Ubuntu Security Notice 1400-2 - USN-1400-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the latest Firefox. Soroush Dalili discovered that Firefox did not adequately protect against dropping JavaScript links onto a frame. A remote attacker could, through cross-site scripting (XSS), exploit this to modify the contents or steal confidential data. Atte Kettunen discovered a use-after-free vulnerability in Firefox's handling of SVG animations. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Atte Kettunen discovered an out of bounds read vulnerability in Firefox's handling of SVG Filters. An attacker could potentially exploit this to make data from the user's memory accessible to the page content. Various other issues were also addressed.
5b55ea6fffee26c72843021b56e71cfb46a31c56e38ee3b9f75b058db2e502a3Ubuntu Security Notice 1400-1 - Soroush Dalili discovered that Firefox did not adequately protect against dropping JavaScript links onto a frame. A remote attacker could, through cross-site scripting (XSS), exploit this to modify the contents or steal confidential data. Atte Kettunen discovered a use-after-free vulnerability in Firefox's handling of SVG animations. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
6ec8a17ac5494f22879ac72d2367bc10e24938596bb360d6ddb0c7b09b2668c5Gentoo Linux Security Advisory 201203-18 - An insecure temporary file usage has been reported in Minitube, possibly allowing symlink attacks. Versions less than 1.6 are affected.
4aa557eb42c10556e6493ca6c243fafa89d234f04fc2a916923cd9222c767625Gentoo Linux Security Advisory 201203-17 - Multiple vulnerabilities have been found in HPLIP, the worst of which may allow execution of arbitrary code. Versions less than 3.11.10 are affected.
1cf360d6a926fd492c93a38d373ac1bdd8f3f1a39245024188f17cc21707bb28Gentoo Linux Security Advisory 201203-16 - Multiple vulnerabilities in ModPlug could result in execution of arbitrary code or Denial of Service. Versions less than 0.8.8.4 are affected.
76a2a3df8bd33cb70e3c22cb995f3166fc734691230e522011e0cc99e5b85f83Gentoo Linux Security Advisory 201203-15 - Multiple vulnerabilities have been found in gif2png, the worst of which might allow execution of arbitrary code. Versions less than 2.5.8 are affected.
8a397fa1e661394cba4da8da2652a15bef30a769ec2508d443be785b80861d88Gentoo Linux Security Advisory 201203-14 - Multiple vulnerabilities in Audacious Plugins could result in execution of arbitrary code or Denial of Service. Versions below 3.1 are affected.
f6076cf29eba79c3ee0f14372a4e07c2f8ffddd7174f4c76e8c208325347c26cGentoo Linux Security Advisory 201203-13 - Multiple vulnerabilities in Openswan may create a Denial of Service condition. Versions less than 2.6.37 are affected.
f5a0e55e7b9a8299853a525870453ba514b748a569cfbe010a5cf5277cc73d46Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
958dd09c9da9ceb50c9e556b3ced9cbdf40e836d2bdc98286ce96e84fd4a5a53Secunia Security Advisory - A vulnerability has been reported in VMware vSphere Client, which can be exploited by malicious people to conduct script insertion attacks.
8fde9aae78f4db2bd953968207ca57aad66dedc8f634fb335f02e77150d7889dSecunia Security Advisory - SUSE has issued an update for chromium. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.
e7f26e2c4b5f57c4debfd08dcdb382198b66c87bc3377ff075df52f311a51c54Secunia Security Advisory - Multiple vulnerabilities have been reported in Quagga, where some have unknown impacts and others can be exploited by malicious people to cause a DoS (Denial of Service).
54b6cd76dfec7bbc165c322cd0e9908876ff2d1a463fdf26eaff5a1d64a06b6eSecunia Security Advisory - Multiple vulnerabilities have been reported in VMware ESX Server and VMware ESXi, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
deae48d7235bbce9a5f7b5684aac71570271bff60c69fa08217d2ac948299c1eSecunia Security Advisory - Gentoo has issued an update for hplip. This fixes a weakness and a vulnerability, which can be exploited by malicious, local users to manipulate certain data and by malicious people to compromise a vulnerable system.
82fdd57d57fbc66e6a64283bfce07a593fd4672455fc54cae4b6881c3821564aSecunia Security Advisory - VMware has acknowledged multiple vulnerabilities in multiple VMware products, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, bypass certain security restrictions, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
e3b7401e2187aa3ffcc80d33d6d61edf911b2548ab7b2f9cc4558f58d913827aSecunia Security Advisory - Gentoo has issued an update for gif2png. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a vulnerable system.
f2825b34ff724334bd12e780e6382105a46083698de91b742c679cce483f9b8cSecunia Security Advisory - Gentoo has issued an update for minitube. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
1f12a8a30a7f0af1b1ddc98f4ade69ae19759db16ce694fe32baa436b5abbc0eSecunia Security Advisory - Gentoo has issued an update for audacious-plugins. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise an application using the library.
c6d765f7a238ec6c731f85c42b64fff31e9b28c7927f80f5fc41c9c8ee71cdf4lshell lets you restrict a user's shell environment to limited sets of commands, choose to enable or disable any command over SSH (e.g. SCP, SFTP, rsync, etc.), log user's commands, implement timing restrictions, and more.
722aef41b53db2df3a5846004d0fc7f7782457a51f15e043cc0000d6f9268148Asterisk Project Security Advisory - An attacker attempting to connect to an HTTP session of the Asterisk Manager Interface can send an arbitrarily long string value for HTTP Digest Authentication. This causes a stack buffer overflow, with the possibility of remote code injection.
e2f289b1d1ccc150638cf55526ad03a0ade669586f6824d9491acd1c5b1f3e05Asterisk Project Security Advisory - Asterisk suffers from an exploitable stack buffer overflow with locally defined data.
afe6cdb34e7dea854787ea6f21b9eaf0bb2776d9c897bab9bde9b63eb1091487Citrix License Server version 11.6.1 build 10007 suffers from cross site request forgery and denial of service vulnerabilities.
2b9104ba28bdb97b62d26b0a430b574efb2a5eae5fd46f35c16cc5d5c118453bMobile.free.fr suffers from a cross site scripting vulnerability.
1a2e1e41411e6703b28efd0074d8c126869cc9ebdb5b254b431e0adc670bd84eJPM Article Script 6 suffers from a remote SQL injection vulnerability.
145578d740ba90ce511926a99cf32acad7fcd157e63d4077a17c2b07e93a7438Zero Day Initiative Advisory 12-044 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft's Remote Desktop Protocol. Authentication is not required to exploit this vulnerability. The specific flaw exists during handling of an error while loading elements into an array. This condition can cause the driver to abort a connection and part of the logic of the abort is to free an object associated with it. This will actually occur twice when each of channels are disconnected. The second time this object is freed, the driver will fetch a virtual pointer from the freed object and call it. This can lead to code execution under the context of the driver.
10864a15ca77b98406254b2f35007bb2b449eabd2c3ebff0d116a3416159f77e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed