HPE Security Bulletin HPESBHF03787 1 - Security vulnerabilities in HPE Intelligent Management Center (iMC) PLAT products could be exploited to allow Remote Code Execution. Revision 1 of this advisory.
048e7f04fe21a1795eaf32f8f6ee39d0f93b37113dd2f0fee5a796d0399b2d3e
Sync Breeze version 10.1.16 is vulnerable to a buffer overflow vulnerability, which can be exploited remotely or locally to achieve arbitrary code execution. The flaw is triggered by providing a long input into the "Destination directory" path of the application.
59c9d2495edf8a0486ff788f422643c727583429a515dece3fc0fe22ccb5eba7
The vApp Manager which is embedded in EMC Unisphere for VMAX, Solutions Enabler, VASA Virtual Appliances, and EMC VMAX Embedded Management (eManagement) contains an authentication bypass vulnerability that may potentially be exploited by malicious users to compromise the affected system. Affected products include EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, and EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier).
f18d4b791aa5ab38928fc5023efe3fe370686f782ff9192339e3ecd5d208f81a
EMC AppSync contains database accounts with hardcoded passwords that could potentially be exploited by malicious users to compromise the affected system. Versions prior to 3.5.0.1 are affected.
adb832e1561d998886665033dc9667b3881bbb1e7c69d63f3a0d223e4e111d17
Red Hat Security Advisory 2017-3086-01 - Red Hat Proxy aStand-Alonea : Systems registered as clients to RHN via a Red Hat Satellite Proxy server are no longer a Red Hat supported deployment, and will no longer function as required.
0074a732069a5fbbd377da2677e8f112b44506bc1d2c5f1b8cb1b2762f037939
Ubuntu Security Notice 3468-2 - USN-3468-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. It was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs. A local attacker in a guest VM could use this to cause a denial of service. It was discovered that the Flash-Friendly File System implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
47d0cfd351854611999665f04a62bff5bebaaf70ccb7778a12e28834ed22be13
Ubuntu Security Notice 3468-1 - It was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs. A local attacker in a guest VM could use this to cause a denial of service. It was discovered that the Flash-Friendly File System implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
4351d0ac9d461f5f4d4e71ae65bcadc5bdb1901c5bd483b113516c2bb33b787a
Ubuntu Security Notice 3469-1 - Anthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. Bo Zhang discovered that the netlink wireless configuration interface in the Linux kernel did not properly validate attributes when handling certain requests. A local attacker with the CAP_NET_ADMIN could use this to cause a denial of service. Various other issues were also addressed.
04cc3e67a19f3ee8637e2800765e1cf7c138d3aee0e7534753e7272826f5de09
Ubuntu Security Notice 3470-1 - Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build function in the Linux kernel. A local attacker could use to cause a denial of service or possibly execute arbitrary code with administrative privileges. Dmitry Vyukov discovered that a race condition existed in the timerfd subsystem of the Linux kernel when handling might_cancel queuing. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
79802aa159a36b07a77681f62d34e9d9160b1f7e1046cae1a8af43715e35697b
Ubuntu Security Notice 3469-2 - USN-3469-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Anthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. Various other issues were also addressed.
2581cae25d586f8b72eaa828c6ca5f97ec0fd29b3967bf2e5a8351f98d807994
Ubuntu Security Notice 3468-3 - It was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs. A local attacker in a guest VM could use this to cause a denial of service. It was discovered that the Flash-Friendly File System implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
b0c7e1f5657c8f1a680373d7595b40ecf55695e2aab91e40342187daa8027ff6
WordPress User Login History plugin version 1.5.2 suffers from a cross site scripting vulnerability.
6c3febf1993c19f0a16505de24832a566c3f18364d14acf384da90a87c23b22d
Progea Movicon versions 11.5.1181 and below suffer from search path related vulnerabilities.
3c27f46c9c35863630e0bcb760272da150ea550494090d47a78f9257d279eb07
SpiderControl SCADA Web Server versions 2.02.0007 and below suffer from an improper privilege management vulnerability.
2378a84eb198ed39fc681076b39d9def7c87bcb0b99d8a1c1eeae425ed47ed97
JanTek JTC-200 RS232-NET Connector suffers from cross site request forgery and missing authentication vulnerabilities.
c7609342cf2c7e5053c6d7835d18f3713bed53c9a2e04ffdb132de5d57800d31