OpenBSD HTTP server versions up to 6.0 suffer from a denial of service vulnerability.
8cb179fc0c44b36068a2fb1ea7d4c3cb44fce813eaf3de73953f10a2bfceac82
IVPN client for Windows version 2.6.6120.33863 suffers from a privilege escalation vulnerability.
185ca326d2cd94de8b1329af37794cc1820633da437111c56654fc5ab4c827e5
PEAR HTML_AJAX versions 0.5.7 and below suffer from a PHP object injection vulnerability.
a877061f0b6d62d2472442db37c2d5befc021bed71668051a5dc42fa2dc94d4e
Ubuntu Security Notice 3193-1 - It was discovered that Nettle incorrectly mitigated certain timing side-channel attacks. A remote attacker could possibly use this flaw to recover private keys.
c99d17b3cb1a2dada1c04033fbb63bba3e4fad5be7282f2c74817a38efe879fb
Red Hat Security Advisory 2017-0256-01 - QuickStart Cloud Installer is designed to drastically simplify the deployment experience of provisioning your private cloud infrastructure by orchestrating the installation work flow across different products. Instead of installing each product separately, QCI provides an intuitive, web-based graphical user interface to provision a fully functional cloud environment based on the combination of products selected by the user. Security Fix: It was found that several password fields in QCI failed to properly mask the password while it was being entered. An attacker with physical access or the ability to view the screen would be able to see the passwords as they are being entered, allowing them to later access accounts and services protected by those passwords.
90a8655a6f83725dc40b8f9c81c27557f74ec39c5147bf98ed5b387dc003d85d
HPE Security Bulletin HPESBUX03699 SSRT110304 1 - Potential security vulnerabilities have been identified in the HP-UX BIND service running named. These vulnerabilities could be exploited remotely to create multiple Denial of Services (DoS). Revision 1 of this advisory.
4974b51e04bbd38c78bbd5e625800c16ba179f3441f644b2d153bb4599487f1b
Questions and Answers Script version 2.0.0 suffers from a remote SQL injection vulnerability.
8daeb4975b605e321aca5026b011c5e55a914f85ebbc63f5891d7204628399c9
Ubuntu Security Notice 3192-1 - Saulius Lapinskas discovered that Squid incorrectly handled processing HTTP conditional requests. A remote attacker could possibly use this issue to obtain sensitive information related to other clients' browsing sessions. Felix Hassert discovered that Squid incorrectly handled certain HTTP Request headers when using the Collapsed Forwarding feature. A remote attacker could possibly use this issue to obtain sensitive information related to other clients' browsing sessions. This issue only applied to Ubuntu 16.04 LTS and Ubuntu 16.10. Various other issues were also addressed.
ecc79a8400c481bb6a4ba233b597c5ac2df390712e0587e5c7d78454b95f39f8
Ubuntu Security Notice 3191-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
6a9ad9f78860c7c8393926f85e57df542778c6ae67a0c9dabc9778fd8af0574b
Red Hat Security Advisory 2017-0252-01 - The Network Time Protocol is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: It was found that when ntp is configured with rate limiting for all associations the limits are also applied to responses received from its configured sources. A remote attacker who knows the sources can cause a denial of service by preventing ntpd from accepting valid responses from its sources.
e1bad53734e5d3bf7a50e7a4efe74c3ec410e5733fd4963d1997818ac1dd059f
Gentoo Linux Security Advisory 201702-2 - Multiple vulnerabilities have been found in RTMPDump, the worst of which could lead to arbitrary code execution. Versions less than 2.4_p20161210 are affected.
b5c502c26bd9816c054febb41de36acc73347b846ae8d28895edc4976323c149
Red Hat Security Advisory 2017-0253-01 - The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor or on Red Hat Enterprise Virtualization Hypervisors. Security Fix: A vulnerability was discovered in spice in the server's protocol handling. An authenticated attacker could send crafted messages to the spice server causing a heap overflow leading to a crash or possible code execution.
3b05e371a8595c3a3a6ba71be3971ec45d371772de224a05c43bbab4abe10677
Debian Linux Security Advisory 3781-1 - Luc Lynx discovered that SVG Salamander, a SVG engine for Java was susceptible to server side request forgery.
8b00da1a2c1f8f08c6c0ef0212d683658eb30aa83ae3b8aad3bc0f9bb00f2844
POSNIC version 1.03 suffers from a remote shell upload vulnerability.
b0659cc1ef1702e8795081214734b821aa8dc6052f86b9ec6400a8635f7f89ef
The first annual Amsterdam Technical Colloquium (TC) has announced its call for speakers. It will take place in Amsterdam, Netherlands from April 25th through the 26th, 2017.
426cd8f55e9daff8e03361ab5a56838e2d6a0d251e007142000510588b5aa8ee
NewsBee CMS suffers from a remote SQL injection vulnerability.
eaaba667504693eaacaa8e46f660ec88f2feee056cd07d438c745b0e34485965
Teleopti WFM versions 7.1.0 and below suffer from information disclosure and access control vulnerabilities.
6df9b06f877e2194fd3f0328fcc2aa7b53ddb69793bcb8827f9d5a35176c8d68
Various ZoneMinder versions suffer from authentication bypass, cross site request forgery, cross site scripting, information disclosure, and file disclosure vulnerabilities.
f68406098b52c99e74b1f00852c84f5caac953bfa36f870cdd77222ec5580f4d