Debian DLA-1053-1 : firefox-esr security update

Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service, bypass of the same-origin policy or incorrect enforcement of...

CVE-2017-7675

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL...

CVE-2016-0762

The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note...

CVE-2016-0762

CVE-2016-0762 affects Apache Tomcat realms across multiple branches (Tomcat 9.0.x, 8.5.x, 8.0.x, 7.0.x, 6.0.x). The root cause: Realm implementations did not process the supplied password when the username did not exist, enabling a timing attack to determine valid usernames. The default LockOutRe...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: Several security fixes in this release, including: 780450 High CVE-2018-6031: Use after free in PDFium. Reported by Anonymous on 2017-11-01 787103 High CVE-2018-6032: Same origin bypass in Shared Worker. Reported by Jun Kokatsu @shhnjk on 2017-11-20 793620 High...

CVE-2017-6870

CVE-2017-6870 affects Siemens SIMATIC WinCC Sm@rtClient for Android (all versions prior to 1.0.2.2). The TLS implementation could allow an attacker in a network-position to read and modify data within a TLS session via a Man-in-the-Middle attack. Exploitation details are not provided in the docum...

EulerOS 2.0 SP1 : java-1.8.0-openjdk (EulerOS-SA-2017-1150)

According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attack...

CVE-2011-5325

Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink...

CVE-2017-9861

An issue was discovered in SMA Solar Technology products. The SIP implementation does not properly use authentication with encryption: it is vulnerable to replay attacks, packet injection attacks, and man in the middle attacks. An attacker is able to successfully use SIP to communicate with the...

Authentication flaw

DISPUTED An issue was discovered in SMA Solar Technology products. The SIP implementation does not properly use authentication with encryption: it is vulnerable to replay attacks, packet injection attacks, and man in the middle attacks. An attacker is able to successfully use SIP to communicate...

CVE-2017-9861

An issue was discovered in SMA Solar Technology products. The SIP implementation does not properly use authentication with encryption: it is vulnerable to replay attacks, packet injection attacks, and man in the middle attacks. An attacker is able to successfully use SIP to communicate with the...

Ubuntu 16.04 LTS : OpenJDK 8 regression (USN-3366-2)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3366-2 advisory. USN-3366-1 fixed vulnerabilities in OpenJDK 8. Unfortunately, that update introduced a regression that caused some valid JAR files to fail validation. This update...

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3360-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3360-1 advisory. It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive...

Ubuntu: Security Advisory (USN-3360-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 25 Update: knot-2.4.5-1.fc25

Knot DNS is a high-performance authoritative DNS server implementation...

[SECURITY] Fedora 24 Update: knot-2.4.5-1.fc24

Knot DNS is a high-performance authoritative DNS server implementation...

Critical: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

Senator Calls For Use Of DMARC To Curb Govt.-Related Phishing Scams

In a letter sent Tuesday to the Department of Homeland Security, Sen. Ron Wyden D-OR called for federal agencies to implement stricter controls on e-mail that would prevent hackers from impersonating email addresses of federal agencies. Wyden called for the use of an email protocol called...

HackerOne: Content Security Policy not applied to error pages at multiple HackerOne endpoints

HackerOne CSP "script-src" includes "unsafe-inline" bypass via % and %" ----- Summary & Description We utilize a strict Content Security Policy and a safe-by-default templating language to effectively neutralize Cross-Site Scripting XSS. We encrypt all network communications with SSL/TLS...

Samba 4.4.x < 4.4.15 / 4.5.x < 4.5.12 / 4.6.x < 4.6.6 KDC-REP Service Name Validation (Orpheus' Lyre)

The version of Samba running on the remote host is 4.4.x prior to 4.4.15, 4.5.x prior to 4.5.12, or 4.6.x prior to 4.6.6. It is, therefore, affected by a logic flaw in the Heimdal implementation of Kerberos, specifically within the krb5extractticket function within lib/krb5/ticket.c, due to the...