collectd CVE-2017-7401 Multiple Denial of Service Vulnerabilities
Category Archives: Security
Security
Vuln: IBM Business Process Manager CVE-2017-1140 Cross Site Scripting Vulnerability
IBM Business Process Manager CVE-2017-1140 Cross Site Scripting Vulnerability
DSA-3826 tryton-server – security update
It was discovered that the original patch to address CVE-2016-1242 did
not cover all cases, which may result in information disclosure of file
contents.
CVE-2017-7234
A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the “django.views.static.serve()“ view could redirect to any other domain, aka an open redirect vulnerability. (CVSS:5.8) (Last Update:2017-04-11)
CVE-2017-7233
Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an “on success” URL. The security check for these redirects (namely “django.utils.http.is_safe_url()“) considered some numeric URLs “safe” when they shouldn’t be, aka an open redirect vulnerability. Also, if a developer relies on “is_safe_url()“ to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack. (CVSS:5.8) (Last Update:2017-04-11)
Red Hat Security Advisory 2017-0868-01
Red Hat Security Advisory 2017-0868-01 – Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. It includes bug fixes and enhancements, which are documented in the readme.txt file included with the patch files. Multiple security issues have been addressed.
Ubuntu Security Notice USN-3253-1
Ubuntu Security Notice 3253-1 – It was discovered that Nagios incorrectly handled certain long strings. A remote authenticated attacker could use this issue to cause Nagios to crash, resulting in a denial of service, or possibly obtain sensitive information. It was discovered that Nagios incorrectly handled certain long messages to cmd.cgi. A remote attacker could possibly use this issue to cause Nagios to crash, resulting in a denial of service. Various other issues were also addressed.
CVE-2017-7410
Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) display_name parameter.
Security Analyst Summit 2017 Day One Recap
Mike Mimoso and Chris Brook recap the first day of this year’s Security Analyst Summit, including Mark Dowd’s memory corruption bug keynote, the digital archeology around Moonlight Maze, ATM hacking, and the Lazarus APT.
CVE-2017-5684
The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors prior to version CC047 may allow an attacker with physical access to the system to gain access to personal information.