Slackware Security Advisory - New xorg-server packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
cb27d12d25dde94c7fcb4078e7f623a71aba876dceb4186dc9c85f194dc92021Red Hat Security Advisory 2017-2863-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: Kernel memory corruption due to a buffer overflow was found in brcmf_cfg80211_mgmt_tx() function in Linux kernels from v3.9-rc1 to v4.13-rc1. The vulnerability can be triggered by sending a crafted NL80211_CMD_FRAME packet via netlink. This flaw is unlikely to be triggered remotely as certain userspace code is needed for this. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely.
b5d36abd11e4b419b90113b2ed47a5cc04c205be0ed8a375cf6ddc28816b390aUbuntu Security Notice 3439-1 - It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. Yusuke Endoh discovered that Ruby incorrectly handled certain files. An attacker could use this to execute terminal escape sequences. Yusuke Endoh discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a denial of service. Various other issues were also addressed.
8c6c4c94983dabc75dd50c50d1082bfaba6b7926affc9a8903806ee12dcbfb72Red Hat Security Advisory 2017-2860-01 - PostgreSQL is an advanced object-relational database management system. Security Fix: It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords.
6d56e55b488b26d17886c954bb94e94e3b3af4cd7d29690997652965cf565de0Ubuntu Security Notice 3438-1 - It was discovered that Git incorrectly handled certain subcommands such as cvsserver. A remote attacker could possibly use this issue via shell metacharacters in modules names to execute arbitrary code. This update also removes the cvsserver subcommand from git-shell by default.
e32a2ebe0546242c52b87064dfcd052606941a2550f69c17e41fd7203c101d6fLansweeper version 6.0.0.63 suffers from a cross site scripting vulnerability.
4b22abdddc1c837b9570e576fea285a43af05467d3f4ec06042d5ab9f5b354b9Apple Security Advisory 2017-10-05-1 - macOS High Sierra 10.13 Supplemental Update is now available and addresses a password hint issue and keychain extraction vulnerabilities.
ba18157b0ddad8def7a6b9f8b593aefe7b6bf640e60a4ebe23e2efed83ae9885Unitrends UEB version 9.1 bpserverd remote command execution exploit.
82f1bd41a9b91ff7fcf43dabc0f2e01ae63a3f65d7f2de5cd8bcbb8efd53673bSmartBear SoapUI version 5.3.0 suffers from a remote code execution vulnerability via deserialization.
4cf0e4fc81ad8154903c5779e00dbb3afa5e22cf4b62e8c9face65c732b1a970During a security audit of Magento Community Edition / Open Source and Commerce, cross site request forgery and stored cross site scripting vulnerabilities were discovered that could lead to administrator account takeover, putting the website customers and their payment information at risk. Versions affected include Magento CE 1 prior to 1.9.3.6, Magento Commerce prior to 1.14.3.6, Magento 2.0 prior to 2.0.16, and Magento 2.1 prior to 2.1.9.
4d32bf78790a47b612f73e6f5369bdb54efc47178d31a6a5c2caee2287e9d34fUCOPIA Wireless Appliance versions 5.1 and below suffer from a captive portal remote root code execution vulnerability.
ae7e8abc8f16b10dadca2659c059cf8776f3ea99ee39848e71339f94e098c220
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed