Ubuntu Security Notice 1668-1 - Dan Rosenberg discovered that an application running under an AppArmor profile that allowed unconfined execution of apport-bug could escape confinement by calling apport-bug with a crafted environment. While not a vulnerability in apport itself, this update mitigates the issue by sanitizing certain variables in the apport-bug shell script.
df9e58013e69b4fde3e825db068c7ca9fc1c28b8b1e64fdf317a7448bbcf30a0
Red Hat Security Advisory 2012-1577-01 - IBM J2SE version 1.4.2 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. As of October 1 2012, IBM J2SE 1.4.2 is no longer supported for use with SAP products. All SAP users should migrate to SAP JVM 4 provided by SAP as the only supported Java Virtual Machine. Refer to "SAP Note 1495160 - SAP JVM replacement for Partner JDKs 1.4.2" for additional details. These java-1.4.2-ibm-sap packages provide the last SAP certified IBM J2SE 1.4.2 release, SR13-FP13.
a43700d6ba0bc0574467857824d4435add3e4282a47fc4dc060447e3c6ab3d02
Debian Linux Security Advisory 2589-1 - The tiff library for handling TIFF image files contained a stack-based buffer overflow, potentially allowing attackers who can submit such files to a vulnerable system to execute arbitrary code.
3ac4548e675387d7bd6ae0cf7e8dbce981647779ac6fc5142b558d8aa6c6c145
Ubuntu Security Notice 1667-1 - Julius Plenz discovered that bogofilter incorrectly handled certain invalid base64 code. By sending a specially crafted email, a remote attacker could exploit this and cause bogofilter to crash, resulting in a denial of service, or possibly execute arbitrary code.
02c9705e1cbd1923e513a5e01cd882df617228cba48ea98cd940faf6f4cd1488
Debian Linux Security Advisory 2588-1 - Multiple vulnerabilities have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client.
efb4a9141889fdb33abe81a021b698dc39bafb83a76d61ebabbcc1cb67866cc1
Ubuntu Security Notice 1666-1 - It was discovered that Aptdaemon incorrectly validated PPA GPG keys when importing from a keyserver. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to install altered package repository GPG keys.
42c16fb115783c46c14f38bed8c9cbdf8ad2e0cc19ff88ef969a9f2f6594d0c1
Ubuntu Security Notice 1589-2 - USN-1589-1 fixed vulnerabilities in the GNU C Library. One of the updates exposed a regression in the floating point parser. This update fixes the problem. It was discovered that positional arguments to the printf() family of functions were not handled properly in the GNU C Library. An attacker could possibly use this to cause a stack-based buffer overflow, creating a denial of service or possibly execute arbitrary code. It was discovered that multiple integer overflows existed in the strtod(), strtof() and strtold() functions in the GNU C Library. An attacker could possibly use this to trigger a stack-based buffer overflow, creating a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
5ede9c10aca0d60fd34b94b3e266cb77e4930fe9a283734c9b84820f56b74a90
Mandriva Linux Security Advisory 2012-180 - CGI.pm module before 3.63 for Perl does not properly escape newlines in P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm. The updated packages have been patched to correct this issue.
19ab60ea5b5148e621788d3fb0be25b507bfbb91c924e4f9f8e25f7420419f2d
Secunia Security Advisory - Debian has issued an update for icedove. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and compromise a user's system.
5cd303ae046d27cae830ee20e75672bccf62f4eb787e1a5f5b0e67d740a82926
Secunia Security Advisory - Debian has issued an update for tiff. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
4f0e1e6007d31acf8221a837ff68869bcd4362fd74f7c5d349cc12528ae5db0f
Secunia Security Advisory - Two vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a user's system.
3e3e843c3ab9d5a2632e91da475fe2def18a8393cd088e4055ab885751c6f018
Secunia Security Advisory - A vulnerability has been reported in MyBB, which can be exploited by malicious users to conduct SQL injection attacks.
eaf74dd20dc26bb1c670c707cef680ec66d82b25233d3e51b1da21860b0f5b09
Secunia Security Advisory - IBM has reported a security issue in IBM Advanced Settings Utility (ASU) and IBM Bootable Media Creator (BoMC), which can be exploited by malicious, local users to perform certain actions with escalated privileges.
2b84c8f0eb440e65d1f0d1500fedebd4a8930f78aa286b444ab4ccd431e65965
Secunia Security Advisory - A vulnerability has been reported in Squid, which can be exploited by malicious users to cause a DoS (Denial of Service).
675114c75e2f106f1798b87843341cf50c68a54dd11a10a1a362627784eddf4a
Secunia Security Advisory - SUSE has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
4127480c830dd5cdea0a33fe7d136e0496a58346bc3155242148184892f04753
Secunia Security Advisory - A vulnerability has been reported in TWiki, which can be exploited by malicious users to cause a DoS (Denial of Service).
6cd48fb1fbb9be0d60bfff96f90d8443fbe696f5814e9c35a25574b9ebf16b5a
Secunia Security Advisory - Multiple vulnerabilities have been reported in IBM InfoSphere Information Server, where some have an unknown impact and others can be exploited by malicious users to bypass certain security restrictions.
3bf2b07c7c81c82aa3f229b1d95f0c6ceebf0af5170b76397bbaf83eb3fda930
Secunia Security Advisory - SUSE has issued an update for bogofilter. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
1a0c3b5e00136363dbc95bdc27aa009eb3106d10c34705b6e9430163407d0d25
Secunia Security Advisory - A vulnerability has been reported in Foswiki, which can be exploited by malicious users to cause a DoS (Denial of Service).
3ccc10020e75f2c1454e216e338e0a12b054e85cbca6195a14d7c3df73e829ef
Secunia Security Advisory - A vulnerability has been reported in OpenPegasus, which can be exploited by malicious users to cause a DoS (Denial of Service).
3c9f4915d46add081325942910df70a97c16c71eeb4ca1fd0ab9920263e388a4
Foswiki versions 1.0.0 through 1.0.10 and 1.1.0 through 1.1.6 suffer from code injection and denial of service vulnerabilities.
777c5306e69ec99defa86aab14d0af12fc152b9499f1a6b5e5231a78d1e8095d
The tunnel-server component of the VMware View Connection Server fails to ensure that each requested URL refers to a file that is both located within the web root of the server and is of a type that is allowed to be served. A remote unauthenticated attacker can use this weakness to retrieve arbitrary files from the affected server's underlying root file system. This can be accomplished by submitting URL encoded HTTP GET requests that traverse out of the affected subdirectory. Vulnerable versions are VMware View 5.x prior to version 5.1.2 and VMware View 4.x prior to version 4.6.2.
14e01b0fa8f4481ea0b38ddb0478d93a93097b2da5dc0b8af3f6b84b2bbe854a
Netgear WGR614 has a hardcoded credential for serial programming on an EEPROM. It also keeps several copies of configuration files with your credentials stored in the clear.
2bb56f7850c6576fdef3742586bb53b3f888d40e081cae157574d40c64a4ed92
D-Link DCS-9xx series IP cameras suffer from a password disclosure vulnerability.
1ec3da2aed4e0a0ef0caa704aeb0426c74f0343bdd8649265dce37220e1b09ed
Secunia Security Advisory - A vulnerability has been reported in IBM Lotus Notes, which can be exploited by malicious people to conduct cross-site scripting attacks.
b755223f66b7b0c5cfc2428752dd7cc5c14339843342a9ba6a03de9866423bb4