HPE Security Bulletin HPESBHF03744 1 - Potential security vulnerabilities with OpenSSL have been addressed for HPE Intelligent Management Center (iMC) PLAT. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS). Revision 1 of this advisory.
99aeebea1c35a4f406782d080470c69bf66978ba45cc37f1440ba6f370c6f25f
Mantis Bug Tracker versions 1.3.10 and 2.3.0 suffer from a cross site request forgery vulnerability.
657f51bab66ce5d5cf6800d27e2f3bc584ea834cf9cbd98479d947434a3b0ead
Debian Linux Security Advisory 3858-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in privilege escalation, denial of service, newline injection in SMTP or use of insecure cryptography.
e8004e244bc9ba3237af6bccc9d6a3803da5f5860ae47f04632bea3d25f01406
Red Hat Security Advisory 2017-1262-01 - The rpcbind utility is a server that converts Remote Procedure Call program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix: It was found that due to the way rpcbind uses libtirpc, a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer.
9df768ffe02abc9c9d33d36f5d1cb57af1e669c292ca02824422babbe60dd117
Red Hat Security Advisory 2017-1263-01 - The libtirpc packages contain SunLib's implementation of transport-independent remote procedure call documentation, which includes a library required by programs in the nfs-utils and rpcbind packages. Security Fix: It was found that due to the way rpcbind uses libtirpc, a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer.
49d9acba01c695412d6018d26794d50acb5f77b1730e133e0169fa768d25b526
Red Hat Security Advisory 2017-1265-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.
4098aa20948ce3f8ca4c274f5eed9f9ca798a1f08ce911aefc1cc64b5cf7492f
Red Hat Security Advisory 2017-1264-01 - The K Desktop Environment is a graphical desktop environment for the X Window System. The kdelibs packages include core libraries for the K Desktop Environment. Security Fix: A privilege escalation flaw was found in the way kdelibs handled D-Bus messages. A local user could potentially use this flaw to gain root privileges by spoofing a callerID and leveraging a privileged helper application.
55b5ec56d5fdf924706e71ec4e094f503df4e61144152b03ddfde919983c2a85
This vulnerability permits an unprivileged user on a Linux machine on which VMWare Workstation is installed to gain root privileges. The issue is that, for VMs with audio, the privileged VM host process loads libasound, which parses ALSA configuration files, including one at ~/.asoundrc. libasound is not designed to run in a setuid context and deliberately permits loading arbitrary shared libraries via dlopen().
4f6b3ffb38593e545a6d2b121f82db2cd943284427086d0cf851e6f78aa712bf
Atlassian SourceTree versions 2.5c and below suffer from a command injection vulnerability. This advisory gives a ridiculously small amount of information regarding the issue itself.
e2a767420fa68c4a02c5ef67ce359c7a39caef6bd52157da4e47059779e79f74
DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.
1d0696f6d29b1273f17be4301f1c7f0214c4b515f9206ae19050d360010d08ba
Asterisk version 14.4.0 with chan_skinny enabled suffers from a memory exhaustion vulnerability that can lead to a denial of service vulnerability.
f873e04bcb0eecc9597ab97c172b350143d8b4bc7a90a33fabc8192c71a4c519
Asterisk version 14.4.0 running chan_pjsip with PJSIP version 2.6 suffers from a denial of service vulnerability.
26735dd3956e23cd86d3bfd7f09cf45b7e07e2f91f84b5f91c48da4e3976b767
Asterisk version 14.4.0 with PJSIP version 2.6 suffers from a heap overflow vulnerability in CSEQ header parsing.
96d2411683190b99bf76dad788720f5b886c567643bf4124f892badaecf39a31
VMWare Horizon client version 5.4 suffers from a dll hijacking vulnerability.
05cb35186f2e5f6b2221c1ab68f277a67270ad790351e64db88411655e075325
HP SimplePass versions 8.00.49, 8.00.57, and 8.01.46 suffers from a local privilege escalation vulnerability.
ed0ba43506d010e8c28aee71c085c7b2aa863c572c95d00e7bb69bb5b2d1abdb