Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) xls_profile parameter to admin/mcart_xls_import.php or the (2) xls_iblock_id, (3) xls_iblock_section_id, (4) firstRow, (5) titleRow, (6) firstColumn, (7) highestColumn, (8) sku_iblock_id, or (9) xls_iblock_section_id_new parameter to admin/mcart_xls_import_step_2.php.
CVE-2017-7643
Proxifier for Mac before 2.19 allows local users to gain privileges via the first parameter to the KLoader setuid program.
CVE-2017-7457
XML External Entity via “.AOP” files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure.
CVE-2017-7218
The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to gain privileges via unspecified request parameters.
CVE-2017-7408
Palo Alto Networks Traps ESM Console before 3.4.4 allows attackers to cause a denial of service by leveraging improper validation of requests to revoke a Traps agent license.
CVE-2017-7217
The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to export files via unspecified parameters.
HP Security Bulletin HPESBGN03728 1
HP Security Bulletin HPESBGN03728 1 – Potential security vulnerabilities in OpenSSL have been addressed in HPE Operations Agent. These vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) and/or Unauthorized Access to Data. Revision 1 of this advisory.
Slackware Security Advisory – bind Updates
Slackware Security Advisory – New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.