RSA Authentication Manager 8.2 SP1 Patch 2 contains a fix for a brute force PIN-guessing vulnerability. This Self-Service Console vulnerability could potentially be exploited by malicious users and would impact a victim's ability to access protected resources. It requires that the victim's Self-Service Console credentials were compromised.
77aa2d399d4cb516fc5ff38029d6ead28e25e859e723af948bdbc87aeb25d0feEMC ViPR SRM, EMC Storage M and R, EMC VNX M and R, EMC M and R for SAS Solution Packs contain undocumented accounts with default passwords for Webservice Gateway and RMI JMX components. A remote attacker with the knowledge of the default password may potentially use these accounts to run arbitrary web service and remote procedure calls on the affected system.
e6415f53d783cf4db0e45411c0e289224a93bbb7336828a9a2b204e38467e23eRed Hat Security Advisory 2017-1739-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. Security Fix: A cross-site scripting flaw was discovered in the OpenStack dashboard which allowed remote authenticated administrators to conduct XSS attacks using a crafted federation mapping rule. For this flaw to be exploited, federation mapping must be enabled in the dashboard.
e18207687de7f35cadfe4c6e890cdbe4b2626ac0b5f418ff6563f33d68af607fiSmartAlarm Backend suffers from a server-side request forgery vulnerability.
da804f19d05a661b73dd051be5f3a1581b11b2858fec1fe0e6c21ddf2edf9c84iSmartAlarm CubeOne fails to validate the server-side SSL certificate.
6f8db5b3ece4e1e602b85d195adbc5b0e5b4dbdf942a6229d0ec3960d6e2bddeA missing anchor in generated regex for rack-cors versions prior to 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net (as well as example.com-example.net) would be inadvertently allowed.
9e2393521935f0c2d55d8bbcb87e105d1c088b74bf965cd2698351eafce20ff4AGFEO Smart Home ES 5xx / 6xx versions 1.9b and 1.10 suffers from authentication bypass, cross site scripting, and hard-coded private key vulnerabilities.
b2200472eb599e2f158bdd515a5c8503aba40b07de1704b509cb4ab9af230c5dRed Hat Security Advisory 2017-1731-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 26.0.0.137. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
47f596bc7cb8b676a218eaad3de2cb4954dcc684d71f83033193a1d46a52a6a8IBM Informix DB-Access utility is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. The vulnerability is triggered by providing an overly long file parameter value inside a LOAD statement, which is used to insert data from an operating-system file into an existing table or view. Version 12.10 is affected.
7242df27de9624e0c0b57ed3ef055069c110005a841ad63815fe50406c581c74ObjectPlanet Opinio versions 7.6.3 and below suffer from a cross site scripting vulnerability.
1ec0215ae742091f21c37eeb17032a074dc5191ea8941b52c6a34d5e36556cdaRed Hat Security Advisory 2017-1721-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning.
501f1a9e83c4d2a57f85a6319ff08f4cb39c3fe24d17c131138eb29c3b23deb5Red Hat Security Advisory 2017-1715-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.
62efaa9fb5dc8f8fb6a0946ee053ae58a6deca0ba51a9b5cb405c0f101600a45Red Hat Security Advisory 2017-1723-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.
0dc240c457b2a7a130cf637c2ed5bdf468bb619dfe9e8b60997711285085985dDataTaker DT80 dEX version 1.50.012 suffers from an information disclosure vulnerability.
048568e8d903730e1c7a71509f06b027e564960e8dac311671ebcf6ca565d868VMware Horizon's macOS client versions prior to 4.5 suffer from a code injection vulnerability.
f66d718ae51d75bdcc8a8fa9026bde7c7516f85ea2777a8579d4c319165f6016RaidenHTTPD version 2.0.44 suffers from a cross site scripting vulnerability via the user-agent header.
4e5fb1d12824277e2c16c01b1e20fc64700a011ff335cb5fd70e538478517c43When dealing with XFRM_MSG_MIGRATE message, xfrm_migrate func does not check dir value of xfrm_userpolicy_id. This will cause out of bound access to net->xfrm.policy_bydst in policy_hash_direct func and others when dir value exceeds XFRM_POLICY_MAX. Linux kernel versions 4.12 and below are affected.
b19c3f5d900e2c98a719a1ba12c9f79494c5c8cd41263ce11198720a5851bd92This Microsoft bulletin summary lists multiple CVEs that have undergone a major revision increment.
e9765dadc7ef22691f545d5d5ec8511307562284cfbd01acee88de6e21d6a058This bulletin summary lists 64 released Microsoft security bulletins for July, 2017.
7bf2ccfe213585733efeeea542eb9ffafdbfcf2e4c3f9c1f928062288579f4f5
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed