Ubuntu Security Notice 1668-1 - Dan Rosenberg discovered that an application running under an AppArmor profile that allowed unconfined execution of apport-bug could escape confinement by calling apport-bug with a crafted environment. While not a vulnerability in apport itself, this update mitigates the issue by sanitizing certain variables in the apport-bug shell script.
df9e58013e69b4fde3e825db068c7ca9fc1c28b8b1e64fdf317a7448bbcf30a0Red Hat Security Advisory 2012-1577-01 - IBM J2SE version 1.4.2 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. As of October 1 2012, IBM J2SE 1.4.2 is no longer supported for use with SAP products. All SAP users should migrate to SAP JVM 4 provided by SAP as the only supported Java Virtual Machine. Refer to "SAP Note 1495160 - SAP JVM replacement for Partner JDKs 1.4.2" for additional details. These java-1.4.2-ibm-sap packages provide the last SAP certified IBM J2SE 1.4.2 release, SR13-FP13.
a43700d6ba0bc0574467857824d4435add3e4282a47fc4dc060447e3c6ab3d02Debian Linux Security Advisory 2589-1 - The tiff library for handling TIFF image files contained a stack-based buffer overflow, potentially allowing attackers who can submit such files to a vulnerable system to execute arbitrary code.
3ac4548e675387d7bd6ae0cf7e8dbce981647779ac6fc5142b558d8aa6c6c145Ubuntu Security Notice 1667-1 - Julius Plenz discovered that bogofilter incorrectly handled certain invalid base64 code. By sending a specially crafted email, a remote attacker could exploit this and cause bogofilter to crash, resulting in a denial of service, or possibly execute arbitrary code.
02c9705e1cbd1923e513a5e01cd882df617228cba48ea98cd940faf6f4cd1488Debian Linux Security Advisory 2588-1 - Multiple vulnerabilities have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client.
efb4a9141889fdb33abe81a021b698dc39bafb83a76d61ebabbcc1cb67866cc1Ubuntu Security Notice 1666-1 - It was discovered that Aptdaemon incorrectly validated PPA GPG keys when importing from a keyserver. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to install altered package repository GPG keys.
42c16fb115783c46c14f38bed8c9cbdf8ad2e0cc19ff88ef969a9f2f6594d0c1Ubuntu Security Notice 1589-2 - USN-1589-1 fixed vulnerabilities in the GNU C Library. One of the updates exposed a regression in the floating point parser. This update fixes the problem. It was discovered that positional arguments to the printf() family of functions were not handled properly in the GNU C Library. An attacker could possibly use this to cause a stack-based buffer overflow, creating a denial of service or possibly execute arbitrary code. It was discovered that multiple integer overflows existed in the strtod(), strtof() and strtold() functions in the GNU C Library. An attacker could possibly use this to trigger a stack-based buffer overflow, creating a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
5ede9c10aca0d60fd34b94b3e266cb77e4930fe9a283734c9b84820f56b74a90Mandriva Linux Security Advisory 2012-180 - CGI.pm module before 3.63 for Perl does not properly escape newlines in P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm. The updated packages have been patched to correct this issue.
19ab60ea5b5148e621788d3fb0be25b507bfbb91c924e4f9f8e25f7420419f2dSecunia Security Advisory - Debian has issued an update for icedove. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and compromise a user's system.
5cd303ae046d27cae830ee20e75672bccf62f4eb787e1a5f5b0e67d740a82926Secunia Security Advisory - Debian has issued an update for tiff. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
4f0e1e6007d31acf8221a837ff68869bcd4362fd74f7c5d349cc12528ae5db0fSecunia Security Advisory - Two vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a user's system.
3e3e843c3ab9d5a2632e91da475fe2def18a8393cd088e4055ab885751c6f018Secunia Security Advisory - A vulnerability has been reported in MyBB, which can be exploited by malicious users to conduct SQL injection attacks.
eaf74dd20dc26bb1c670c707cef680ec66d82b25233d3e51b1da21860b0f5b09Secunia Security Advisory - IBM has reported a security issue in IBM Advanced Settings Utility (ASU) and IBM Bootable Media Creator (BoMC), which can be exploited by malicious, local users to perform certain actions with escalated privileges.
2b84c8f0eb440e65d1f0d1500fedebd4a8930f78aa286b444ab4ccd431e65965Secunia Security Advisory - A vulnerability has been reported in Squid, which can be exploited by malicious users to cause a DoS (Denial of Service).
675114c75e2f106f1798b87843341cf50c68a54dd11a10a1a362627784eddf4aSecunia Security Advisory - SUSE has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
4127480c830dd5cdea0a33fe7d136e0496a58346bc3155242148184892f04753Secunia Security Advisory - A vulnerability has been reported in TWiki, which can be exploited by malicious users to cause a DoS (Denial of Service).
6cd48fb1fbb9be0d60bfff96f90d8443fbe696f5814e9c35a25574b9ebf16b5aSecunia Security Advisory - Multiple vulnerabilities have been reported in IBM InfoSphere Information Server, where some have an unknown impact and others can be exploited by malicious users to bypass certain security restrictions.
3bf2b07c7c81c82aa3f229b1d95f0c6ceebf0af5170b76397bbaf83eb3fda930Secunia Security Advisory - SUSE has issued an update for bogofilter. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
1a0c3b5e00136363dbc95bdc27aa009eb3106d10c34705b6e9430163407d0d25Secunia Security Advisory - A vulnerability has been reported in Foswiki, which can be exploited by malicious users to cause a DoS (Denial of Service).
3ccc10020e75f2c1454e216e338e0a12b054e85cbca6195a14d7c3df73e829efSecunia Security Advisory - A vulnerability has been reported in OpenPegasus, which can be exploited by malicious users to cause a DoS (Denial of Service).
3c9f4915d46add081325942910df70a97c16c71eeb4ca1fd0ab9920263e388a4Foswiki versions 1.0.0 through 1.0.10 and 1.1.0 through 1.1.6 suffer from code injection and denial of service vulnerabilities.
777c5306e69ec99defa86aab14d0af12fc152b9499f1a6b5e5231a78d1e8095dThe tunnel-server component of the VMware View Connection Server fails to ensure that each requested URL refers to a file that is both located within the web root of the server and is of a type that is allowed to be served. A remote unauthenticated attacker can use this weakness to retrieve arbitrary files from the affected server's underlying root file system. This can be accomplished by submitting URL encoded HTTP GET requests that traverse out of the affected subdirectory. Vulnerable versions are VMware View 5.x prior to version 5.1.2 and VMware View 4.x prior to version 4.6.2.
14e01b0fa8f4481ea0b38ddb0478d93a93097b2da5dc0b8af3f6b84b2bbe854aNetgear WGR614 has a hardcoded credential for serial programming on an EEPROM. It also keeps several copies of configuration files with your credentials stored in the clear.
2bb56f7850c6576fdef3742586bb53b3f888d40e081cae157574d40c64a4ed92D-Link DCS-9xx series IP cameras suffer from a password disclosure vulnerability.
1ec3da2aed4e0a0ef0caa704aeb0426c74f0343bdd8649265dce37220e1b09edSecunia Security Advisory - A vulnerability has been reported in IBM Lotus Notes, which can be exploited by malicious people to conduct cross-site scripting attacks.
b755223f66b7b0c5cfc2428752dd7cc5c14339843342a9ba6a03de9866423bb4
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed