Secunia Security Advisory - Ubuntu has issued an update for openssl. This fixes two vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service) of the application using the library.
3df54d4ab9c228f2348a011b682aa98a3ebef7a3a1a8d4c5a6abf6b27f0cca98Secunia Security Advisory - A vulnerability has been reported in RSSOwl, which can be exploited by malicious people to conduct script insertion attacks.
992e85a248c2293e75f89318e50500beed8e0b9fcb1b6abd091e2467009369ebSecunia Security Advisory - Walied Assar has discovered two vulnerabilities in ResEdit, which can be exploited by malicious people to potentially compromise a user's system.
3b3949a10be20b754836c1b9797ee5defc961186fbea1ba0e79660f407dcf5c7Secunia Security Advisory - A vulnerability has been reported in Logitec LAN-W300N/R, LAN-W300N/RS, and LAN-W300N/RU2, which can be exploited by malicious people to bypass certain security restrictions.
f9d56eee8b724d15b8c7efac14f151b0179305f5089c72f08e59bb9a31cc91f5Ubuntu Security Notice 1454-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service.
f28320f5538e98298ed28cf4be19ea1c9e1808d3f2e263ff05dd1b27f77c788dUbuntu Security Notice 1453-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed.
0ce91b7b629cfee8a757c0aaf95f5ab728dc7c0c8392a5ba774db361dc1f15e3Ubuntu Security Notice 1452-1 - A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed.
1743e5e0d5cc2c51eea82b08fd5a2379a2483478b76cb54de2e7c2aec5d7e59fUbuntu Security Notice 1451-1 - Ivan Nestlerode discovered that the Cryptographic Message Syntax (CMS) and PKCS #7 implementations in OpenSSL returned early if RSA decryption failed. This could allow an attacker to expose sensitive information via a Million Message Attack (MMA). It was discovered that an integer underflow was possible when using TLS 1.1, TLS 1.2, or DTLS with CBC encryption. This could allow a remote attacker to cause a denial of service. Various other issues were also addressed.
c2d728621ad0692803f2775f1741405360b7d473c41ea474fa8427075d3d957aSecunia Security Advisory - Astaro has issued an update for IPsec. This fixes a vulnerability with an unknown impact.
c2d0a69e4b51e595af1b3bad527d9683450cdb2471261fe7ab64b6f3a1b844d8Secunia Security Advisory - A weakness has been reported in PyCrypto, which can be exploited by malicious people to conduct brute force attacks.
5f2d792f0678900743f9df4aa9e9530a0e4003f8e23b1989f7e10265d0d39e33Secunia Security Advisory - A vulnerability has been reported in dotCMS, which can be exploited by malicious users to compromise a vulnerable system.
25eae5750d2834fb8e3079d5d6af05076a0ec2412dd6392f27ce72e2dd790185Secunia Security Advisory - Tiago Natel de Moura has discovered multiple vulnerabilities in SocialEngine, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting and request forgery attacks.
e124c0d562158eaaac866756fd5c64449c84ace9ff0384849a08d12c68d65cdcSecunia Security Advisory - Multiple vulnerabilities have been reported in the Search API module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
44ce1f3c1fe56a9a2c5cbae8339e227a89bd710bc0e79daeb8adf7af74ff21faSecunia Security Advisory - A vulnerability has been reported in Apache Commons Compress, which can be exploited by malicious people to cause a DoS (Denial of Service) in an application using the library.
e1758af41f3ed887f3c0c4afbd3927d225129ce4148fbbb73309128a76056389Secunia Security Advisory - Apache has acknowledged a vulnerability in Ant, which can be exploited by malicious people to cause a DoS (Denial of Service).
aec6213039755eb3445fa4ddca1d4af1ee1154545ed2970322958184ea5ba2f8Secunia Security Advisory - Multiple vulnerabilities have been reported in Google Chrome, where some have unknown impacts and others can be exploited by malicious people to compromise a user's system.
2d6a808c3d9d5cd84a8a28db0274894cf44f7279351616685fd52fea7c935283Secunia Security Advisory - SUSE has issued an update for cobbler. This fixes two vulnerabilities, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct cross-site request forgery attacks.
9b2b777076f0077659ec329d9c211e8f33c419c5815f5bc8b059ee6bee3fb43cDebian Linux Security Advisory 2480-1 - Several vulnerabilities were discovered in Request Tracker, an issue tracking system.
4d0921714e92a3caf9ffbb786ca18511edabedc064e7f7072f96aa34077367e0Apache Commons Compress versions 1.0 through 1.4 and Apache Ant versions 1.5 through 1.8.3 suffer from a denial of service vulnerability. The bzip2 compressing streams in Apache Commons Compress and Apache Ant internally use sorting algorithms with unacceptable worst-case performance on very repetitive inputs. A specially crafted input to Compress' BZip2CompressorOutputStream or Ant's <bzip2> task can be used to make the process spend a very long time while using up all available processing time effectively leading to a denial of service.
764b4680811098ad5654daa7aacc0274f9de6ab81bef5b8286b792367f7e802cEMC AutoStart contains multiple buffer overflow vulnerabilities which can be exploited to potentially cause a denial of service, or possibly, execute arbitrary code within the context of the affected application. Versions 5.3.x and 5.4.x are affected.
1d0445ba9e2d754fa11ecd05aaf43d0b4ef3dc02e0430db42104435fd5421234Mandriva Linux Security Advisory 2012-081 - Security issues were identified and fixed in mozilla firefox. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. Security research firm iDefense reported that researcher wushi of team509 discovered a memory corruption on Windows Vista and Windows 7 systems with hardware acceleration disabled or using incompatible video drivers. Various other issues have also been addressed.
b4728ca55ce3cfd40444a11b5acd5298ece8e9bf6c775569b96cc5d90bcd9a33Mandriva Linux Security Advisory 2012-080 - It may be possible to make Wireshark hang for long or indefinite periods by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. This advisory provides the latest version of Wireshark which is not vulnerable to these issues.
10a172fbdd9a1956fcadc521595975f06bf508f0c5f7cc83e8e96be95744ada7Red Hat Security Advisory 2012-0688-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB12-09, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the specially-crafted SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.3.183.19.
5d3d94c580242304ad1db49f92b8d1b2db7dde614f6355c09efaba9df53cd86dDebian Linux Security Advisory 2479-1 - Jueri Aedla discovered an off-by-one in libxml2, which could result in the execution of arbitrary code.
5e62d60e907638254c3219bad9aae0a157a50cc91b3cbaa54606ea417f886ce3Debian Linux Security Advisory 2478-1 - It was discovered that sudo misparsed network masks used in Host and Host_List stanzas. This allowed the execution of commands on hosts, where the user would not be allowed to run the specified command.
fa49469a07a4c2e333f036a694c17b0a83d1f089b43d38e1c25cb2dfb19e3c66
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed