Secunia Security Advisory - SUSE has issued an update for ruby. This fixes some vulnerabilities, which can be exploited by malicious, local users to perform certain actions with escalated privileges and by malicious people to manipulate certain data, conduct cross-site scripting attacks, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
eafa8c07bca9a89ff6f99eb4d76d068396c7d2aafb3663cc08847b81864c4330Secunia Security Advisory - SUSE has issued an update for perl-libwww-perl. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks.
a18fc3c6ba7c0bc626ed434dc2167cba8762ee17eebad7ea7c77a430e9066dc3Secunia Security Advisory - SUSE has issued an update for ruby. This fixes a security issue and some vulnerabilities, which can be exploited by malicious, local users to perform certain actions with escalated privileges and by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, cause a DoS (Denial of Service), and to potentially compromise a vulnerable system.
371b1d0816e770a73c46cbc62beb8a5c7ddd110b5884bbc631391725c5e0f293Secunia Security Advisory - A vulnerability has been reported in Post Revolution, which can be exploited by malicious people to conduct cross-site request forgery attacks.
b895c063db39563007d30014d3a2ec3f0728f854e8027c38b8388ecd63ab48e4Secunia Security Advisory - A security issue has been reported in Zope, which can be exploited by malicious users to manipulate certain data and cause a DoS (Denial of Service).
8c0f0f9a295800c05bdf3c868baee282968f1f8156cbc420c3f242935911933bFreeBSD Security Advisory - Very large RRSIG RRsets included in a negative response can trigger an assertion failure that will crash named(8) due to an off-by-one error in a buffer size check.
830b4abf997e208ee19a29014f1bce9fcf3eacab0dd0921152c8321eb8c768ceCallisto 821+ ADSL modems suffer from predictable resource location and brute force vulnerabilities.
822d5a0c54180ec61e1ca3a6846235d8c78dc0026a6c0c9d4a4dfc30a5a61dcdUbuntu Security Notice 1140-1 - Marcus Granado discovered that PAM incorrectly handled configuration files with non-ASCII usernames. A remote attacker could use this flaw to cause a denial of service, or possibly obtain login access with a different users username. This issue only affected Ubuntu 8.04 LTS. It was discovered that the PAM pam_xauth, pam_env and pam_mail modules incorrectly handled dropping privileges when performing operations. A local attacker could use this flaw to read certain arbitrary files, and access other sensitive information. It was discovered that the PAM pam_namespace module incorrectly cleaned the environment during execution of the namespace.init script. A local attacker could use this flaw to possibly gain privileges. It was discovered that the PAM pam_xauth module incorrectly handled certain failures. A local attacker could use this flaw to delete certain unintended files. It was discovered that the PAM pam_xauth module incorrectly verified certain file properties. A local attacker could use this flaw to cause a denial of service.
1475b1ea584745e75607c08eb5e889073214913e719c51acce41d09dc235d52bUbuntu Security Notice 1139-1 - It was discovered that Bind incorrectly handled certain bad signatures if multiple trust anchors existed for a single zone. A remote attacker could use this flaw to cause Bind to stop responding, resulting in a denial of service. This issue only affected Ubuntu 8.04 LTS and 10.04 LTS. Frank Kloeker and Michael Sinatra discovered that Bind incorrectly handled certain very large RRSIG RRsets included in negative responses. A remote attacker could use this flaw to cause Bind to stop responding, resulting in a denial of service.
82a2c36b85a888540cafda385a6411a7d5d9aa9aa7f327427e24d3e0ecb19e3aMandriva Linux Security Advisory 2011-103 - Stack-based buffer overflow in the "LIGHTING EFFECTS > LIGHT" plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. Stack-based buffer overflow in the SPHERE DESIGNER plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. Stack-based buffer overflow in the GFIG plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a long Foreground field in a plugin configuration file.
a9707df186667e960fb7bcccb9b44257753c19aac46b92c0e7a54f39a8f4c029Debian Linux Security Advisory 2246-1 - Several vulnerabilities were discovered in mahara, an electronic portfolio, weblog, and resume builder.
ba3a5abdd8001f5ec154d30befa0306d62a84e4263dc60f203fbe254133a260fDebian Linux Security Advisory 2245-1 - Several vulnerabilities were discovered in the Chromium browser.
95d73137a834ded9030bb360069113dddf15ccd4c1c7e7324bd1bff59ee266d2Mandriva Linux Security Advisory 2011-102 - Directory traversal vulnerability in the disk_create function in disk.c in rdesktop before 1.7.0, when disk redirection is enabled, allows remote RDP servers to read or overwrite arbitrary files via a. in a pathname.
e95e4028e63acc2a106410223cc65ea955c645b12d8dd36b9ac2e57235d52189Secunia Security Advisory - A vulnerability and a security issue have been reported in Drupal, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to bypass certain security restrictions.
baea630fbcf85c09b4e4403fe1523e283d1461b0890b664e5b7ab50742dabb4bSecunia Security Advisory - Fedora has issued an update for systemtap. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
93b02196aa223bc626e9fccb91cfdd1af22b8cac4aee55fe5db953404af0ee61Secunia Security Advisory - Ubuntu has issued an update for dbus-glib. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security features.
28286e0752f1af2575d13dd78502de0dd65dc4223cead54188ebc464a267f715Debian Linux Security Advisory 2244-1 - It was discovered that BIND, an implementation of the DNS protocol, does not correctly process certain large RRSIG record sets in DNSSEC responses. The resulting assertion failure causes the name server process to crash, making name resolution unavailable.
1d5d9062a169179cd4ddf94fe0a3ecabc58a694c5253fb7da52827e2d41efd17Debian Linux Security Advisory 2243-1 - It was discovered that Unbound, a caching DNS resolver, ceases to provide answers for zones signed using DNSSEC after it has processed a crafted query.
e9b7b8f531d7f0bf62453a71f0ee84e29f0c50968fee5a72a1b77af5437f7843Apache Archiva versions 1.3.0 through 1.3.4 suffer from a cross site scripting vulnerability.
5efbf8901967ec7d67fef99169880a4eb9b5f7f796e2016b76d3c042d56f0674DNS BIND Security Advisory - A BIND 9 DNS server set up to be a caching resolver is vulnerable to a user querying a domain with very large resource record sets (RRSets) when trying to negatively cache a response. This can cause the BIND 9 DNS server (named process) to crash. Versions affected include 9.4-ESV-R3 and later, 9.6-ESV-R2 and later, 9.6.3, 9.7.1 and later, 9.8.0 and later.
fa50a97638e2f7e6a97d4f93201d255bcf855b0b42fd27b17eea562af70dec7fTrustwave WebDefend suffers from a static database password vulnerability. It was discovered in various DLLs and EXEs and affects WebDefend Enterprise Manager Appliance / Console software versions 5.0 and 4.0.
af8e8db72fb21529ddd405451250cf64c1245de881c6b67c33191743d4d5a7f7Ubuntu Security Notice 1138-2 - USN-1138-1 fixed a vulnerability in DBus-GLib. NetworkManager and ModemManager required rebuilding against the updated DBus-GLib to incorporate the changes. It was discovered that DBus-GLib did not properly verify the access flag of exported GObject properties under certain circumstances. A local attacker could exploit this to bypass intended access restrictions or possibly cause a denial of service.
3a419fab7b32032bd3eaa04ad96c2f47ef0907a28bc4afa4493a9cb97e3c90e9Ubuntu Security Notice 1138-1 - It was discovered that DBus-GLib did not properly verify the access flag of exported GObject properties under certain circumstances. A local attacker could exploit this to bypass intended access restrictions or possibly cause a denial of service.
c935c17e82d36e21de9f5a0ab05a59ede86e3264481de05296335a94ab380a54Ubuntu Security Notice 1137-1 - Juraj Somorovsky, Jorg Schwenk, Meiko Jensen and Xiaofeng Lou discovered that Eucalyptus did not properly validate SOAP requests. An unauthenticated remote attacker could exploit this to submit arbitrary commands to the Eucalyptus SOAP interface in the context of an authenticated user.
70f2755b4d3cbc4f775f55a6948dcb13931a0c487ececdf66ab508dac31f4c2aSecunia Security Advisory - Debian has issued an update for cyrus-imapd-2.2. This fixes a vulnerability, which can be exploited by malicious people to manipulate certain data.
c4fedb1fe4adb7ba572d8cf87aa0fe3f2d26fb091d8de0d0370fbdfd68776663
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed