Joomla AJAX Search for K2 component version 2.2 suffers from a remote SQL injection vulnerability.
Monthly Archives: February 2017
RHSA-2017:0324-1: Important: kernel security update
Red Hat Enterprise Linux: An update for kernel is now available for Red Hat Enterprise Linux 6.6 Advanced
Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2017-6074
RHSA-2017:0323-1: Important: kernel security update
Red Hat Enterprise Linux: An update for kernel is now available for Red Hat Enterprise Linux 5.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2017-2634, CVE-2017-6074
Joomla Glossary 1.6 SQL Injection
Joomla Glossary component version 1.6 suffers from a remote SQL injection vulnerability.
Joomla Civicrm 1.6 SQL Injection
Joomla Civicrm component version 1.6 suffers from a remote SQL injection vulnerability.
Joomla GPS Tools 4.0.1 SQL Injection
Joomla GPS Tools component version 4.0.1 suffers from a remote SQL injection vulnerability.
memcache-viewer Cross Site Scripting
memcache-viewer suffers from a persistent cross site scripting vulnerability.
DSA-3794 munin – security update
Stevie Trujillo discovered a local file write vulnerability in munin, a
network-wide graphing framework, when CGI graphs are enabled. GET
parameters are not properly handled, allowing to inject options into
munin-cgi-graph and overwriting any file accessible by the user
running the cgi-process.
CVE-2017-2791
JustSystems Ichitaro 2016 Trial contains a vulnerability that exists when trying to open a specially crafted PowerPoint file. Due to the application incorrectly handling the error case for a function’s result, the application will use this result in a pointer calculation for reading file data into. Due to this, the application will read data from the file into an invalid address thus corrupting memory. Under the right conditions, this can lead to code execution under the context of the application.
CVE-2017-2789
When copying filedata into a buffer, JustSystems Ichitaro Office 2016 Trial will calculate two values to determine how much data to copy from the document. If both of these values are larger than the size of the buffer, the application will choose the smaller of the two and trust it to copy data from the file. This value is larger than the buffer size, which leads to a heap-based buffer overflow. This overflow corrupts an offset in the heap used in pointer arithmetic for writing data and can lead to code execution under the context of the application.