Secunia Security Advisory - Two vulnerabilities have been reported in Kadu, which can be exploited by malicious users to conduct script insertion attacks.
d92c6744eed200546967709331fe8b9c94e472394a42614d21f978cc9cf7f1d1Secunia Security Advisory - A vulnerability has been reported in OpenSSL, which can be exploited by malicious people to cause a DoS (Denial of Service) of the application using the library.
22a2996b0f03a042ccfee4a17c73aebd9d6ac672c26763d9e93c4b530254c6e8Mandriva Linux Security Advisory 2012-023 - A vulnerability has been found and corrected in libvpx. VP8 Codec SDK before 1.0.0 Duclair allows remote attackers to cause a denial of service unspecified corrupt input or by starting decoding from a P-frame, which triggers an out-of-bounds read, related to the clamping of motion vectors in SPLITMV blocks. The updated packages have been patched to correct this issue. This is a symbolic advisory correction because there was a clash with MDVSA-2012:023 that addressed libxml2.
5760ddad7ab7f5d50d45e9d6d2b01846dcf94ede1f8a9d2ef97fe65d6bc27c3fMandriva Linux Security Advisory 2012-022 - Security issues were identified and fixed in mozilla firefox and thunderbird. An integer overflow in the libpng library can lead to a heap-buffer overflow when decompressing certain PNG images. This leads to a crash, which may be potentially exploitable. The mozilla firefox and thunderbird packages have been upgraded to the latest respective versions which is not affected by this security flaw. Additionally the rootcerts packages has been upgraded to the latest version as of 2012/02/18 and the NSS library has been rebuilt accordingly to pickup the changes. This is a symbolic advisory correction because there was a clash with MDVSA-2012:022 that addressed libpng.
6c745d9d52173219392680d02b0a80f2ccd95e95f7941c4746e37f33fda62cebMandriva Linux Security Advisory 2012-025 - Heap-based buffer overflow in process.c in smbd in Samba allows remote attackers to cause a denial of service or possibly execute arbitrary code via a Batched request that triggers infinite recursion. The updated packages have been patched to correct this issue.
af6946ff7346145357d5f9633e3b4cabee3c482c6018138fa764fa1f07c698c8Mandriva Linux Security Advisory 2012-024 - Ruby before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service via crafted input to an application that maintains a hash table. The updated packages have been patched to correct this issue.
44b5393632217703390da470f7fefc75b8bdaafb0b6e2a9d36de950d30ad3bcdUbuntu Security Notice 1377-1 - Drew Yao discovered that the WEBrick HTTP server was vulnerable to cross-site scripting attacks when displaying error pages. A remote attacker could use this flaw to run arbitrary web script. Drew Yao discovered that Ruby's BigDecimal module did not properly allocate memory on 64-bit platforms. An attacker could use this flaw to cause a denial of service or possibly execute arbitrary code with user privileges. Various other issues were also addressed.
cec298eba7976ebaa181ffd4c17d9f86fd8b7f0120e64642a7761c57933776cdUbuntu Security Notice 1375-1 - The httplib2 Python library earlier than version 0.7.0 did not perform any server certificate validation when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information in applications that used the httplib2 library.
a63a7a4c0796d2e294993168bb60e26b7a9fa704397e1fe1bdc13730e913f609Gentoo Linux Security Advisory 201202-7 - Multiple vulnerabilities were found in libvirt, the worst of which might allow guest OS users to read arbitrary files on the host OS. Versions less than 0.9.3-r1 are affected.
174a3477cdb83676abe9282ccb2195b63c18c5ee3d51f67ae0d74c3aeffc9587Ubuntu Security Notice 1376-1 - Juraj Somorovsky discovered that libxml2 was vulnerable to hash table collisions. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause a denial of service.
073bc618e97ea21ba50aa4f143095cd3ce54bb7398fe488d63f3e1eda1db3105Debian Linux Security Advisory 2419-1 - Two vulnerabilities were discovered in Puppet, a centralized configuration management tool.
11d35b7f35e7ba4a7e843737818ea54afa99b8b4146c843dba48c5f54f55e6d0Debian Linux Security Advisory 2418-1 - Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database.
11a657217072f0210bb50b55f2208a3bed8d0b8e9a9900e5683fd14a41024efbDebian Linux Security Advisory 2414-2 - It was discovered that the last security update for F*X, DSA-2414-1, introduced a regression. Updated packages are now available to address this problem.
163b9eaa211f872e647739bda275ef73dadabe562d1e45464ced23724f4d2944Samba versions up to 3.4.0 suffer from a code execution vulnerability.
3c60f7d6b21aa91e993400833006fa77981a0d39cf04dc6c46f58d279e888523Secunia Security Advisory - Multiple vulnerabilities have been reported in PostgreSQL, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct spoofing attacks and manipulate certain data.
f1c6263732b5de30508743e82ca94acf9b9d98e97f318b6123bf9d0464503d7aSecunia Security Advisory - A vulnerability has been reported in phpFox, which can be exploited by malicious users to conduct script insertion attacks.
7a789a02ee9d09133fc5766f4ce002865e30894892ab5bc2b17c94e347948c6bSecunia Security Advisory - SUSE has issued an update for mozilla-xulrunner192. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a user's system.
6880570d93e682f451d8bf9fc16a4a34d12d23c5175588d2050b326e279ea916Secunia Security Advisory - SUSE has issued an update for MozillaFirefox. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a user's system.
38896cfb1c2f20abd0b14d34c92ce435265aea52e6c3e1f5d74ec0474587035cSecunia Security Advisory - A vulnerability has been reported in IBM AIX, which can be exploited by malicious people to cause a DoS (Denial of Service).
5f553ca4a8ae3dc82b64b7c5c4dfb4cb935904742e77de7192e078c86fb44541Secunia Security Advisory - A vulnerability has been discovered in MyJobList, which can be exploited by malicious people to conduct SQL injection attacks.
532263db06a4193d67c3b4d4a2936236bf5fe118c4abe5e60d8be05ba902d2daSecunia Security Advisory - Ubuntu has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
4ded97d0d600e7ec22896061487da2ecb46180bd1473f643372ea039c8cae37aSecunia Security Advisory - Danny Fullerton has reported a vulnerability in Dropbear SSH Server, which can be exploited by malicious users to gain escalated privileges.
475e24c29964075692e761a8861ce2274f22eb05fcee72a09cefce860554a545Secunia Security Advisory - A security issue has been reported in Cookpad for Android and Cookpad Noseru for Android, which can be exploited by malicious people to bypass certain security restrictions.
b408152a697d21f00fcd4ca0d2c7b38824e21a6f52c9b1be1855f22ef584e48dSecunia Security Advisory - Ivano Binetti has discovered a vulnerability in Contao, which can be exploited by malicious people to conduct cross-site request forgery attacks.
cff0a377b5f88b3ca2b7ad442cfafbe0ee0e2a82e81b241e8ab7f04fcfa0377cSecunia Security Advisory - A vulnerability has been reported in idev-BusinessDirectory, which can be exploited by malicious people to conduct cross-site scripting attacks.
4d351eb2e44cb662a61be2a1636492628e47083cb9e0e7d6e92cfa120dc76f86
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed