Secunia Security Advisory - Fedora has issued an update for glibc. This fixes a weakness, which can be exploited by malicious, local users to gain escalated privileges.
79782c5dc9aa662d0bb98de097a487ebc890569b811796af658269e527b750e5Secunia Security Advisory - A vulnerability has been discovered in ProShow Producer, which can be exploited by malicious people to compromise a user's system.
1b042ea8852b553329c0086dce24539fea26aae503311276b6c4622debf04626Secunia Security Advisory - A vulnerability has been discovered in pecio cms, which can be exploited by malicious people to conduct cross-site scripting attacks.
9325f39c3e4635aeb47f923445cb6d05eae0b13b9f6f3f449038dd2762a828fbSecunia Security Advisory - A vulnerability has been discovered in Shockwave Player, which can be exploited by malicious people to compromise a user's system.
f33d8a0f6dbbc785ff76368bda33b35d20fca1f803ca6c80e8a19c688cf2c936Secunia Security Advisory - J. Greil has discovered a vulnerability in Sawmill, which can be exploited by malicious people to conduct cross-site request forgery attacks.
72589a8f167c9a5a1d066d3048cf533824758b0e101dbd6104fbfcdc45431f49Secunia Security Advisory - Red Hat has issued an update for pidgin. This fixes multiple weaknesses, which can be exploited by malicious people to cause a DoS (Denial of Service).
8bb10f737aff61e9991891d172ebca0134acb04f186199d570ba23d95b51ebcaSecunia Security Advisory - Ubuntu has issued an update for libvirt and virtinst. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious, local users in a guest system to bypass certain security restrictions.
fbfecbf82c4b4611620443dd2f937b64e222b490af9853ed8f0e3b227346994bMandriva Linux Security Advisory 2010-211 - The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Various other issues have also been addressed.
c4aa2dae679ba79e24b8322c372a70db3de31777d295bd7bdc83df4e576d061fMandriva Linux Security Advisory 2010-210 - Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. Various other issues have also been addressed.
b49486071419be28e46150635739bbf1691dc4896d5fd2196ec5211581c260cfMandriva Linux Security Advisory 2010-209 - A buffer overflow was discovered in libsmi when long OID was given in numerical form. This could lead to arbitrary code execution.
cf7b44c0abecb921f207fc7f27c5244f40e3f24c3167eb87026c2974168fe890Debian Linux Security Advisory 2122-1 - Ben Hawkes and Tavis Ormandy discovered that the dynamic loader in GNU libc allows local users to gain root privileges using a crafted LD_AUDIT environment variable.
857fca073644547dae968ea11ffbcdca81c4d210891ea09f1af7219cd193c2c6HP Security Bulletin HPSBMA02593 SSRT100237 - A potential security vulnerability has been identified in HP Virtual Connect Enterprise Manager (VCEM) for Windows. The vulnerability could be exploited remotely to download arbitrary files. Revision 1 of this advisory.
9b417f8a3b89f033a8c2a022a3bde58caf421466dfba6f41bc28cec6afb3874dMicrosoft Internet Explorer suffers from a cross-origin leak vulnerability.
53499dc63a1db7878a76102343c1baf73d12e3bc3f97685e9fc61b7aa875f0ddUbuntu Security Notice 1008-2 - Libvirt in Ubuntu 10.04 LTS now no longer probes qemu disks for the image format and defaults to 'raw' when the format is not specified in the XML. This change in behavior breaks virt-install --import because virtinst in Ubuntu 10.04 LTS did not allow for specifying a disk format and does not specify a format in the XML. This update adds the 'format=' option when specifying a disk. Original advisory notes that it was discovered that libvirt would probe disk backing stores without consulting the defined format for the disk. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue only affected Ubuntu 10.04 LTS. By default, guests are confined by an AppArmor profile which provided partial protection against this flaw. It was discovered that libvirt would create new VMs without setting a backing store format. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue did not affect Ubuntu 8.04 LTS. In Ubuntu 9.10 and later guests are confined by an AppArmor profile which provided partial protection against this flaw. Jeremy Nickurak discovered that libvirt created iptables rules with too lenient mappings of source ports. A privileged attacker in the guest could bypass intended restrictions to access privileged resources on the host.
4d8e02c3a4d091d01b98eb080d057e61ab552e957bde8a3214bbd12d6c7d4a0bSecunia Security Advisory - Multiple vulnerabilities have been reported in iWiccle, which can be exploited by malicious people to conduct cross-site scripting attacks.
6cf84b8c6012aa71e33e8378f9ae726bb52cd6fcd47a872f3f840a34ef713f24Secunia Security Advisory - J. Greil has discovered multiple vulnerabilities in Sawmill, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks, disclose sensitive information, bypass certain security restrictions, and compromise a vulnerable system.
cd8527aa6fa6cc0ba69ce6b7cf8d8816fb945fbd15de6d888740bc047672ec10Secunia Security Advisory - Chris Evans has reported a vulnerability in Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information.
f3e88a50734501ee7b2248c16d43dbf585e57e7d91c00a4802d1e6b2a54af5a7Secunia Security Advisory - A weakness and some vulnerabilities have been reported in SAP BusinessObjects, which can be exploited by malicious, local users to gain escalated privileges, by malicious users to cause a DoS (Denial of Service), and by malicious people to disclose sensitive information and conduct cross-site scripting attacks.
de1b1fc493d72b8d749d034af4652da2a40f10c2c8de8ff0e32b3b9bc71760abMandriva Linux Security Advisory 2010-208 - It has been discovered that eight denial of service conditions exist in libpurple all due to insufficient validation of the return value from purple_base64_decode(). Invalid or malformed data received in place of a valid base64-encoded value in portions of the Yahoo!, MSN, MySpaceIM, and XMPP protocol plugins and the NTLM authentication support trigger a crash. These vulnerabilities can be leveraged by a remote user for denial of service.
2dcc45f1140e070e5166be26b8d3ee85ca8334858f66c04bf67550e965a60fefUbuntu Security Notice 1008-1 - It was discovered that libvirt would probe disk backing stores without consulting the defined format for the disk. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue only affected Ubuntu 10.04 LTS. By default, guests are confined by an AppArmor profile which provided partial protection against this flaw. It was discovered that libvirt would create new VMs without setting a backing store format. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue did not affect Ubuntu 8.04 LTS. In Ubuntu 9.10 and later guests are confined by an AppArmor profile which provided partial protection against this flaw. Jeremy Nickurak discovered that libvirt created iptables rules with too lenient mappings of source ports. A privileged attacker in the guest could bypass intended restrictions to access privileged resources on the host.
c064ab38868a95bbd59b13f2896302bf08bc54ede0f09b2e2a8362053a7462e5HP Security Bulletin HPSBMA02596 SSRT100271 - A potential security vulnerability has been identified in HP AssetCenter and HP AssetManager for AIX, HP-UX, Linux, Solaris and Windows. The vulnerability could be exploited remotely resulting in cross site scripting (XSS). Revision 1 of this advisory.
5cb27aaadce212727e1fb1b7d6053f27b3c3f046ab99308fbdb5f12747debf67HP Security Bulletin HPSBMA02592 SSRT100300 - Potential security vulnerabilities have been identified in HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows running Adobe Flash. The vulnerabilities could be exploited remotely resulting in execution of arbitrary code, Denial of Service (DoS), and unauthorized modification. Revision 1 of this advisory.
ed7bca84d41ba120ee86c4bc10906b785b5840de9ba41f6163285c718f510e73HP Security Bulletin HPSBMA02591 SSRT100299 - Potential security vulnerabilities have been identified in HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows. The vulnerabilities could be exploited remotely resulting in cross site request forgery (CSRF), cross site scripting (XSS), and privilege escalation. Revision 1 of this advisory.
36b03398e5c2de3131e9eba0578be33ca589245e6201650f2a48454b9415e19aSecunia Security Advisory - Ubuntu has issued an update for libvirt. This fixes a weakness and some vulnerabilities, which can be exploited by malicious, local users in a guest system to bypass certain security restrictions.
49231cea8ff0f844387cd139d07d84bd489e5f82918c067915b266d470031d19Secunia Security Advisory - Some vulnerabilities have been discovered in Sleipnir, which can be exploited by malicious people to compromise a user's system.
d5c99c8df4c01b1c113181135718e67f44d1ea85643da6c010d5c3e2218398c9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed