Webligo SocialEngine version 4.8.9 suffers from a remote SQL injection vulnerability.
23d7b324c1f00d120d482272b68f715bc252d57f6a4a0e8541edcafd5c706d24op5 has a cross site request forgery entry point that can be used to execute arbitrary remote commands on op5 system sent via HTTP GET requests, allowing attackers to completely takeover the affected host. To be victimized a user must be authenticated and visit a malicious webpage or click an infected link. Version 7.1.9 is affected.
a99ec5b8c98fbbd4d26e18a7ffeb77840fb048d7100904df54c1a9e24ecdd54fCA Technologies Support is alerting customers to a Medium risk vulnerability with CA API Gateway (formerly known as Layer7 API Gateway). A vulnerability exists in CA API Gateway that may allow a remote unauthenticated attacker to conduct CRLF Injection attacks in limited network configurations. CA has fixes available. Versions affected include 7.1, 8.0, 8.1, 8.2, 8.3, and 8.4.
d75ce9c00c2cc4cc2833e147503b98c91bbedd492653fd12e4463e86d064dac4Asbru Web Content Management System version 9.2.7 suffers from cross site request forgery, cross site scripting, open redirection, and directory traversal vulnerabilities.
a855a651720da4d549f9b5abc9c5497e9eafb205df8154d2cb842c4fccaf3b25Red Hat Security Advisory 2016-0591-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss 3.21.0, nss-util 3.21.0, nspr 4.11.0.
b4d37927706ed52b6f88aeba09a8fe9f5e48bb1850ac0233b2fc350696bfd23fDebian Linux Security Advisory 3541-1 - High-Tech Bridge Security Research Lab discovered that Roundcube, a webmail client, contained a path traversal vulnerability. This flaw could be exploited by an attacker to access sensitive files on the server, or even execute arbitrary code.
e23b46e4ad95b874f9e497641a751002dc3c31cf66a6ab1d5fcf9d9b56be8bf7Gentoo Linux Security Advisory 201604-3 - Multiple vulnerabilities have been found in Xen, the worst of which cause a Denial of Service. Versions less than 4.6.0-r9 are affected.
a7e9bd9d6342dd146c7a64ee40be706e83549d090ba7149e7ac964a6280a8109Red Hat Security Advisory 2016-0601-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A denial of service flaw was found in the way BIND parsed signature records for DNAME records. By sending a specially crafted query, a remote attacker could use this flaw to cause named to crash.
932038321dd0b89f4e08ede9ca33a95b9d44f53d2a5e3bb5d5f2bf80334fd5d7Slackware Security Advisory - New subversion packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
d07b7f92a7fee24f280aee13f62ed578e757644b36f2aded17031c4d2ee6e33eUbuntu Security Notice 2947-1 - Ralf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.
1589a71a5392734b1ae81742ea08c3d1505de7730a5f381c44076a2fbb5cda36Ubuntu Security Notice 2946-2 - Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux Extended Verification Module (EVM). An attacker could use this to affect system integrity. David Herrmann discovered that the Linux kernel incorrectly accounted file descriptors to the original opener for in-flight file descriptors sent over a unix domain socket. A local attacker could use this to cause a denial of service (resource exhaustion). Various other issues were also addressed.
0038e1460e63ff5cc6aaf80a71168ed50dafde78ce37b3363aa006a996681a76Ubuntu Security Notice 2949-1 - Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux Extended Verification Module (EVM). An attacker could use this to affect system integrity. David Herrmann discovered that the Linux kernel incorrectly accounted file descriptors to the original opener for in-flight file descriptors sent over a unix domain socket. A local attacker could use this to cause a denial of service (resource exhaustion). Various other issues were also addressed.
0400bb0d8a6dc0fa5b0e9e74b415c869ca8984e6ffeaccdb1937b1486387cb3aUbuntu Security Notice 2948-1 - Ralf Spenneberg discovered that the USB driver for Clie devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). Ralf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). Various other issues were also addressed.
f3cae25b14e5e6dc21f92189550892543b26dc0cb3d6486d3fef87657d9a3007Ubuntu Security Notice 2947-3 - Ralf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.
8e332a027893fa2b8bfdfdd28766726d47bc3892017b1859881263fdd0532d37Ubuntu Security Notice 2946-1 - Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux Extended Verification Module (EVM). An attacker could use this to affect system integrity. David Herrmann discovered that the Linux kernel incorrectly accounted file descriptors to the original opener for in-flight file descriptors sent over a unix domain socket. A local attacker could use this to cause a denial of service (resource exhaustion). Various other issues were also addressed.
c6cb3ff3dd5bc15eed99776afa7a96f21344d3b8675e42dfbe88b47003dcedc5Ubuntu Security Notice 2947-2 - Ralf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.
a1cd9bf0ef18c2c6d6e9125dc56451016c28dacccc9581b62fb421f6ee77a750HP Security Bulletin HPSBGN03569 1 - Potential security vulnerabilities have been identified in the server running HP OneView for VMware vCenter (OV4VC) version 7.8.1 or earlier. The vulnerabilities may lead to remote disclosure of information. Revision 1 of this advisory.
ba96f809d6edd6493b69b5512fafd074d2553430432ef066408a44fa3cf3e38bRed Hat Security Advisory 2016-0594-01 - Graphite2 is a project within SIL's Non-Roman Script Initiative and Language Software Development groups to provide rendering capabilities for complex non-Roman writing systems. Graphite can be used to create "smart fonts" capable of displaying writing systems with various complex behaviors. With respect to the Text Encoding Model, Graphite handles the "Rendering" aspect of writing system implementation. The following packages have been upgraded to a newer upstream version: graphite2.
8245e814f0ff3ac5cb5d50adb975b1e87e9aa2734b464dc080a69a685a6503bfRed Hat Security Advisory 2016-0599-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.6, and includes bug fixes and enhancements.
140782db309e3d0cc3202efce5773f9a61f7e69973fb793ec750d5ed96c88287Red Hat Security Advisory 2016-0598-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the packages have been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.7.
111a67270d9143c214508566b1b9db46e1080ebb465b5a5788f63b438ed313dcRed Hat Security Advisory 2016-0595-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.6, and includes bug fixes and enhancements.
c0828c1c1f5306ea1cd4af9e6032c9249874f701dbe4bd8af9c0d7e8e3125c85Red Hat Security Advisory 2016-0597-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.6, and includes bug fixes and enhancements.
1b6a6729380fbd810b6dd39e519d747cb6d3fd966ae08b5ed06c03494fe2b765Red Hat Security Advisory 2016-0596-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.6, and includes bug fixes and enhancements.
f092125120269b1db2bd7ba601b60cfeb37921d28d5a686ef7e4886115652a7dDebian Linux Security Advisory 3543-1 - Emmanuel Thome discovered that missing sanitising in the oarsh command of OAR, a software used to manage jobs and resources of HPC clusters, could result in privilege escalation.
3d4e747ce873655fa1b33966ae56aab54fece801f3af12f06bbeb07bea7f1367Debian Linux Security Advisory 3542-1 - Several vulnerabilities have been discovered in Mercurial, a distributed version control system.
8a55233ac0ff62df88d422523f37a42a009f2e368698ed0a39f5c316eb14eec0
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed