BSA-2017-411

Security Advisory ID : BSA-2017-411 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit...

UBUNTU-CVE-2017-12453

The bfdvmsslurpeeom function in libbfd.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file...

Oracle iStore Remote Vulnerability (CNVD-2017-27301)

Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management and other functions. Oracle iStore is one of the ability to allow merchant...

chromium-browser: use after free in v8

A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page...

UBUNTU-CVE-2017-3650

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: C API. Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attack...

CVE-2017-9295

XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files...

SNMP Protocol Community String Authentication Privilege Bypass Vulnerability in Some Vendor Devices

SNMP is a network management standard based on the TCP/IP protocol family and is a standard protocol for managing network nodes such as servers, workstations, routers, switches, etc. in an IP network. SNMP protocol community strings of some vendors' devices have authentication privilege bypass...

MODX Revolution Directory Traversal Vulnerability (CNVD-2017-06899)

MODX Revolution is a PHP-based open source content management system CMS from the U.S. company MODX. The system supports online collaboration, search engine optimization SEO, add-ons and more. A directory traversal vulnerability exists in MODX Revolution version 2.5.7. The vulnerability arises du...

CVE-2017-3490

Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications subcomponent: Limits and Collateral. Supported versions that are affected are 12.0.0 and 12.1.0. Difficult to exploit vulnerability allows low privileged attacker...

PT-2017-7165 · D Link · Dvg-N5402Sp

Name of the Vulnerable Software and Affected Versions: D-Link DVG-N5402SP versions W1000CN-00 through W2000EN-00 Description: A directory traversal issue allows remote attackers to read sensitive information by utilizing a .. dot dot in the errorpage parameter. Recommendations: For D-Link...

CVE-2016-8926

IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to read system files or data that is restricted to authorized users. IBM X-Force ID: 118539...

CVE-2017-7455

Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control...

chromium-browser: heap buffer overflow in v8

An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to obtain heap memory contents via a crafted HTML page...

chromium-browser: heap overflow in skia

Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page...

OpenJDK: URLClassLoader insufficient access control checks (Networking, 8151934)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

MGASA-2017-0045 Updated nagios packages fix security vulnerabilities

The nagios package has been patched to fix the following issues: Improper sanitization of RSS feed input enables unauthenticated remote read and write of arbitrary files CVE-2016-9565. Unsafe logfile handling allows unprivileged users to escalate their privileges to root CVE-2016-9566...

tika: XML External Entity vulnerability

It was found that the parsing of OOXML, XMP in PDF, and some other file formats by Apache Tika would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XX...

CVE-2016-8309

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications subcomponent: Core. Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via...

CVE-2016-5334

VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors...

CVE-2016-7560

The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors...