Ubuntu Security Notice 3435-2 - USN-3435-1 fixed vulnerabilities in Firefox. The update caused the Flash plugin to crash in some circumstances. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, bypass phishing and malware protection, spoof the origin in modal dialogs, conduct cross-site scripting attacks, cause a denial of service via application crash, or execute arbitrary code. Martin Thomson discovered that NSS incorrectly generated handshake hashes. A remote attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. Multiple security issues were discovered in WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to download and open non-executable files without interaction, or obtain elevated privileges. Various other issues were also addressed.
e4329dc59b5c975dbfaeabc519833561b7137ab8b8b4f63d158d784f6215af26The Call For Papers for nullcon Goa 2018 is now open. It's the time of the year when they welcome research done by the community as paper submissions for nullcon. So, sip your coffee, dust your debuggers, fire your tools, challenge your grey cells and shoot them an email. It will take place March 2nd through the 3rd, 2018 in Goa, India.
b8bf53ca2348a3ba0b6a7f6a79f4770e53dee05c163b905a9ebeb692de6166bfUnitrends UEB version 9.1 suffers from authentication bypass and remote command execution vulnerabilities.
dc78b0fa80eae08212c73ef783d41166b3faa9276eaa480864465d043a22739aRed Hat Security Advisory 2017-2858-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: It was found that samba did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.
e1751858f2654a30e58a89f135fc7f0a4a103cd6fbfb2d44571d6962a18d585fDuring a security audit of Magento Community Edition / Open Source and Commerce, cross site request forgery and stored cross site scripting vulnerabilities were discovered that could lead to administrator account takeover, putting the website customers and their payment information at risk. This is a second advisory from DefenseCode for the same software and vulnerabilities. Versions affected include Magento CE 1 prior to 1.9.3.6, Magento Commerce prior to 1.14.3.6, Magento 2.0 prior to 2.0.16, and Magento 2.1 prior to 2.1.9.
8d86ea8e9eb75bb36c388fcd274b7cd6fb4431c98f0098e80d1cb745bb4f4af9Unitrends UEB version 9.1 suffers from a privilege escalation vulnerability.
5e34110454ce1173b51f2831389e35dc0b6b2e68f613b44d1cccff58bd1e3048This Microsoft bulletin summary lists a CVE that has undergone a major revision increment.
c22e2e8a2a8a210b33f61e30441de9ab77fe4d98567df86397d83a07cd941b78This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
a323caeeddfe145baaa0db16e98d784b1fbc7dd436a6bf1f479dfd5cd1d21723Netgear ReadyNAS Surveillance version 1.4.3-16 suffers from a remote command execution vulnerability.
b8d3a063ba3bd0344ed7822ba4e9550c9ff3a801bd5d1a0414ce83b2fc913254WordPress Smush Image plugin version 2.7.4.1 suffers from a directory traversal vulnerability.
21db7b5485a4de9d8322d67427bf0278edc32447bfb7c5844a7851f081d16ba2DiskBoss Enterprise version 8.4.16 suffers from a local buffer overflow vulnerability.
d31cd4e67cca649797128b20d0b177cf1f83d9367ecdd996dbd04d5f317b2ff8ClipBucket version 2.8.3 suffers from a remote code execution vulnerability.
f2d101c1868f5bf135c5889d537000610c831cd9ebaa72664d14c6d9b33aa667Fiberhome AN5506-05-F suffers from a command injection vulnerability.
eb47d8c931a37c1ccb36a6d9bc6077b07801c2488864fe638ed9eb160bc65124EPESI version 1.8.2 revision 20170830 suffers from a cross site scripting vulnerability.
937ef0c704e74cecbbb5739db1f0a20572434be5e5cf0868d7b84ac45578fabeApache Tomcat versions prior to 9.0.1 (Beta), 8.5.23, 8.0.47, and 7.0.8 suffer from a jsp upload bypass vulnerability that allows for remote code execution.
7ffd01777edabd0ba5fd2741571567ed01b09949bb47a6972df8972e43c81251
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed