Secunia Security Advisory - Debian has issued an update for libpng. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
eb77b42f60dc0c74a5563b13e732e62327a05bebbad96b48a3c4c14b6a715772Secunia Security Advisory - Debian has issued an update for libsndfile. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library.
43f363c1f34ae5cf55d66086b8d639f2aa4f54ffb0ec517df02d02b6c4a64b4cSecunia Security Advisory - Ubuntu has issued an update for libvirt. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
b235d8811f7ef493b03f54df19375e48cb8a4ac40313901d8a60aead018e953bSecunia Security Advisory - Red Hat has issued an update for libpng. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
4da81facea1143c87ad943ca64ee267c18ad3378034826d3c3c34065d9bc6c99Secunia Security Advisory - A vulnerability has been discovered in cFTP, which can be exploited by malicious people to bypass certain security restrictions.
5ef9479830740558f8706cb68eb4fa42740c730b685c4ff3bfaca69972b862c3Secunia Security Advisory - A weakness and multiple vulnerabilities have been reported in Sitecore CMS, where some have unknown impacts and others can be exploited by malicious people to conduct spoofing attacks.
731fef840f3213963e162f633ea7b022fe5af69e90ca6c74559161c846ba7ddfSecunia Security Advisory - Kees Cook has reported some vulnerabilities in MiniSSDPd, which can be exploited by malicious people to disclose system information, cause a DoS (Denial of Service), and compromise a vulnerable system.
25d471b4352ea034c000ecbddcc72fde5ccc9fd48a67f8f55cdc0d40f00d220cSecunia Security Advisory - A vulnerability with an unknown impact has been reported in Hitachi JP1/IT Resource Management.
6dc7af8f00ee5a56965bea264114d8bdedc00fb36baf910daa290ced2b20a576Secunia Security Advisory - A weakness has been reported in UnixWare, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
11ee57117d9a0038bf0b1cb14c9c9e697fd0514e1954cf7fe744e0705e4715e4Zero Day Initiative Advisory 11-244 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Flexera Software Flexnet License Server Manager. Authentication is not required to exploit this vulnerability. The flaw exists within the lmadmin component which listens by default on TCP port 27000 (this can vary however if the port is in use). When handling a packet type having the opcode 0x2f the process trusts a user provided value when calculating the bytes remaining in the packet. Using this tainted remaining length value the process then copies packet data into a buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the lmadmin user.
db7e59a0376e24785389a9bdd53eb17e30918197fb24d6479b7244441faff253Debian Linux Security Advisory 2288-1 - Hossein Lotfi discovered an integer overflow in libsndfile's code to parse Paris Audio files, which could potentially lead to the execution of arbitrary code.
0942125455ecdca6e7d9c6ac052199e949491719d018fa17cc47170a2500f8b9Ubuntu Security Notice 1181-1 - It was discovered that libsoup did not properly validate its input when processing SoupServer requests. A remote attacker could exploit this to access files via directory traversal.
14e4949d1f5bc313734e55b50adf2646d195731a6e58ea63f28211c4574fdbcaDebian Linux Security Advisory 2287-1 - The PNG library libpng has been affected by several vulnerabilities. The most critical one is the identified as CVE-2011-2690. Using this vulnerability, an attacker is able to overwrite memory with an arbitrary amount of data controlled by her via a crafted PNG image.
3e4ff8efb347ee8c838157bb520547cc9e35f8767d8e12ee5f0743289e6a2a10Red Hat Security Advisory 2011-1105-01 - The libpng packages contain a library of functions for creating and manipulating PNG image format files. A buffer overflow flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Note: The application behavior required to exploit CVE-2011-2690 is rarely used. No application shipped with Red Hat Enterprise Linux behaves this way, for example.
a15792b3f1e80ca14608f17434901abad86b00e590ca41af294df19788e35990HP Security Bulletin HPSBUX02689 SSRT100494 2 - A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 2 of this advisory.
410d172768a0ba4e161eff00917672425a62136388aa62870dd61928f6ac75a7Ubuntu Security Notice 1180-1 - Eric Blake discovered an integer overflow flaw in libvirt. A remote authenticated attacker could exploit this by sending a crafted VCPU RPC call and cause a denial of service via application crash.
73488b7895c24ac8ac74d084316a22f34c14b187f20dc4e1f7217d106c0d496bHP Security Bulletin HPSBMU02669 SSRT100346 3 - A potential security vulnerability has been identified with HP Data Protector's Media Management Daemon (mmd). The vulnerability could be remotely exploited to create a Denial of Service (DoS). Revision 3 of this advisory.
023f9f0287071bd93ef56a2a9b53002c263f6c32acbfbdbfd8bb60c304c8288dRed Hat Security Advisory 2011-1104-01 - The libpng packages contain a library of functions for creating and manipulating PNG image format files. A buffer overflow flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Note: The application behavior required to exploit CVE-2011-2690 is rarely used. No application shipped with Red Hat Enterprise Linux behaves this way, for example.
092507d3038dfbf480768d784c2a9a2cdafa92eeddaa12ebcd38a530810d7ef6HP Security Bulletin HPSBMU02691 SSRT100483 2 - A potential security vulnerability has been identified in HP Performance Agent and HP Operations Agent. The vulnerability can be exploited by remote unauthenticated users to delete arbitrary files. Revision 2 of this advisory.
d48b2413875cfdf36d816dcc286b9523aa1e735d9005430b43bc08b4467c992aUbuntu Security Notice 1179-1 - It was discovered that the hash processing code in libclamav improperly handled messages with certain hashes. This could allow a remote attacker to craft a document that could cause clamav to crash, resulting in a denial of service.
9ccd80cbdb629179bdb7f149238901f7768ec936dde8922f437227d26cddb7c8Red Hat Security Advisory 2011-1103-01 - The libpng packages contain a library of functions for creating and manipulating PNG image format files. An uninitialized memory read issue was found in the way libpng processed certain PNG images that use the Physical Scale extension. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash. Users of libpng and libpng10 should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libpng or libpng10 must be restarted for the update to take effect.
9dc92fb24236ca66b3fa9371b984aa55e313f796547e3aad55237ae4d87a267bHP Security Bulletin HPSBMU02693 SSRT100583 - Potential security vulnerabilities have been identified with HP Network Automation running on Linux, Solaris, and Windows. The vulnerabilities could be exploited remotely resulting in SQL injection and cross site scripting (XSS). Revision 1 of this advisory.
20cbc43130c1c87ccf95c28570cd3fa91cfef30974544441bbec0ad97014ac6bRed Hat Security Advisory 2011-1102-01 - libsoup is an HTTP client/library implementation for GNOME. A directory traversal flaw was found in libsoup's SoupServer. If an application used SoupServer to implement an HTTP service, a remote attacker who is able to connect to that service could use this flaw to access any local files accessible to that application via a specially-crafted request. All users of libsoup should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications using libsoup's SoupServer must be restarted for the update to take effect.
2d111ef0e64d2744457f6d7bec28ca03c7a869c7b009fdbc59b288e639888134HP Security Bulletin HPSBMU02692 SSRT100581 2 - Potential security vulnerabilities have been identified with HP SiteScope. These vulnerabilities could be exploited remotely to allow cross site scripting (XSS) and session fixation attacks. Revision 2 of this advisory.
508d1559d89320405239c5eb35a45affc1c33b2a551d9a884e70aa8152c778f1Zero Day Initiative Advisory 11-243 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit as utilized by either Apple Safari, or Google's Chrome browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the library handles implicitly defined styles. When processing a specific case for a style, the application will dispatch an event. During this dispatch, code can be executed that can be used to manipulate the DOM tree causing a type-switch. This type-switch can lead to code execution under the context of the application.
271b74fa85acb6b77a0e3a8b90d17138c1ec8c1c86c7849005154a58cb31c6e6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed