VUPEN Vulnerability Research Team discovered a critical vulnerability in Mozilla Firefox. The vulnerability is caused by a use-after-free error within the "DocumentViewerImpl::Show()" function, which could allow remote attackers to execute arbitrary code via a specially crafted web page.
5a8e530f261da8290d43f4bfe0c239292f5ff8d72f3e1b7040beafbd9b701dffSecunia Security Advisory - SUSE has issued an update for icedtea-web. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
8b11b2967d13e3ded26849ef210ba513392094241eb9abed528937a8aed5e852Secunia Security Advisory - A vulnerability has been reported in Tor, which can be exploited by malicious people to cause a DoS (Denial of Service).
ba2da04da292ff0dacb00c4df8fec6951c9f28253e4bc3dd88f6b1d54d01bad8Secunia Security Advisory - Vulnerability lab has reported two vulnerabilities in ManageEngine ServiceDesk Plus, which can be exploited by malicious people to conduct script insertion attacks.
f2c8ad4820af79432ab9ae3955e7ac0789beda59c53668e1c6c9b6908ab08cafSecunia Security Advisory - Julien Cayssol has reported a vulnerability in Synology Photo Station, which can be exploited by malicious people to disclose sensitive information.
3be5b46d5361090d126ad0adbf7704a61d183dd5ce049b6472644228c0f6ed78Secunia Security Advisory - A vulnerability has been discovered in WibuKey Runtime for Windows, which can be exploited by malicious people to compromise a user's system.
45ef6e56dd3a165aa40e9befd41b7be705f8ba498a83106e031dcb9af4344f15Secunia Security Advisory - Ingress Security has discovered a vulnerability in jBilling, which can be exploited by malicious people to conduct cross-site request forgery attacks.
dc243ca9371074e2d2e4ec396a8c616c2dbe8a77e54384eca9ab28cfe113fafaSecunia Security Advisory - A vulnerability has been discovered in OpenBSD, which can be exploited by malicious people to cause a DoS (Denial of Service).
52a834674389e78d1d6edad3245c756ad34424fb5d62c4beea2c53c998123ca2A variety of programming languages suffer from a denial-of-service (DoS) condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms. The issue is similar to the one reported in oCERT-2011-003 and concerns the MurmurHash algorithm family. The condition for predictable collisions in the hashing functions has been reported for the following language implementations: JRuby (MurmurHash2), Ruby (MurmurHash2), Rubinius (MurmurHash3), Oracle JDK (MurmurHash), OpenJDK (MurmurHash). In the case of Java OpenJDK the hash function affected by the reported issue is not enabled by default, the default function is however reported vulnerable to oCERT-2011-003.
6158aaf285af06ef9ef0b5c3fb1ac4513de61a3ac22d037a2d66fa0654d3a613FreeBSD Security Advisory - FreeBSD is binary-compatible with the Linux operating system through a loadable kernel module/optional kernel component. A programming error in the handling of some Linux system calls may result in memory locations being accessed without proper validation. It is possible for a local attacker to overwrite portions of kernel memory, which may result in a privilege escalation or cause a system panic.
6702f60b55d6453bd757f5c5f78ebb7b3615928a68a5c006f536a774870013bfFreeBSD Security Advisory - The internal authentication server of hostapd does not sufficiently validate the message length field of EAP-TLS messages. A remote attacker could cause the hostapd daemon to abort by sending specially crafted EAP-TLS messages, resulting in a Denial of Service.
2e64da0ea32a2dac049fee64d2e2a83e329082a4961e1f7560ffefb7f8cc5160FreeBSD Security Advisory - The BIND daemon would crash when a query is made on a resource record with RDATA that exceeds 65535 bytes. The BIND daemon would lock up when a query is made on specific combinations of RDATA. A remote attacker can query a resolving name server to retrieve a record whose RDATA is known to be larger than 65535 bytes, thereby causing the resolving server to crash via an assertion failure in named. An attacker who is in a position to add a record with RDATA larger than 65535 bytes to an authoritative name server can cause that server to crash by later querying for that record. The attacker can also cause the server to lock up with specific combinations of RDATA.
06e1aee7809f7e8aa741e07c76a29eb43443068d25922ef3f329e9890d2bf998Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 13.37, 14.0, and -current to fix security issues.
adf8111d665f3a46a324885a6c9a7d02bae0571ab36a5bde6b53d6b571145526Debian Linux Security Advisory 2576-1 - Andy Lutomirski discovered that tcsd (the TPM userspace daemon) was missing a of input validation. Using carefully crafted input, it can lead to a denial of service by making the daemon crash with a segmentation fault.
800af7d0630c558f72202a51ab53232166e3ed09332a713e3e5689149fd3c4f5Red Hat Security Advisory 2012-1485-01 - IBM J2SE version 1.4.2 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
5800d65e57ad9bb4e73df7eaa0bf267ac6bcb62d0f916aca821a78511a0157d9Ubuntu Security Notice 1639-1 - It was discovered that unity-firefox-extension incorrectly handled certain callbacks. A remote attacker could use this issue to cause unity-firefox-extension to crash, resulting in a denial of service, or possibly execute arbitrary code.
725ac6c165fe02ee10a51066b105b9aea48d1b95568665478b3c69d1c88f5843Secunia Security Advisory - ReVuln has reported a vulnerability in Call of Duty Modern Warfare 3, which can be exploited by malicious people to cause a DoS (Denial of Service).
74ae4696c1690a30b0918055fc1a5eb30c489119c5e4523dc2362020cf1e00caSecunia Security Advisory - Ubuntu has issued an update for tomcat6. This fixes a weakness and a vulnerability, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).
7cb59ea2e45d8333ddd3b466f12449c124b01db49e998b327743b090a28cfb0cSecunia Security Advisory - High-Tech Bridge has discovered a vulnerability in dotProject, which can be exploited by malicious people to conduct cross-site scripting attacks.
9254f30b6bc9e99898900c97f26701aeede9c5d8b3800b5e3810b05450eeab14Secunia Security Advisory - Avaya has acknowledged a vulnerability in Avaya Call Management System, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
7e289a6e4af084024ca3b3175510fcf37297a5b6d02e08fed1a3d4c1de4d0048Secunia Security Advisory - High-Tech Bridge has discovered multiple vulnerabilities in dotProject, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.
eeea1944294076d423641a51cc2075fc77766ddab9325f5699f12aef28bab64cSecunia Security Advisory - Two vulnerabilities have been reported in Feng Office, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks.
033c24c702e8b144736cb6bf26738d0caca812541fa1d03e1cd442f12b0388a8Secunia Security Advisory - SUSE has issued an update for java-1.7.0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
5916af721afbab5dc6b13fe9a2a4ce94c3a911d2d68f7e1c03282a8abbb29ecaSecunia Security Advisory - Ubuntu has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and compromise a user's system.
072dd70eed54a592832d4588a549e408d601ebb51dc0c48d38fec0072b372619Secunia Security Advisory - Ubuntu has issued an update for firefox. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and compromise a user's system.
74a413a72b87d02f434300b001cca1f8c74a546e8b2b4f58a788f62b513f185c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed