Secunia Security Advisory - Codseq has discovered multiple vulnerabilities in Adiscon LogAnalyzer, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.
b53f4c7909bd71be210b970d4fd281b79f3a83074200830f5fdf510e1b6caa91Secunia Security Advisory - Mobile Defense has reported two vulnerabilities in Xelex MobileTrack, which can be exploited by malicious people to disclose sensitive information and bypass certain security restrictions.
70b95c6084e82a475fc90fde491c505560822bb08a6d42e14df416ed50781d17Secunia Security Advisory - Ubuntu has issued an update for feedparser. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
2294e2a2b6575b413af31903acbc1e3a1131c9fb955a7da254040cc2d9af7c61Ubuntu Security Notice 1449-1 - It was discovered that feedparser did not properly sanitize ENTITY declarations in encoded fields. A remote attacker could exploit this to cause a denial of service via memory exhaustion.
6a3a1b00e46dc08727ec76015083bbe2e5e84e541d19baf4809755132656980bSecunia Security Advisory - A vulnerability has been reported in Xen, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).
84ad631eaad8e93aa01ed016f4bf8ebc1339698b604f9179ccbc79daa2ff13a4Secunia Security Advisory - Red Hat has issued an update for postgresql and postgresql84. This fixes multiple vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct spoofing attacks and manipulate certain data.
7058494f56898b57ca07ab66e400d0b65013338fc9b181ff46100fe8883c47e6Secunia Security Advisory - Red Hat has issued an update for postgresql. This fixes two vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to manipulate certain data.
4f8f0b568be7999936c2a92aca35054d5886d5b32b080621a58ca6219d011a3cSecunia Security Advisory - Red Hat has issued an update for JBoss Enterprise Web Server. This fixes multiple weakness, two security issues, and multiple vulnerabilities, which can be exploited by malicious, local users and malicious people to disclose sensitive information, bypass certain security restrictions, or cause a DoS (Denial of Service).
e9e5e0e75c58e86968b38ab83fbdd35ef6194688be6b3386b9c063dbda5d72ddSecunia Security Advisory - Ubuntu has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
de81efc353cc1d81580a4cc54586d7dbfa61e4075a5065ec3387124dcc535db7Secunia Security Advisory - Astaro has issued an update for openssl. This fixes some vulnerabilities, which have unknown impacts.
d74361c510b7e90e0c2644ec604784e99b4fcadff4e89ad2a6a8224d8dd2e215Secunia Security Advisory - Henry Hoggard has discovered two vulnerabilities in the FirstLastNames plugin for Vanilla Forums, which can be exploited by malicious users to conduct script insertion attacks.
fe16c5441ce5847fe1298a294977bad6550638d56c644f24d316763ae60dcdfaSecunia Security Advisory - A vulnerability has been reported in HAProxy, which can be exploited by malicious people to potentially compromise a vulnerable system.
2d8aeab6f64e417a22b9135863162f97104c207e66fd443e77b98ab24b02ed70Secunia Security Advisory - A vulnerability has been reported in Mosh, which can be exploited by malicious users to cause a DoS (Denial of Service).
776236892d7028235c66c87189f21389dd1d1df019bf6936e4858e68a810acf8Secunia Security Advisory - Red Hat has issued an update for bind-dyndb-ldap. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service).
8b50f01398b9d683c729ae407de2d0ec528787aa5ce0517235a8fd070255498eMandriva Linux Security Advisory 2012-079 - A flaw exists in the IP network matching code in sudo versions 1.6.9p3 through 1.8.4p4 that may result in the local host being matched even though it is not actually part of the network described by the IP address and associated netmask listed in the sudoers file or in LDAP. As a result, users authorized to run commands on certain IP networks may be able to run commands on hosts that belong to other networks not explicitly listed in sudoers. The updated packages have been patched to correct this issue.
aa97ab426de40e17d32a9ab4b7f3c51d0d0f09c2b398834825656f46d2a75c7fDebian Linux Security Advisory 2476-1 - intrigeri discovered a format string error in pidgin-otr, an off-the-record messaging plugin for Pidgin.
e57ae6aa0760a5f43cc903ff3100cee9013a4fa2821d2834ae9efeb3bd7cf380Ubuntu Security Notice 1448-1 - A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed.
9eb4c8e14c0b23d7f2e789a0cc933a87ebbf7d4b85cda35ca1ad7bcc543dadf3Ubuntu Security Notice 1447-1 - Juri Aedla discovered that libxml2 contained an off by one error in its XPointer functionality. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program.
ff75da73d756437f5b6ffa8976743570d87fd97f5dd934cc2d3190340c09d3dcRed Hat Security Advisory 2012-0683-01 - The dynamic LDAP back end is a plug-in for BIND that provides back-end capabilities to LDAP databases. It features support for dynamic updates and internal caching that help to reduce the load on LDAP servers. A flaw was found in the way bind-dyndb-ldap handled LDAP query errors. If a remote attacker were able to send DNS queries to a named server that is configured to use bind-dyndb-ldap, they could trigger such an error with a DNS query leveraging bind-dyndb-ldap's insufficient escaping of the LDAP base DN. This would result in an invalid LDAP query that named would retry in a loop, preventing it from responding to other DNS queries. With this update, bind-dyndb-ldap only attempts to retry one time when an LDAP search returns an unexpected error.
a0bb807657aa4121778e2cad43904858659ee8efe0bbd651d2a059e6b4d9c116Red Hat Security Advisory 2012-0681-01 - Apache Tomcat is a servlet container. JBoss Enterprise Web Server includes the Tomcat Native library, providing Apache Portable Runtime support for Tomcat. This update fixes the JBPAPP-4873, JBPAPP-6133, and JBPAPP-6852 bugs. It also resolves multiple flaws that weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks.
476d8682a9dc81de542af39a135df9462d83db56715407ea95d50226c75892c0Red Hat Security Advisory 2012-0679-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. JBoss Enterprise Web Server includes the Tomcat Native library, providing Apache Portable Runtime support for Tomcat. This update includes bug fixes as documented in JBPAPP-4873 and JBPAPP-6133.
69361321d1bf1682c0efc1e8e0c3abaf9cf424352789563207afb0732798160fRed Hat Security Advisory 2012-0682-01 - Apache Tomcat is a servlet container. JBoss Enterprise Web Server includes the Tomcat Native library, providing Apache Portable Runtime support for Tomcat. This update fixes the JBPAPP-4873, JBPAPP-6133, and JBPAPP-6852 bugs. It also addresses multiple flaws that weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks.
a7981af462ded26dc5b525b00d9463603ff70a82bbc57c62341f258e1aba5de8Red Hat Security Advisory 2012-0677-01 - PostgreSQL is an advanced object-relational database management system. The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command might then be executed by a privileged user during later restore of the backup dump, allowing privilege escalation. CREATE TRIGGER did not do a permissions check on the trigger function to be called. This could possibly allow an authenticated database user to call a privileged trigger function on data of their choosing.
99eb758e26ad01db7e3e088f497dd8ec98005e8f4fdef7cb43e51787e609733aRed Hat Security Advisory 2012-0680-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. JBoss Enterprise Web Server includes the Tomcat Native library, providing Apache Portable Runtime support for Tomcat. This update includes bug fixes as documented in JBPAPP-4873 and JBPAPP-6133.
db2cede27257c0c7eb5afeeba0d2abaa2a7c74f2786187c29b2569f1202cc6a1Red Hat Security Advisory 2012-0676-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A flaw was found in the way the KVM_CREATE_IRQCHIP ioctl was handled. Calling this ioctl when at least one virtual CPU already existed could lead to a NULL pointer dereference later when the VCPU is scheduled to run. A malicious user in the kvm group on the host could use this flaw to crash the host. A flaw was found in the way device memory was handled during guest device removal. Upon successful device removal, memory used by the device was not properly unmapped from the corresponding IOMMU or properly released from the kernel, leading to a memory leak. A malicious user in the kvm group on the host who has the ability to assign a device to a guest could use this flaw to crash the host.
5ec712624114bd7a62ded7e3e13e0b431d5a90f25d887258c19bd6583197a38e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed