Debian Linux Security Advisory 4283-1 - It was discovered that ruby-json-jwt, a Ruby implementation of JSON web tokens performed insufficient validation of GCM auth tags.
28f8c88f7fb017fc30223702c1e4340a4e8aa422a76857308f7bfd7a00361478
Debian Linux Security Advisory 4282-1 - Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service, cache poisoning or information disclosure.
07fbc1c9e51734ca79a5933dbd1c202134f02f85f65b004c45299f8e39ff82f6
CA Technologies Support is alerting customers to multiple potential risks with CA PPM (formerly CA Clarity PPM). Multiple vulnerabilities exist that can allow an attacker to conduct a variety of attacks. The first vulnerability has a medium risk rating and concerns an SSL password being stored in plain text, which can allow an attacker to access sensitive information. The second vulnerability has a high risk rating and concerns an XML external entity vulnerability in the XOG functionality, which can allow a remote attacker to access sensitive information. The third vulnerability has a high risk rating and concerns two parameters that fail to properly sanitize input, which can allow a remote attacker to execute SQL injection attacks. The fourth vulnerability has a high risk rating and concerns improper input validation by the gridExcelExport functionality, which can allow a remote attacker to execute reflected cross-site scripting attacks. The fifth vulnerability has a medium risk rating and concerns an XML external entity vulnerability in the XOG functionality, which can allow a remote attacker to conduct server side request forgery attacks.
56596d04b0760af3b1ed7bb22efd65a2422f2f3e1c4e000cf923bc45f8224959
This whitepaper analyzes a privilege escalation vulnerability in the Microsoft .NET framework as noted in MS15-118.
37605f7265366b26d005c46be12096813840fb17786c601c6585fed013b9fe08
Admidio version 3.3.5 suffers from a cross site request forgery vulnerability.
d31a466dbc74a79c090b5e32e8e0c61e2e9517e50db3aae3d7da30f8b340fc18
D-Link DIR-615 suffers from a denial of service vulnerability.
5f21c9888d28114b2be070abcc891f7a909bcb9c33b807d7d59fca9aa268cbd5
Online Quiz Maker version 1.0 suffers from a remote SQL injection vulnerability.
994c27b76508be01e2509ccad7981e82a26fdb521fc850bb58906f7e1f5828d3
Trend Micro Virtual Mobile Infrastructure version 5.5.1336 suffers from a denial of service vulnerability.
bcb98d00ffa3696fce85d6fc505b722d22dfc365fa3e435e4a00978adb218f47
Wikipedia version 12.0 suffers from a denial of service vulnerability.
51ade88ad1fb865d57def0aa6bc25a74b5c587034ffaf5fe9bbb0c8f6fb77232
Android Dexdump, tested on Nexus 4 with Android 5.1.1, was found to have a buffer overflow vulnerability.
17f6454004b8a93af64f455ddf63ae9dda00225c1d8b53683c343356ee18c5ad
Microsoft Windows Explorer suffers from an out-of-bounds read denial of service vulnerability.
cc54fc2013f8907e6fc0626e0dcd911dc936873b5ec97821d47403d62461c287
Symantec Mobile Encryption for iPhone version 2.1.0 suffers from a denial of service vulnerability.
119082c8fba0ce625f4d888eb4ead0b157fe56329f2ffa4dd557451514b85c3c
OwlChat version 2.0 suffers from a remote shell upload vulnerability.
71535e5f1c737599783d8c018f57f952db03b144e483ee6105e6d718295a9d49
Visual Ping version 0.8.0.0 suffers from a denial of service vulnerability.
aad4a1d8a4f935f5ff6c1bfb824766bf67b49622a4e50ef88941574c6b10060f
VSAXESS version 2.6.2.70 build 20171226_053 suffers from a Nickname field denial of service vulnerability.
8796085bf8a6869d32b44943c13ad4ff6834fee3d36fcfb8b4f05e4692d265d7