Ubuntu Security Notice 3365-1 - It was discovered that Ruby DL::dlopen incorrectly handled opening libraries. An attacker could possibly use this issue to open libraries with tainted names. This issue only applied to Ubuntu 14.04 LTS. Tony Arcieri, Jeffrey Walton, and Steffan Ullrich discovered that the Ruby OpenSSL extension incorrectly handled hostname wildcard matching. This issue only applied to Ubuntu 14.04 LTS. Christian Hofstaedtler discovered that Ruby Fiddle::Handle incorrectly handled certain crafted strings. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. Various other issues were also addressed.
d9c893a22d5c169a8dba5385ae2f48c95bb57c3652df1066df59f1b32a5c6be2Red Hat Security Advisory 2017-1802-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 1 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes.
1602567b2941f8a71630e044ec64baa8da301c97999fda6d0db02fe7640f5043Red Hat Security Advisory 2017-1801-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 1 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes.
4845740ebc70babce611a556483d39dc408012eba864ad9958098ff60f729ef5WordPress FormCraft Premium WordPress Form Builder versions 3.2.31 and below suffer from a persistent cross site scripting vulnerability.
4bec006b5fad6a94eee0bf1455d92a57d34b82f396e075e2d5904f4c9e22ca8cWordPress Ultimate Affiliate Pro plugin versions 3.6 and below suffer from a persistent cross site scripting vulnerability.
a9c2e3fb171f2a557f1f414f1374b2510df0bfc6492dda53411b1e527d16565eSlackware Security Advisory - New tcpdump packages are available for Slackware 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.
0085d817491997788820058753207dda13af41c7ec99760e74a99abc8cc12c94Ubiquiti Networks products suffer from an open redirection vulnerability. Products affected include, but are not limited to TS-16-CARRIER, TS-5-POE, TS-8-PRO, AG-HP-2G16, AG-HP-2G20, AG-HP-5G23, AG-HP-5G27, AirGrid M, AirGrid M2, AirGrid M5, AR, AR-HP, BM2HP, BM2-Ti, BM5HP, BM5-Ti, LiteStation M5, locoM2, locoM5, locoM9, M2, M3, M365, M5, M900, NB-2G18, NB-5G22, NB-5G25, NBM3, NBM365, NBM9, NSM2, NSM3, NSM365, NSM5, PBM10, PBM3, PBM365, PBM5, PICOM2HP, and Power AP N.
d949ab82fa820e019e252e34b09b9796b3377a6125992b6741bbffca256e68f7Ubiquiti Networks EP-R6, ER-X, and ER-X-SFP with firmware version 1.9.1 suffer from a cross site scripting vulnerability.
ee8734a3380cb25e9501ce4ed4a9ee0bd8e9edf795998ee4d8a0ad875a88622bIt was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). Jann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel could overflow reference counters on systems with more than 32GB of physical ram and with RLIMIT_MEMLOCK set to infinite. A local unprivileged attacker could use to create a use-after- free situation, causing a denial of service (system crash) or possibly gain administrative privileges. Various other issues were also addressed.
5ac8ab1044124a2f103555749966cf05ff7355548d25296503bbe9485eb0814cWebKit JSC suffers from incorrect LoadVarargs handling in ArgumentsEliminationPhase::transform.
edbf79d7990323abaf4336e6c20ceed747d95e780f4b02cba2012766bb547326WebKit suffers from a WebCore::RenderSearchField::addSearchResult heap buffer overflow vulnerability.
4857989b812be535ca2a0333f4fc063225535c5a1fe5d4ed290ef1ed550fe158WebKit suffers from a WebCore::AccessibilityNodeObject::textUnderElement use-after-free vulnerability.
2c4791349359086c7adcb2d645742cfa4c6b35eba2831689924c2a562b2a4f62WebKit suffers from a use-after-free vulnerability in WebCore::RenderObject with accessibility enabled.
6f4055f8c47d2cd352507cfd33da6af6a1b23136f339db9715ff1454fc57d670WebKit suffers from a WebCore::AccessibilityRenderObject::handleAriaExpandedChanged use-after-free vulnerability.
98991424a644c47d5333233cabf4be78b0b7efb8db1eb885c5daeef0bfbfa1d2WebKit suffers from a WebCore::InputType::element use-after-free vulnerability.
26accfef3c015e940fb5ee457cb6a29a72c381aeafaf3f15e41b5c7a42c7d015WebKit suffers from a WebCore::Node::getFlag use-after-free vulnerability.
6eef1993e0cd62e0fad5f186f71640c1ddc0dd0940b55f1ad76e91e12504c088WebKit suffers from a WebCore::getCachedWrapper use-after-free vulnerability.
b0d62cf7ab42c752da7c6b95126b1b47b02f6705a61df1f00207db405ed0dcffWebKit suffers from a WebCore::Node::nextSibling use-after-free vulnerability.
8fb09a6df3645a5bb6ae947a46e56826654f1c6c20cf3208f9247bd19743e887WebKit JSC JSObject::putInlineSlow and JSValue::putToPrimitive suffer from a universal cross site scripting vulnerability.
f095b5aaa821ebc8b2b079ea176435f7ceb10452b75dab356e18e864136cf744WebKit JSC suffers from an ObjectPatternNode::appendEntry stack use-after-free.
33b5aee90d54dea0a033cb5bc2360e1678605183705f19824210b8a033b4dff6MEDHOST Connex suffers from having hard-coded credentials that are used for customer database access.
3ec6996dd81186f3e6b24b5054c626a66031e271872c3bff28c529d9fc080d1eWebKit suffers from a JSC JSArray::appendMemcpy uninitialized memory copy vulnerability.
8d22ca5e10db1797b729dcfc5c2d6c3e3fe279ed1337004c773ea5f826eaebf4WebKit suffers from a JSC incorrect scope register handling in DFG::ByteCodeParser::flush(InlineStackEntry* inlineStackEntry).
d3dc861b45ee21a79280a28a3f48b4c0af5d9e2ccf5aa78da8711387b3faf038WebKit JSC suffers from an uninitialized memory reference in arrayProtoFuncSplice.
ce1c4741e5611858900581d7df034b8e7542529547943c3348da1dbda9904227RedTeam Pentesting discovered a remote command execution vulnerability in the REDDOXX appliance software, which allows attackers to execute arbitrary command with root privileges while unauthenticated. Affected versions include build 2032 and 2.0.625.
becde93c067e78ba68597a35f6d477408561832538f83bbfc9c5867a28459d85
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed