Debian LTS: Security Advisory for libdatetime-timezone-perl (DLA-857-1)

This update includes the changes in tzdata 2017a for the Perl bindings. For the list of changes, see DLA-856-1. This VT has been deprecated as it doesn SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Design/Logic Flaw

Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon...

CVE-2017-17713

Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the...

CVE-2017-16651

Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid...

CVE-2017-16651

Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host’s filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid...

Debian DLA-1156-1 : libdatetime-timezone-perl new upstream version

This update includes the changes in tzdata 2017c for the Perl bindings. For the list of changes, see DLA-1156-1. For Debian 7 'Wheezy', these problems have been fixed in version 1:1.58-1+2017c. We recommend that you upgrade your libdatetime-time zone-perl packages. NOTE: Tenable Network Security...

Debian DLA-1155-1 : tzdata new upstream version

This update includes the changes in tzdata 2017b. Notable changes are : - Northern Cyprus resumed EU rules starting 2017-10-29. - Namibia will switch from +01 with DST to +02 all year, affecting UT offsets starting 2018-04-01. - Sudan will switch from +03 to +02 on 2017-11-01. - Tonga will not...

[SECURITY] [DLA 1156-1] libdatetime-timezone-perl new upstream version

Package : libdatetime-timezone-perl Version : 1:1.58-1+2017c This update includes the changes in tzdata 2017c for the Perl bindings. For the list of changes, see DLA-1156-1. For Debian 7 "Wheezy", these problems have been fixed in version 1:1.58-1+2017c. We recommend that you upgrade your...

OpenJDK: unbounded memory allocation in SimpleTimeZone deserialization (Serialization, 8181323)

Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

Stable Channel Update for Chrome OS

The Stable channel has been updated to 60.0.3112.80 Platform version: 9592.71.0 for most Chrome OS devices . This build contains a number of bug fixes, security updates and feature enhancements. Systems will be receiving updates over the next several days. Some highlights of these changes are:...

SUSE-SU-2017:1783-1 Security update for postgresql94

This update for postgresql93 fixes the following issues: - bsc1029547: Fix tests with timezone 2017a - CVE-2017-7486: Restrict visibility of pgusermappings.umoptions, to protect passwords stored as user mapping options. bsc1037624 - CVE-2017-7485: Recognize PGREQUIRESSL variable again. bsc1038293...

The vulnerability of the software interface of the TimeZone component in the Android operating system allows a hacker to modify general resources.

The vulnerability of the TimeZone component’s software interface in the Android operating system arises from synchronization errors when using a common resource. Exploiting this vulnerability allows a remote attacker to modify the common resource...

Trend Micro Threat Discovery Appliance Arbitrary Code Execution Vulnerability

The Trend Micro Threat Discovery Appliance TDA is a threat discovery appliance with integrated cloud security technology from Trend Micro. The appliance provides detection of malicious activity at the network layer, threat management services, and threat analysis and reporting. A security...

CVE-2017-7476

Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the saveabbr function in timerz.c...

Code injection

adminsystime.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter...

CVE-2016-8585

adminsystime.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter...

CVE-2016-8585

adminsystime.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter...

CVE-2016-8585

adminsystime.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter...

DEBIAN-CVE-2014-9680

sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access but not view file contents by running a program within an sudo session, as demonstrated by interfering with terminal output,...

Trend Micro Threat Discovery Appliance Command Execution Vulnerability

The Trend Micro Threat Discovery Appliance is the next generation network monitoring appliance. A security vulnerability exists in the Trend Micro Threat Discovery Appliance adminsystime.cgi interface handling timezone parameter. A remote attacker can exploit the vulnerability to submit a special...