat Security Advisory 2017-0276-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A denial of service flaw was found in the way BIND handled query responses when both DNS64 and RPZ were used. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure or a null pointer dereference via a specially crafted DNS response.
33a7601585c42e9c028fe9fe800eccb4904146febae800994c309c87bb09a0ceJoomla JoomBlog component version 1.3.1 suffers from a remote SQL injection vulnerability.
2a3e00aece5ff7a26c6e0e8989853559766b9ee80c52a24311f397cfaea8e070Suricata IDS / IPS versions 3.2.x before 3.2.13.13 and versions 3.1.3 and below suffered from an issue with IPv4 evasion.
ae4d50e6dd5d0d4d2b0cfb7661192e3225d3bededae3434f440a38ff2641bf79OpenSSL Security Advisory 20170216 - During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL to crash (dependent on ciphersuite). Both clients and servers are affected.
89f33fdcfc3a843de7fa742f846df800fb1b00666355c492d4ba177e9b4340bbJoomla Spider Catalog Lite component version 1.8.10 suffers from a remote SQL injection vulnerability.
9ad9dca71b7e8d6d0542251460ff409a2923b90e54c17cbf8178f13088f4126fJoomla JEmbedAll component version 1.4 suffers from a remote SQL injection vulnerability.
29f8362bb4246d4f4b00d992692cd21868974c3ef96cbc7146a4c883aac383a9Joomla Spider FAQ Lite component version 1.3.1 suffers from a remote SQL injection vulnerability.
a26d44a2e68bca913869836d315a2c7605ebf030c50a5cbc4b1b51d662ee7b71Joomla Spider Facebook component version 1.6.1 suffers from a remote SQL injection vulnerability.
bbd7c757c81b55e14b9a48661769e540c487ed8339f0d9c37fddfd0625e15472GOM Player version 2.3.10.5266 suffers from an .fpx file denial of service vulnerability.
e696f17a61fc8fa053bbaae40704101549943d96e59a303ece6f2bbdd6fe50ec156 bytes small Linux dual / multi mode bind shell shellcode.
659a9367e30a697641766975195410f25a1bd0301b3ae9dbec564d2c0830fa6dJoomla JSP Store Locator component version 2.2 suffers from a remote SQL injection vulnerability.
0f662c9a963f5d4595d3741b19e2dca18d35d7e3faa2594afe621674555a2e5c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed