Secunia Security Advisory - Fedora has issued an update for glibc. This fixes a weakness, which can be exploited by malicious, local users to gain escalated privileges.
79782c5dc9aa662d0bb98de097a487ebc890569b811796af658269e527b750e5
Secunia Security Advisory - A vulnerability has been discovered in ProShow Producer, which can be exploited by malicious people to compromise a user's system.
1b042ea8852b553329c0086dce24539fea26aae503311276b6c4622debf04626
Secunia Security Advisory - A vulnerability has been discovered in pecio cms, which can be exploited by malicious people to conduct cross-site scripting attacks.
9325f39c3e4635aeb47f923445cb6d05eae0b13b9f6f3f449038dd2762a828fb
Secunia Security Advisory - A vulnerability has been discovered in Shockwave Player, which can be exploited by malicious people to compromise a user's system.
f33d8a0f6dbbc785ff76368bda33b35d20fca1f803ca6c80e8a19c688cf2c936
Secunia Security Advisory - J. Greil has discovered a vulnerability in Sawmill, which can be exploited by malicious people to conduct cross-site request forgery attacks.
72589a8f167c9a5a1d066d3048cf533824758b0e101dbd6104fbfcdc45431f49
Secunia Security Advisory - Red Hat has issued an update for pidgin. This fixes multiple weaknesses, which can be exploited by malicious people to cause a DoS (Denial of Service).
8bb10f737aff61e9991891d172ebca0134acb04f186199d570ba23d95b51ebca
Secunia Security Advisory - Ubuntu has issued an update for libvirt and virtinst. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious, local users in a guest system to bypass certain security restrictions.
fbfecbf82c4b4611620443dd2f937b64e222b490af9853ed8f0e3b227346994b
Mandriva Linux Security Advisory 2010-211 - The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Various other issues have also been addressed.
c4aa2dae679ba79e24b8322c372a70db3de31777d295bd7bdc83df4e576d061f
Mandriva Linux Security Advisory 2010-210 - Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. Various other issues have also been addressed.
b49486071419be28e46150635739bbf1691dc4896d5fd2196ec5211581c260cf
Mandriva Linux Security Advisory 2010-209 - A buffer overflow was discovered in libsmi when long OID was given in numerical form. This could lead to arbitrary code execution.
cf7b44c0abecb921f207fc7f27c5244f40e3f24c3167eb87026c2974168fe890
Debian Linux Security Advisory 2122-1 - Ben Hawkes and Tavis Ormandy discovered that the dynamic loader in GNU libc allows local users to gain root privileges using a crafted LD_AUDIT environment variable.
857fca073644547dae968ea11ffbcdca81c4d210891ea09f1af7219cd193c2c6
HP Security Bulletin HPSBMA02593 SSRT100237 - A potential security vulnerability has been identified in HP Virtual Connect Enterprise Manager (VCEM) for Windows. The vulnerability could be exploited remotely to download arbitrary files. Revision 1 of this advisory.
9b417f8a3b89f033a8c2a022a3bde58caf421466dfba6f41bc28cec6afb3874d
Microsoft Internet Explorer suffers from a cross-origin leak vulnerability.
53499dc63a1db7878a76102343c1baf73d12e3bc3f97685e9fc61b7aa875f0dd
Ubuntu Security Notice 1008-2 - Libvirt in Ubuntu 10.04 LTS now no longer probes qemu disks for the image format and defaults to 'raw' when the format is not specified in the XML. This change in behavior breaks virt-install --import because virtinst in Ubuntu 10.04 LTS did not allow for specifying a disk format and does not specify a format in the XML. This update adds the 'format=' option when specifying a disk. Original advisory notes that it was discovered that libvirt would probe disk backing stores without consulting the defined format for the disk. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue only affected Ubuntu 10.04 LTS. By default, guests are confined by an AppArmor profile which provided partial protection against this flaw. It was discovered that libvirt would create new VMs without setting a backing store format. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue did not affect Ubuntu 8.04 LTS. In Ubuntu 9.10 and later guests are confined by an AppArmor profile which provided partial protection against this flaw. Jeremy Nickurak discovered that libvirt created iptables rules with too lenient mappings of source ports. A privileged attacker in the guest could bypass intended restrictions to access privileged resources on the host.
4d8e02c3a4d091d01b98eb080d057e61ab552e957bde8a3214bbd12d6c7d4a0b
Secunia Security Advisory - Multiple vulnerabilities have been reported in iWiccle, which can be exploited by malicious people to conduct cross-site scripting attacks.
6cf84b8c6012aa71e33e8378f9ae726bb52cd6fcd47a872f3f840a34ef713f24
Secunia Security Advisory - J. Greil has discovered multiple vulnerabilities in Sawmill, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks, disclose sensitive information, bypass certain security restrictions, and compromise a vulnerable system.
cd8527aa6fa6cc0ba69ce6b7cf8d8816fb945fbd15de6d888740bc047672ec10
Secunia Security Advisory - Chris Evans has reported a vulnerability in Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information.
f3e88a50734501ee7b2248c16d43dbf585e57e7d91c00a4802d1e6b2a54af5a7
Secunia Security Advisory - A weakness and some vulnerabilities have been reported in SAP BusinessObjects, which can be exploited by malicious, local users to gain escalated privileges, by malicious users to cause a DoS (Denial of Service), and by malicious people to disclose sensitive information and conduct cross-site scripting attacks.
de1b1fc493d72b8d749d034af4652da2a40f10c2c8de8ff0e32b3b9bc71760ab
Mandriva Linux Security Advisory 2010-208 - It has been discovered that eight denial of service conditions exist in libpurple all due to insufficient validation of the return value from purple_base64_decode(). Invalid or malformed data received in place of a valid base64-encoded value in portions of the Yahoo!, MSN, MySpaceIM, and XMPP protocol plugins and the NTLM authentication support trigger a crash. These vulnerabilities can be leveraged by a remote user for denial of service.
2dcc45f1140e070e5166be26b8d3ee85ca8334858f66c04bf67550e965a60fef
Ubuntu Security Notice 1008-1 - It was discovered that libvirt would probe disk backing stores without consulting the defined format for the disk. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue only affected Ubuntu 10.04 LTS. By default, guests are confined by an AppArmor profile which provided partial protection against this flaw. It was discovered that libvirt would create new VMs without setting a backing store format. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue did not affect Ubuntu 8.04 LTS. In Ubuntu 9.10 and later guests are confined by an AppArmor profile which provided partial protection against this flaw. Jeremy Nickurak discovered that libvirt created iptables rules with too lenient mappings of source ports. A privileged attacker in the guest could bypass intended restrictions to access privileged resources on the host.
c064ab38868a95bbd59b13f2896302bf08bc54ede0f09b2e2a8362053a7462e5
HP Security Bulletin HPSBMA02596 SSRT100271 - A potential security vulnerability has been identified in HP AssetCenter and HP AssetManager for AIX, HP-UX, Linux, Solaris and Windows. The vulnerability could be exploited remotely resulting in cross site scripting (XSS). Revision 1 of this advisory.
5cb27aaadce212727e1fb1b7d6053f27b3c3f046ab99308fbdb5f12747debf67
HP Security Bulletin HPSBMA02592 SSRT100300 - Potential security vulnerabilities have been identified in HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows running Adobe Flash. The vulnerabilities could be exploited remotely resulting in execution of arbitrary code, Denial of Service (DoS), and unauthorized modification. Revision 1 of this advisory.
ed7bca84d41ba120ee86c4bc10906b785b5840de9ba41f6163285c718f510e73
HP Security Bulletin HPSBMA02591 SSRT100299 - Potential security vulnerabilities have been identified in HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows. The vulnerabilities could be exploited remotely resulting in cross site request forgery (CSRF), cross site scripting (XSS), and privilege escalation. Revision 1 of this advisory.
36b03398e5c2de3131e9eba0578be33ca589245e6201650f2a48454b9415e19a
Secunia Security Advisory - Ubuntu has issued an update for libvirt. This fixes a weakness and some vulnerabilities, which can be exploited by malicious, local users in a guest system to bypass certain security restrictions.
49231cea8ff0f844387cd139d07d84bd489e5f82918c067915b266d470031d19
Secunia Security Advisory - Some vulnerabilities have been discovered in Sleipnir, which can be exploited by malicious people to compromise a user's system.
d5c99c8df4c01b1c113181135718e67f44d1ea85643da6c010d5c3e2218398c9