A remote code execution vulnerability has been reported in IBM WebSphere. The vulnerability is due to an untrusted deserialization of data when the WASPostParam cookie is present in the request. A remote, authenticated attacker can exploit this vulnerability by sending a request containing a malicious WASPostParam value to the target server.
Monthly Archives: November 2016
'Web Of Trust' Browser Add-On Caught Selling Users' Data — Uninstall It Now
Browser extensions have become a standard part of the most popular browsers and essential part of our lives for surfing the Internet.
But not all extensions can be trusted.
One such innocent looking browser add-on has been caught collecting browsing history of millions of users and selling them to third-parties for making money.
<!– adsense –>
An investigation by German television channel
mingw-gnutls-3.3.24-2.el7 mingw-nettle-3.3-1.el7
Multiple security fixes.
Piwik 2.16.0 PHP Object Injection
Piwik version 2.16.0 and below suffer from a saveLayout PHP object injection vulnerability.
Red Hat Security Advisory 2016-2670-01
Red Hat Security Advisory 2016-2670-01 – KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. The following packages have been upgraded to a newer upstream version: qemu-kvm-rhev. Security Fix: An out-of-bounds flaw was found in the QEMU emulator built using ‘address_space_translate’ to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance.
Red Hat Security Advisory 2016-2671-01
Red Hat Security Advisory 2016-2671-01 – KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. The following packages have been upgraded to a newer upstream version: qemu-kvm-rhev. Security Fix: An out-of-bounds flaw was found in the QEMU emulator built using ‘address_space_translate’ to map an address to a MemoryRegionSection. The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error. A privileged user inside a guest could use this flaw to crash the guest instance.
Red Hat Security Advisory 2016-2672-01
Red Hat Security Advisory 2016-2672-01 – Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 54.0.2840.90. Security Fix: A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.
DBShield 1.0.0 Beta 4
DBShield version 1.0.0 Beta 4 is a database firewall that protects the system by inspecting incoming queries from your application server and rejecting abnormal ones.
DSA-3709 libxslt – security update
Nick Wellnhofer discovered that the xsltFormatNumberConversion function
in libxslt, an XSLT processing runtime library, does not properly check
for a zero byte terminating the pattern string. This flaw can be
exploited to leak a couple of bytes after the buffer that holds the
pattern string.
Vuln: Multiple Pivotal Products CVE-2016-6657 Unspecified Open Redirection Vulnerability
Multiple Pivotal Products CVE-2016-6657 Unspecified Open Redirection Vulnerability