haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.
f77d9adbdf421b61601fa29faa9ce3b479d910f73c66b9e364ba8642ccbfbe70Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.
dcfecaf6c83e4933fc64d1fc7de757768d8f250762c08bbfa07c241fa6f2193bRed Hat Security Advisory 2017-3247-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.5.0 ESR. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
8e16534b09b23a33b0a419c297e51028a2923401e71e964c16ebcc9a5811ec77This Microsoft bulletin summary holds information regarding an update to ADV170012.
08c4a2c9ecb5b2d26b2386992433d631938f57d58ae0cfa7196f221c029e02deCisco Umbrella virtual appliance versions 2.1.0 and below contain undocumented hardcoded credentials which could allow an attacker to access the hypervisor console and provide persistent and unrestricted access to the virtual appliance.
b75df23092926396b8f5b75ae10c72733fe4fc796acb74fe704cb7c3477edf0eGoogle Chrome versions prior to 62 universal cross site scripting proof of concept exploit.
730a2b5fb402371611e42fcfe25b060a6438fd9f57dbd7263de1964334b1a7ccVXSearch version 10.2.14 local SEH buffer overflow exploit that binds a shell to port 1337.
78167a68357a09d5d18a1d5da9c83a989c6a6d51e521078b35a9c0f582437a65Progress Sitefinity versions 10.0 and 10.1 suffer from broken access control and LINQ injection vulnerabilities.
3b9ede0ed34ccec1a3785d53427af9ee98ed5e43eb4328b53908fb90a5292e5cFreeBSD Security Advisory - Not all information in the struct ptrace_lwpinfo is relevant for the state of any thread, and the kernel does not fill the irrelevant bytes or short strings. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information of the kernel stack of the thread is possible from the debugger. Some bytes from the kernel stack of the thread using ptrace(PT_LWPINFO) call can be observed in userspace.
533301518e00c3f677f362cc8de2e076480df8e74a46065791d33281d67d52f2D-Link DCS-936L suffers from a cross site request forgery vulnerability.
3251127ae5772aece5a596f9ae632c7495567ca8b9aa2dec93bb0433d7ca5898Dell Active Roles versions 7.1, 7.0.4, 7.0.3, 7.0.2, and 7.0 suffer from an unquoted service path privilege escalation vulnerability.
07a00566104c4227a3ed1dab9176a2272fdf66ccdbc0cd002a9eab7ce0cd87a2phpMyFAQ version 2.9.9 suffers from an issue where an administrative account can execute arbitrary code on the server by modifying LANG_CONF[main.metaDescription].
a6d03297b6d015d54d53b8b82104789e4468707199c9c312ad5200a4beca9306Red Hat Security Advisory 2017-3240-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release provides an update to httpd and OpenSSL. The updates are documented in the Release Notes document linked to in the References. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.
9ece2803c2591e72b00995bee6a9207f1fc1a788275558bc426859472b8646baRed Hat Security Advisory 2017-3239-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release provides an update to httpd and OpenSSL. The updates are documented in the Release Notes document linked to in the References. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.
8c237943c4ac9a76f526c8ffc99d75cff7c3ccc83117866ca934cb993d17f871Ubuntu Security Notice 3482-1 - It was discovered that racoon, the ipsec-tools IKE daemon, incorrectly handled certain ISAKMP fragments. A remote attacker could use this issue to cause racoon to crash, resulting in a denial of service.
0032e096722d8785f5d0dee9824dd9f5eeb2514161d52014e052642ceff906deUbuntu Security Notice 3477-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information, bypass same-origin restrictions, bypass CSP protections, bypass mixed content blocking, spoof the addressbar, or execute arbitrary code. Various other issues were also addressed.
84991dce94f63fa4afac41edc8d77c29b37c17f84c726d1811a0aa0654b71910Ubuntu Security Notice 3481-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
4ca3dfea2b95eda878b51f45506e3e903872a43ea288028be7c39b16f583ce11Red Hat Security Advisory 2017-3244-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 7.1.1 serves as a replacement for Red Hat JBoss Data Grid 7.1.0, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References. Security Fix: It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr's Config API.
5af80a8b5ac307329447f99ab4502bafe5e71b9a6b60854fc9bd8b379758e3e3Red Hat Security Advisory 2017-3227-01 - openstack-aodh provides the ability to trigger actions based on defined rules against metric or event data collected by OpenStack Telemetry or Time-Series-Database-as-a-Service. Security Fix: A verification flaw was found in openstack-aodh. As part of an HTTP alarm action, a user could pass in a trust ID. However, the trust could be from anyone because it was not verified. Because the trust was then used by openstack-aodh to obtain a keystone token for the alarm action, a malicious user could pass in another person's trust ID and obtain a keystone token containing the delegated authority of that user.
f243e1e08e1d116befbb2a5b0d7877606b49e91c887f446d992a6573a7c0afc9
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed