Debian Linux Security Advisory 3890-1 - Emeric Boit of ANSSI reported that SPIP, a website engine for publishing, insufficiently sanitises the value from the X-Forwarded-Host HTTP header field. An unauthenticated attacker can take advantage of this flaw to cause remote code execution.
d3b0a2661564a655646fd83de4dcfdd1f7291ccd7b17246a3ca2f3735cf09e06
Ubuntu Security Notice 3338-1 - It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service or execute arbitrary code with administrative privileges. Various other issues were also addressed.
652aa8cb5ead97eef35be1bc0b0ca6db11e226fedaf3729f823ae1919d9b0983
Ubuntu Security Notice 3335-2 - USN-3335-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges Various other issues were also addressed.
1c33f5d44a14e69e5032c978bc430b7b99ada6ca5b272c9e9ca1f553dfe38e87
Ubuntu Security Notice 3336-1 - It was discovered that NSS incorrectly handled certain empty SSLv2 messages. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service.
87a10d1a6596140376bd51b697cd26f1c93ce8377ca267a8940ec919fe60e175
Ubuntu Security Notice 3337-1 - It was discovered that Valgrind incorrectly handled certain string operations. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. It was discovered that Valgrind incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause Valgrind to crash, resulting in a denial of service. Various other issues were also addressed.
e6c74709da754ef4d68aa49426add68eaab64a9d7bccbf2cec70f93a55f14b37
Red Hat Security Advisory 2017-1558-01 - Red Hat Satellite provides a solution to organizations requiring absolute control over and privacy of the maintenance and package deployment of their servers. It allows organizations to utilize the benefits of Red Hat Network without having to provide public Internet access to their servers or other client systems. Security Fix: A cross-site scripting flaw was found in how the failed action entry is processed in Satellite 5. A user able to specify a failed action could exploit this flaw to perform XSS attacks against other Satellite users.
f474229ebd1019436c6d96172292348fa67e7ab7f3fa98f5e4b35c7e2f1a7cd8
Red Hat Security Advisory 2017-1567-01 - Red Hat Container Development Kit is a platform for developing containerized applicationsaaait is a set of tools that enables developers to quickly and easily set up an environment for developing and testing containerized applications on the Red Hat Enterprise Linux platform. With this update, Container Development Kit has been updated to 3.0.0-2, which includes an updated Red Hat Enterprise Linux ISO that contains fixes for the following security issues. Multiple security issues have been addressed.
a44f757946233e3a364bd96604e6658ea5f5335e5e0f8ec459d87aed6e053f59
Red Hat Security Advisory 2017-1561-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.2.0. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
502ad26d007c53fa4eb41c7d2c2e6e3149dbaeb0df72f833d10b786f83e62751
Sitecore versions 7.1 and 7.2 suffer from a cross site scripting vulnerability.
7cb804096789262362d1b2e7085815278e8c60bda09cf8641faa39c272e28205
This Microsoft bulletin summary lists many CVEs that have undergone a major revision increment.
319f129f72880daf729fa0c2761541421d1e20100a405cb2c6d871449553c09c
EMC Isilon OneFS is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system. Versions affected include 7.1.x, 7.2.0 through 7.2.1.4, 8.0.0 through 8.0.0.3, and 8.0.1.0.
3bfca004cf67807c5ac9d6b5dff8c4a178b1f8699f760613c830de6d1631f379
EMC Avamar suffers from authentication bypass and remote file upload vulnerabilities.
7e89b48fe4f81cba31f75621518071ad79aa069b0533deee9712baf2abee8429
WordPress Download Manager plugin versions 2.9.46 and 2.9.51 suffer from a cross site scripting vulnerability.
9de753843f33ce3f2dc9d5d13e262f6df0bb99ce7db35001b0177d5ed23072d8
WordPress Photo Gallery plugin versions 1.3.34 and 1.3.42 suffer from a path traversal vulnerability.
2e48b2bcd6a9011319d2820c216c197e008cdd23983c64c58a88c29df02fc36b
It appears that the VMSF_DELTA memory corruption that was reported to Sophos AV in 2012 (and fixed there) was actually inherited from upstream unrar. For unknown reasons, whoever fixed the bug did not report this to upstream unrar, and the bug seems to have persisted there to this day.
3b8acd8becd11c0b8cca739d5aa19f140cbee2a41f1ddb62a46f97e63d344ea2
Bitdefender AV crashes when fed malicious RAR files from 2013.
4caf1f040e3e33d6970a65f2cf9a0e578182d36dbed0cc6388947a286ae01457
The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in nt!NtQueryInformationWorkerFactory (WorkerFactoryBasicInformation).
8640de8913ad18d001d4ce85d7df076bb0c01b500bd2537ba2946961cbb49999
The Microsoft Windows kernel suffers from an ATMFD.DLL out-of-bounds read vulnerability via a malformed Name INDEX in the CFF table.
a21fad8c3cb205d4714174fdb1b13075f47dfb5639a4cd14a715e1e83f945c18
The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in nt!NtQueryInformationResourceManager (information class 0).
6f83a7e9f97c7308a2e6094f5d2727a7e3be211ff7552afafb0056dfae675dc4
Microsoft Windows suffers from a Uniscribe font processing out-of-bounds memory read vulnerability in USP10!otlReverseChainingLookup::apply.
be7fa96c387b2997b7b82606d8a4c2cada52908fcb4a818666cf5df429c14b22
Microsoft Windows suffers from a Uniscribe font processing out-of-bounds memory read vulnerability in USP10!otlValueRecord::adjustPos.
f9896fa3eb41012f8820a74bd403a8acde8a7832ac07ec863810cca161c5eecb
Microsoft Windows suffers from a Uniscribe font processing out-of-bounds memory read vulnerability in USP10!otlSinglePosLookup::getCoverageTable.
77094d2610c9aa8236ab477f043f6c4a1eb4a28b6fe581cf95b86f0738b3269d
Microsoft Windows suffers from a Uniscribe font processing out-of-bounds memory read vulnerability in USP10!NextCharInLiga.
b305f68a67213890e4773eee3eb6c9f21ac9c97da9b5ecf5ca99a0309abc8272
Microsoft Windows suffers from a Uniscribe font processing out-of-bounds memory read vulnerability in USP10!CreateIndexTable.
2ea28f694f6036fc0bfdecb1286f1d6097f8970d0a0c9f6846a3fb287c9281da
Microsoft Windows suffers from a Uniscribe font processing out-of-bounds memory read vulnerability in USP10!SubstituteNtoM.
5d4367e924b041d433fd9c255f4b18605cc555ec79a4482938bdf3a51448b386