Ubuntu Security Notice 1177-1 - Andrew Griffiths discovered that QEMU did not correctly drop privileges when using the 'runas' argument. Under certain circumstances a local attacker could exploit this to escalate privileges.
2db2352dca97c03e93a4de8cf6727155b5bccf0dc86d6436fc53e270444efcdd
Zero Day Initiative Advisory 11-241 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Webkit Library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the NamedNodeMap::setAttributes method defined within the NamedNodeMap.cpp file distributed with WebKit. The code responsible for copying attributes between DOM nodes does not verify that a mutation may have occurred when an attribute's attributeChanged method is called. By crafting a page that deletes instances of that attribute when the above mentioned method is called the code within setAttributes can be made to operate on freed objects. An attacker can take advantage of this by spraying the heap in a way that will not result in null pointers being referenced. This can lead to arbitrary code execution under the context of the user running the browser.
0748db6d4ee6bfe2651ddbd36ffb116881c9658edb8f896d05ac0dd5e8b67fdb
Zero Day Initiative Advisory 11-240 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the library's support of SVG markers. When updating a marker, the application will duplicate the reference of an object without updating its reference count. When freeing this object, a use-after-free vulnerability can be made to occur. This can be leveraged by a remote attacker to execute code under the context of the user running the application.
9955e1a0118de7587b35cc2341eb06299e4d3ea9f28954c95c79d4b5a540588d
Zero Day Initiative Advisory 11-239 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the library's implementation of a FrameOwner element. When building this tree, the application will create a duplicate reference of an element. By freeing the referenced element, a use-after-free condition can be made to occur which can lead to code execution under the context of the application.
9a566a7f048a2f671ae362db0c36d2bb1dc429098ed33eb23dac590c45aba40a
Red Hat Security Advisory 2011-1100-01 - The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. A flaw was discovered in the JNLP implementation in IcedTea-Web. An unsigned Java Web Start application could use this flaw to manipulate the content of a Security Warning dialog box, to trick a user into granting the application unintended access permissions to local files.
1aa0fc44e9203cd83f9e35c5f4c37ec5b68f33d5745644ea51197952cea44e7d
Mandriva Linux Security Advisory 2011-121 - All current released versions of Samba are vulnerable to a cross-site request forgery in the Samba Web Administration Tool (SWAT). By tricking a user who is authenticated with SWAT into clicking a manipulated URL on a different web page, it is possible to manipulate SWAT. All current released versions of Samba are vulnerable to a cross-site scripting issue in the Samba Web Administration Tool (SWAT). On the Change Password field, it is possible to insert arbitrary content into the user field.
b75ce3ace75fea8d22a279188ef3184449337cf90f4fe3d331c11300c3a6a118
Mandriva Linux Security Advisory 2011-120 - Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, allows remote attackers to execute arbitrary code or cause a denial of service via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.
c6327c04cc1f8a878340ba858f3e80a09236c75996f3bfb90d9d1f2b2d6c3bef
Red Hat Security Advisory 2011-1090-01 - The rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. A flaw was found that allowed napi_reuse_skb() to be called on VLAN packets. An attacker on the local network could trigger this flaw by sending specially-crafted packets to a target system, possibly causing a denial of service.
423b948c96708d1e061b86fbda73740a65a22df850c2554883aadb161b574ff5
Secunia Security Advisory - Fedora has issued an update for oprofile. This fixes a weakness, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
1d7579d43a3490a65046f7913ec3b31995a7f50f355cdbebb461d3952f8f170f
Secunia Security Advisory - A security issue has been reported in GLPI, which can be exploited by malicious users to disclose potentially sensitive information.
e49f48a6868ff46c9366d4d8ac553e8ce01f6bf543d47c9085f4c38c302525ac
Secunia Security Advisory - OpenVZ has issued an update for the kernel. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, bypass certain security restrictions, cause a DoS (Denial of Service), and to potentially gain escalated privileges and by malicious, local users in a guest virtual machine and by malicious people to cause a DoS (Denial of Service).
3ed48a9e8b08d7472bb628078372c541b60ca2a9bae503aefff36a6665fbf283
Secunia Security Advisory - Ubuntu has issued an update for libsndfile. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library.
8cbb81bf45d122007e2cf6f5a6b7f68e32e4cf5780b76463aa7b3e054aac6f14
Secunia Security Advisory - Ubuntu has issued an update for freetype. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
68b7c98c9ad580fd045add831c990484d4a69246a21e77c2f7dae1cad5978743
Secunia Security Advisory - Fedora has issued an update for xmms. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
345591565baa757c2f4eee094fc2b69628e20bcddb9d8038bf20da0022e6f496
Secunia Security Advisory - A weakness has been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose potentially sensitive information.
b125f68e25b4f6855c48eebac5b66d7971a9fa689070dfbd8e569ce4ebe1b652
Secunia Security Advisory - High-Tech Bridge SA has discovered a weakness in Free PHP message board, which can be exploited by malicious people to conduct spoofing attacks.
23525b72ad83fd356074562dc16c43154f4e36176905454d3dd05a90ec0c3a91
Secunia Security Advisory - Ubuntu has issued an update for dbus. This fixes a weakness, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
bd54aaafead02e89f530e72222228a7f41294b9447fd6a514a47471506fb6665
Secunia Security Advisory - SUSE has issued an update for libvirt. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
f0f8f7439c30cb02b15cbb63aef828ac31444739d0d6f0539165e2a8424a42a0
Secunia Security Advisory - A vulnerability has been reported in Internet Explorer, which can be exploited by malicious people to conduct cross-site scripting attacks.
f3699f2b3b97d3228540022c4254315def210e17aab329fa69fdf5a28d52a0b3
Secunia Security Advisory - Red Hat has issued an update for systemtap. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges.
4fdcbfeeb062cd4a2d71f8c1ccd48b8e28f9d377a72648d7a6dd732c97239006
Secunia Security Advisory - SUSE has issued an update for the kernel. This fixes some security issues and vulnerabilities, which can be exploited by malicious, local users to disclose system information, cause a DoS (Denial of Service), conduct session hijacking attacks, bypass certain security restrictions, and potentially gain escalated privileges, and by malicious people with physical access to potentially compromise a vulnerable system.
06ff534301562c096822c44fec6a3023e1ff2a5f06ae934cfcdff6b472229614
Secunia Security Advisory - A vulnerability has been reported in the Virtual Money component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.
81fa7ebb5bf429f491c4d71e596e0f326866aab87244331c6ef0018de0b4aad5
Secunia Security Advisory - Debian has issued an update for mapserver. This fixes some vulnerabilities, which can be exploited by malicious people to conduct SQL injection attacks and potentially compromise a vulnerable system.
b7ad58620638eea10895bcb88afdd4b27beaa27c5b977fad385ff89e2c50f053
Secunia Security Advisory - Yuri Goltsev has reported multiple vulnerabilities in Koha, which can be exploited by malicious people to conduct cross-site scripting attacks.
b7a1e3f7f78d5a4f3c0761684ab78379226323bed68b75d0c16a0d1152569f44
Secunia Security Advisory - SUSE has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
c01c4bfa924d1a6e5e6e3be9d7fc750225ad4953f573e74a45500402edeccd5b