[SECURITY] Fedora 24 Update: libdb-5.3.28-24.fc24

The Berkeley Database Berkeley DB is a programmatic toolkit that provides embedded database support for both traditional and client/server applications. The Berkeley DB includes B+tree, Extended Linear Hashing, Fixed and Variable-length record access methods, transactions, locking, logging, share...

Cross site scripting

Cross-site scripting XSS vulnerability in aggregategraphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancelurl variable...

CVE-2017-11142

In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/phpvariables.c...

EulerOS 2.0 SP2 : ntp (EulerOS-SA-2017-1125)

According to the versions of the ntp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.CVE-2015-8139 - N...

SUSE SLES11 Security Update : postgresql94 (SUSE-SU-2017:1783-1)

This update for postgresql93 fixes the following issues : - bsc1029547: Fix tests with timezone 2017a - CVE-2017-7486: Restrict visibility of pgusermappings.umoptions, to protect passwords stored as user mapping options. bsc1037624 - CVE-2017-7485: Recognize PGREQUIRESSL variable again. bsc103829...

SUSE-SU-2017:1783-1 Security update for postgresql94

This update for postgresql93 fixes the following issues: - bsc1029547: Fix tests with timezone 2017a - CVE-2017-7486: Restrict visibility of pgusermappings.umoptions, to protect passwords stored as user mapping options. bsc1037624 - CVE-2017-7485: Recognize PGREQUIRESSL variable again. bsc1038293...

postgresql: libpq ignores PGREQUIRESSL environment variable

It was discovered that the PostgreSQL client library libpq did not enforce the use of TLS/SSL for a connection to a PostgreSQL server when the PGREQUIRESSL environment variable was set. An man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a...

postgresql: libpq ignores PGREQUIRESSL environment variable

It was discovered that the PostgreSQL client library libpq did not enforce the use of TLS/SSL for a connection to a PostgreSQL server when the PGREQUIRESSL environment variable was set. An man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a...

CVE-2017-9772

Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAMLCPLUGINS, CAMLNATIVECPLUGINS, or CAMLBYTECPLUGINS environment variable...

CVE-2017-9833

/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable sent by GET to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue e.g., a vulnerability on one type of camera because Boa does not include any...

CVE-2017-9833

CVE-2017-9833 affects BOA Web Server 0.94.14rc21, enabling arbitrary file read via path traversal through the FILECAMERA parameter in /cgi-bin/wapopen. Exploitation reads files with root privileges without credentials. Affected component: BOA Web Server; root cause: improper handling of FILECAMER...

CVE-2017-9772

Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAMLCPLUGINS, CAMLNATIVECPLUGINS, or CAMLBYTECPLUGINS environment variable...

CVE-2017-9772

Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAMLCPLUGINS, CAMLNATIVECPLUGINS, or CAMLBYTECPLUGINS environment variable...

VulnCheck KEV: CVE-1999-0192

Buffer overflow in telnet daemon tgetent routing allows remote attackers to gain root access via the TERMCAP environmental variable...

PT-2017-4227 · Boa · Boa

Name of the Vulnerable Software and Affected Versions: Boa version 0.94.14rc21 Description: The issue is related to the /cgi-bin/wapopen script in the Boa HTTP server, which is vulnerable to path traversal attacks using the FILECAMERA variable sent via GET requests. This could allow a remote...

UBUNTU-CVE-2017-9763

The grubext2readblock function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service excessive stack use and application crash via a crafted binary file, related to use of a variable-size stack array...

UBUNTU-CVE-2017-9670

An uninitialized stack variable vulnerability in loadticseries in set.c in gnuplot 5.2.rc1 allows an attacker to cause Denial of Service Segmentation fault and Memory Corruption or possibly have unspecified other impact when a victim opens a specially crafted file...

CVE-2017-9670

CVE-2017-9670 is a vulnerability in gnuplot where an uninitialized stack variable in load_tic_series() (set.c) of version 5.2.rc1 can cause a Denial of Service (segmentation fault) or memory corruption when a specially crafted file is opened. The connected sources corroborate the issue and its im...

CVE-2017-9670

An uninitialized stack variable vulnerability in loadticseries in set.c in gnuplot 5.2.rc1 allows an attacker to cause Denial of Service Segmentation fault and Memory Corruption or possibly have unspecified other impact when a victim opens a specially crafted file...

CVE-2017-8493

Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to set variables that are either read-only or require authentication when Windows fails to enforce case sensitivity for certain variable checks, aka...