Ubuntu Security Notice 3261-1 - Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. Li Qiang discovered that QEMU incorrectly handled the 6300esb watchdog. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Various other issues were also addressed.
59e4c93cf0110c0dfbf04c8437a5671ce02bce5e5d84b925280c13d41fc38a3b
The FTP/SSH form functionality of WordPress was found to be vulnerable to cross site request forgery. WordPress versions 4.5.3 through 4.7.4 are affected.
b97c1f2af9252a37cfcaefbd0f9425ff1c4e40ba1332f9a406279cdaac8df4db
Safari suffers from an out-of-bounds memcpy in Array.concat that can lead to memory corruption.
6db1ba6357b6b2691d74c0fe51123d940627a490bc8ab5b483b0f2bce87edc4d
Oracle PeopleSoft ToolsRelease version 8.55.03, ToolsReleaseDB version 8.55, and HCM version 9.2 suffer from a server-side request forgery vulnerability.
81aa80e8e24be6f11845f3fa0201b4cd2ffe96706536ef956f09b8e1e3273132
Oracle E-Business Suite version 12.2.3 suffers from a remote SQL injection vulnerability.
fdf11a3dbf17bfa298933d15dd12fc9860d85cbb06c02b150b5ba4663131b3fa
Oracle PeopleSoft HCM version 9.2 on PeopleTools version 8.55 suffers from an XML external entity injection vulnerability.
6363b44c5b3ced6660487c0a4fe15d05600db5204a0187bd979e6984d878d6d5
Microsoft Windows IFEO Winlogin SYSTEM backdooring exploit.
1fc463280ed7deb7ca3c298d64a41c7d6fa69fba4c36a4d6a020e8902bc1b58f
Final call for the third annual Hack In The Box (HITB) GSEC conference in Singapore. HITB GSEC is a 2-day deep knowledge security conference where attendees get to vote on the final agenda of talks and and to meet with the speakers they voted for.
85d61afc8c13b8580a663c330c843f7ac599313b9049451e804b39ca62cf0a0a
October CMS version 1.0.412 suffers from access bypass, cross site scripting, code execution, and remote shell upload vulnerabilities.
f133ae1a00c61dc5828a8d5a4a01eaa1cff8d008fd292fc06836a939242285de
Red Hat Security Advisory 2017-1105-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.
750af2cfd7077f5aa560bd12ea85be9ce9139025ffa43ec631dfd047484d2561
Debian Linux Security Advisory 3831-1 - Multiple security issues have been found in the Mozilla Firefox web overflows and other implementation errors may lead to the execution of arbitrary code, information disclosure or denial of service.
9f8afcaa8534d688f0dd1dd3c0d064eef7b1fcae026986da712b8b6b03fe1800
Red Hat Security Advisory 2017-1104-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.1.0 ESR. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
9350a027ac8628e3af82814a68c801c0d7e4f4e003b6f5c9e5bdf5490ce62adc
Red Hat Security Advisory 2017-1103-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library.
8879a424bb1c3928b3b4f7e204a7098732401cbad6c42ca0fc9c718c5bf6c221
Red Hat Security Advisory 2017-1102-01 - The nss-util packages provide utilities for use with the Network Security Services libraries. Security Fix: An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library.
c7f230b0e58e5d451f7aa479cc74be262fbf2586e9cbac99fa85bbfd783237d0
Red Hat Security Advisory 2017-1101-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library.
204e849c347141be42c022cef5fff520849da9d78fcb1d02c4964d1fc214cbdb
Red Hat Security Advisory 2017-1100-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. The following packages have been upgraded to a newer upstream version: nss, nss-util. Multiple security issues have been addressed.
16fa2b2d78a669af78b0ace268f81e3cdcfdd64198ae4f91dbb9192f2b5545a1
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
99b70cdb729b092207b71d1d88efce8610c32e7c46bc6d523820f386ee2b5ed3
The process hardening implemented by the VirtualBox driver can be circumvented to load arbitrary code inside a VirtualBox process giving access to the VBoxDrv driver which can allow routes to elevation of privilege from a normal user. Version 5.0.32 is affected.
354c5c8d7eae3710b64e963597225ed3690fa9c1db8f9c46391d756eae87a99d
Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a session generation authentication bypass vulnerability.
f3d0c6f0cf0554ddc299fbc8d195e141b856a55387d41d3608fe3e2b833dc7a6
Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a dlp_policy_upload.cgi information disclosure vulnerability.
2b95ab05b45548336e8b0ff756872ed3b5e7c96533959277415f4b7a3ac66de3
Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a logoff.cgi directory traversal authentication bypass vulnerability.
2d89facad03b2aadfc7a64dbc4b3ae3e700fb5257315bc07a0d5dac0b54f2211
Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from an admin_sys_time.cgi remote code execution vulnerability.
831459424e49dfb11a51e3fc6d29ef5bb3f90982635cee4c7c276df9a15321c3
Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a admin_sys_time.cgi remote code execution vulnerability.
02dd6778183ba369304416f10ca5430a4f57946435559276f6499b1f6ba9bc19
Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a detected_potential_files.cgi remote code execution vulnerability.
af18e899701b6b216c1194a67c18ea309e695c0a68e877ab7bcce01d4ace48be
Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a dlp_policy_upload.cgi remote code execution vulnerability.
31f371707b0de38f8698c711e7a95e5c8a9212e4a92c83d9717a9243315dde36