Cisco Prime Infrastructure versions 1.1 through 3.1.6 suffer from cross site scripting, XML external entity injection, file disclosure, and remote SQL injection vulnerabilities.
b99dc34bb1d4f4d0e0a2ab8dce19e42ad7671744eb78f870180c5ae19b9036d4Gentoo Linux Security Advisory 201706-21 - A cache-related side channel vulnerability was found in nettle which might allow an attacker to obtain sensitive information. Versions less than 3.2-r1 are affected.
885f8056e74c9f6d0aea60f7ffb6818f90255f732b0dca76c25821d89e332ea7Ubuntu Security Notice 3339-1 - Karthikeyan Bhargavan and Gaetan Leurent discovered that 64-bit block ciphers are vulnerable to a birthday attack. A remote attacker could possibly use this issue to recover cleartext data. Fixing this issue requires a configuration change to switch to a different cipher. This update adds a warning to the log file when a 64-bit block cipher is in use. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. It was discovered that OpenVPN incorrectly handled rollover of packet ids. An authenticated remote attacker could use this issue to cause OpenVPN to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. Various other issues were also addressed.
18a5c77511e3ae26a7bfae4c9431f20c33fd11ad212e06d8a50e2ce03e855ef6Gentoo Linux Security Advisory 201706-23 - Multiple vulnerabilities have been found in Urban Terror, the worst of which allows for the remote execution of arbitrary code. Versions less than 4.3.2_p20170426 are affected.
e1ed8d30f0b392a1b39ea2791603589dc1bacab5b9a9bad5fe16c9d56300d144Debian Linux Security Advisory 3893-1 - Alvaro Munoz and Christian Schneider discovered that jython, an implementation of the Python language seamlessly integrated with Java, is prone to arbitrary code execution triggered when sending a serialized function to the deserializer.
28082ecdfc7d36bb6974d4fcffa80e9eb082a40d15bb94895c823b3093fce120Gentoo Linux Security Advisory 201706-22 - Multiple vulnerabilities have been found in libksba which might allow remote attackers to obtain sensitive information or crash an libksba-based application. Versions less than 1.3.5 are affected.
f717957a45f386a5d1d062f4a0d6afa0418d93d4ed68c5e2798e295d74c1e808SimpleRisk version 20170416-001 suffers from multiple cross site scripting vulnerabilities.
185793b5e9bee825f996a6b8ad2ee15810c93daf522839010e61028a0b19ee14Blackcat CMS version 1.2 suffers from a cross site scripting vulnerability.
b32dbbbd0271e599972b72c1d838af3a9cc1e37a4dd2a35467665c4439f7a4d9Slackware Security Advisory - New openvpn packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
c04ff34949106c7176237631c19551e85574da73ed1e5bfb2c4088214d52c98eIt was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges.
f95f04e7b1184d8df724d4c1d6507362007db3395f5fc92d7f1ed879378408edDAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.
76e508157a2a4426a871dd1183e883f9791207520c5181f01c455d9c5cf75447Linux kernel versions 4.10.1 and below suffer from a double-fetch vulnerability.
e993cf26337580ded575061e05ee16fc9ae344af4931da27d81257931665f919PayPal's Marketing Online Service suffers from a user enumeration vulnerability.
3b9d6da3d56b420c72cb039b0e514df991593571415770fe4e47632a5f86ee67Vaadin version 7.7.6 suffers from a cross site scripting vulnerability.
c2d454207537c8783dd2bf507a0621ed37a1bef95a52153b85ab19a838270501OffensiveCon Berlin 2018 has announced its call for papers. It will take place February 16th through the 17th, 2018 in Berlin, Germany.
0734f5a2d9d993b6f23fe89feb6b2b14698968397dad9204e4ca135ef85e4e4b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed