Ubuntu Security Notice 1805-1 - Mathias Krause discovered an information leak in the Linux kernel's getsockname implementation for Logical Link Layer (llc) sockets. A local user could exploit this flaw to examine some of the kernel's stack memory. Mathias Krause discovered information leaks in the Linux kernel's Bluetooth Logical Link Control and Adaptation Protocol (L2CAP) implementation. A local user could exploit these flaws to examine some of the kernel's stack memory. Various other issues were also addressed.
f8ed7e9055b2ef3f668acf428f2af9356368d82637507c163b57ec94d86ab878Mandriva Linux Security Advisory 2013-145 - Multiple security issues were identified and fixed in OpenJDK Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. Multiple improper permission check issues were discovered in the Beans, Libraries, JAXP, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. The previous default value of the java.rmi.server.useCodebaseOnly property permitted the RMI implementation to automatically load classes from remotely specified locations. An attacker able to connect to an application using RMI could use this flaw to make the application execute arbitrary code.Note: The fix for changes the default value of the property to true, restricting class loading to the local CLASSPATH and locations specified in the java.rmi.server.codebase property. Various other issues have been addressed.
f5a337abcb62a9be911da906dbbb2c5adabc27e9e1f740efcb9580a4464d520dVUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Flash Player. The vulnerability is caused by an object confusion error when processing malformed Real Time Messaging Protocol (RTMP) data received during the initial phase of communication with a server, which could be exploited by remote attackers to compromise a vulnerable system via a malicious web page. Adobe Flash Player versions prior to 11.7.700.169 are affected.
a61b22a16c3befda80224c940393c4411503ad1032eee6935dce23f0995ad911Mandriva Linux Security Advisory 2013-146 - Multiple vulnerabilities has been discovered and corrected in icedtea-web. It was discovered that the IcedTea-Web plug-in incorrectly used the same class loader instance for applets with the same value of the codebase attribute, even when they originated from different domains. A malicious applet could use this flaw to gain information about and possibly manipulate applets from different domains currently running in the browser. The IcedTea-Web plug-in did not properly check the format of the downloaded Java Archive files. This could cause the plug-in to execute code hidden in a file in a different format, possibly allowing attackers to execute code in the context of web sites that allow uploads of specific file types, known as a GIFAR attack. The updated packages have been upgraded to the 1.3.2 version which is not affected by these issues.
6a800acd6316f93d877e8a880e22d06e913d32abbff3cf0de8bb088e7caf5a4cUbuntu Security Notice 1804-1 - Jiri Vanek discovered that IcedTea-Web would use the same classloader for applets from different domains. A remote attacker could exploit this to expose sensitive information or potentially manipulate applets from other domains. It was discovered that IcedTea-Web did not properly verify JAR files and was susceptible to the GIFAR attack. If a user were tricked into opening a malicious website, a remote attacker could potentially exploit this to execute code under certain circumstances. Various other issues were also addressed.
94c8dfb69cab90f5b36b1712850ba1638f4dec59b36eedbe93064a48b933ad10Red Hat Security Advisory 2013-0758-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
d2698820e52d08b651a6e30af5fc62e23be5567381406f5cc97b4365e26f9490Red Hat Security Advisory 2013-0757-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
47290146682a8b45735896f0b78050379327bfe0efde7613362febef95f674bcDebian Linux Security Advisory 2662-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor.
c154b1d7b7e208460374fd11a98c3333c72d0fcea6d6be680aefae238a806dfdVUPEN Vulnerability Research Team discovered a critical vulnerability in Oracle Java. The vulnerability is caused by a heap overflow error within the JavaFX component when decoding certain video frames, which could be exploited by remote attackers to compromise a vulnerable system via a malicious web page.
a2eb4b5d305a7ac6991835ccb5811297e7d48909f1c506568314ba2a5970316cTechnical Cyber Security Alert 2013-107A - Oracle has released a Critical Patch Update (CPU) for Java SE. Oracle strongly recommends that customers apply CPU fixes as soon as possible.
2bc33c1159b0fcbf4383d5702e542342e6335e5d00c4f2e7df5b6d43cc1a63a6Cisco Security Advisory - Cisco Network Admission Control (NAC) Manager contains a vulnerability that could allow an unauthenticated remote attacker to execute arbitrary code and take full control of the vulnerable system. A successful attack could allow an unauthenticated attacker to access, create or modify any information in the NAC Manager database. Cisco has released free software updates that address this vulnerability. There are no workarounds for this vulnerability.
0b2fd9431ac6f3023d470247efac603d079d9cd4168dd50bc6a519460459b72fUbuntu Security Notice 1803-1 - It was discovered that the X.Org X server did not properly clear input events in certain circumstances. A local attacker with physical access could use this flaw to capture keystrokes.
0a8fc43b37e93e1260e0124d3f96f99613c73e4adbc0f22dda8909721d36cfa6Debian Linux Security Advisory 2661-1 - David Airlie and Peter Hutterer of Red Hat discovered that xorg-server, the Xorg X server was vulnerable to an information disclosure flaw related to input handling and devices hotplug.
ddec4e210a037caeffbc9a414e249bc38399f5e30f17b1044f4ffdad14f56b69Red Hat Security Advisory 2013-0753-01 - The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. It was discovered that the IcedTea-Web plug-in incorrectly used the same class loader instance for applets with the same value of the codebase attribute, even when they originated from different domains. A malicious applet could use this flaw to gain information about and possibly manipulate applets from different domains currently running in the browser.
c1ce692c1521d0837522bfb3b37e40034340611dd97379e2d399b43394575abeRed Hat Security Advisory 2013-0752-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. Multiple improper permission check issues were discovered in the Beans, Libraries, JAXP, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
41d947531ed3d252e75fac4e4c2beb0c11832cfe342063df05ef1bf45c210ec0Red Hat Security Advisory 2013-0751-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. Multiple improper permission check issues were discovered in the Beans, Libraries, JAXP, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
3dd79f78440b623f915a9d88a18803f2cbd13f584293a3ef010118bc0dbab5b8Cisco Security Advisory - Cisco TelePresence multipoint control unit (MCU) and Cisco TelePresence Server contain a vulnerability that could allow an unauthenticated, remote attacker to trigger the reload of an affected system. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
119f45014590ba7857394b2b18f4cc8f0f389955b9862b725e9ebc23bf070330Drupal elFinder File Mapper third party module versions 6.x and 7.x suffer from a cross site request forgery vulnerability.
1b78014778f58c0e69085bc915cc9663c2fb554fe12306c3d14bff605cae1d2aApple Security Advisory 2013-04-16-2 - Java for OS X 2013-003 and Mac OS X v10.6 Update 15 are now available and address many vulnerabilities in 1.6.0_43.
729975cdb6190f6a342d07628259c73bcd3f36b80d4cc898f7e442db272605acApple Security Advisory 2013-04-16-1 - Safari 6.0.4 is now available and fixes one vulnerability. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: An invalid cast issue existed in the handling of SVG files. This issue was addressed through improved type checking.
3a89ff7462c5244bed37bf3530980d2b9d9ba36623eb4725d574dfba20f33962Multiple security issues for Open-Xchange Server 6 and OX AppSuite have been discovered and fixed. These range from cross site scripting to header injection.
e2706921a9718e5f1888014c099073f64e4fae60be06edb06264c9b991a2542eDrupal MP3 Player third party module version 6.x suffers from a cross site scripting vulnerability.
2931075252225a999b92df8d82e9a2f8c28184385f1e001b9b5203c4e7a1ce8fDrupal Autocomplete Widgets for Text and Number Fields third party module versions 6.x and 7.x suffer from an access bypass vulnerability.
f18968b9cd445e48ab19924ba4ec5903416dee4fa2067746d5a3b81b696ee5b6HP Security Bulletin HPSBUX02866 SSRT101139 - Potential security vulnerabilities have been identified with HP-UX Running Apache. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to execute arbitrary code and other vulnerabilities. Revision 1 of this advisory.
d6c34385da1a0269af4fc2c91e93b32c176acbb9b42ae7cafb46c63ea03bc087SAP Basis Components versions 4.6B through 7.30 suffer from a remote command injection vulnerability.
439e261026af63ba9c8aeee51164c2ae9e2259c65267679fcd1b65b7fa4df04f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed