SketchUp is a 3D modeling program marketed by Google (2011) and designed for architectural, civil, and mechanical engineers as well as filmmakers, game developers, and related professions. SketchUp fails to validate the input when parsing an embedded MACPict texture. Arbitrary code execution is proved possible after a malicious texture or thumbnail or background image triggers a stack overflow. The issue can also be triggered when Windows Explorer reads the embedded thumbnail in a .skp file.
5d7db50f9ade70ce95f84ac3b672882ffe82ae29e7be793a09e28762eee3b890Red Hat Security Advisory 2013-0882-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the vhost kernel module handled descriptors that spanned multiple regions. A privileged guest user in a KVM guest could use this flaw to crash the host or, potentially, escalate their privileges on the host.
43d73db1f21655d27f27accef38ee47638229ca88b3abd0e8748d5cc1d891f5dUbuntu Security Notice 1844-1 - Kees Cook discovered a flaw in the Linux kernel's iSCSI subsystem. A remote unauthenticated attacker could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges.
4409b80c2843ed529bb54b7d7acd3f9b916a978cdac0aa546fef60448aec5db3Ubuntu Security Notice 1845-1 - Kees Cook discovered a flaw in the Linux kernel's iSCSI subsystem. A remote unauthenticated attacker could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges.
236b6aff2c79a317ab4d298f4c129862591d012f2be82c8d084b46dc248b039cUbuntu Security Notice 1846-1 - Kees Cook discovered a flaw in the Linux kernel's iSCSI subsystem. A remote unauthenticated attacker could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges.
5ab8ac57eda21b5218bbbe540e901ebdbfcd54a58d00f96be06a2d53858d2d3bUbuntu Security Notice 1847-1 - Kees Cook discovered a flaw in the Linux kernel's iSCSI subsystem. A remote unauthenticated attacker could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges.
4b4cc12dc316dfcf4ed9fc46a7e2298395f2724b58d0f4d7dcf100b53a1345d0Debian Linux Security Advisory 2697-1 - It was discovered that a malicious client could crash a GNUTLS server and vice versa, by sending TLS records encrypted with a block cipher which contain invalid padding.
20fa1ae17a3faa746d6808e1c768335a12673ba1fd3c272301749bf74dff189dMandriva Linux Security Advisory 2013-171 - A flaw was found in the way GnuTLS decrypted TLS record packets when using CBC encryption. The number of pad bytes read form the packet was not checked against the cipher text size, resulting in an out of bounds read. This could cause a TLS client or server using GnuTLS to crash. The updated packages have been patched to correct this issue.
68431e763d85fa3134cf3d5c54bd7d49e4e83ec88fc89118c8ee33167cad8e68Red Hat Security Advisory 2013-0883-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. It was discovered that the fix for the CVE-2013-1619 issue released via RHSA-2013:0588 introduced a regression in the way GnuTLS decrypted TLS/SSL encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to crash a server or client application that uses GnuTLS. Users of GnuTLS are advised to upgrade to these updated packages, which correct this issue. For the update to take effect, all applications linked to the GnuTLS library must be restarted.
985b08bb5e85e3bdab1ce08986444bf23688b3dd64bb4f77591741bf2232aaadRed Hat Security Advisory 2013-0884-01 - These packages provide a transport-independent RPC implementation. A flaw was found in the way libtirpc decoded RPC requests. A specially-crafted RPC request could cause libtirpc to attempt to free a buffer provided by an application using the library, even when the buffer was not dynamically allocated. This could cause an application using libtirpc, such as rpcbind, to crash.
a5ecdbd6b37ef113140868d948650ffb7b0c8096abb720e8f5221c55218846a7Debian Linux Security Advisory 2696-1 - A vulnerability has been discovered in the Open Ticket Request System, which can be exploited by malicious users to disclose potentially sensitive information. An attacker with a valid agent login could manipulate URLs in the ticket split mechanism to see contents of tickets and they are not permitted to see.
640ea9174e71b305a5f1b339da29ee15b1585728d406cc4960dddb989aadb1bfDebian Linux Security Advisory 2695-1 - Several vulnerabilities have been discovered in the chromium web browser. Multiple use-after-free, out-of-bounds read, memory safety, and cross-site scripting issues were discovered and corrected.
a1be0c732a451012a3ce3790491e07d11ec1d79c4b31ee3517a8f1106d62c7d6Ubuntu Security Notice 1838-1 - An flaw was discovered in the Linux kernel's perf_events interface. A local user could exploit this flaw to escalate privileges on the system. A buffer overflow vulnerability was discovered in the Broadcom tg3 ethernet driver for the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash the system) or potentially escalate privileges on the system. Various other issues were also addressed.
56988ff0df6a0f61b5822639fca00113441c09201b2d0bff164ced0de152ac12HP Security Bulletin HPSBPI02869 SSRT100936 2 - A potential security vulnerability has been identified with HP LaserJet MFP printers, HP Color LaserJet MFP printers, and certain HP LaserJet printers. The vulnerability could be exploited remotely to gain unauthorized access to files. Revision 2 of this advisory.
a9dca3c4825c47cafb0724eda81a516435346a85ffcf387d5a0d688c432d4542Drupal Node Access User Reference third party modules versions 6.x and 7.x suffer from an access bypass vulnerability.
72f47a6a6e6973e3e39622ab4cf8126f6e774ec94630c12a495bf132fb669943Drupal Edit Limit third party module version 7.x suffers from an access bypass vulnerability.
d0b1f3c120e9f1a008b287af7cf39f84172469dc6999e6905fa78ed4ce37085dDrupal Webform third party module version 6.x suffers from a cross site scripting vulnerability.
fc0733d2cdfe52857e64d1f24c632b9b84ebd4e0e9019f5fa3d341a4c0fbbe16A user authentication bypass vulnerability has been discovered in ZoneDirector controllers during standard internal bug reporting procedures. This vulnerability may allow a malicious user to gain unauthorized access to the ZoneDirector administrative web interface.
490680f010ed632a71b903374189cc43de53208be861742cff821a065866c2aaDebian Linux Security Advisory 2695-1 - Several vulnerabilities have been discovered in the chromium web browser. Multiple use-after-free, out-of-bounds read, memory safety, and cross-site scripting issues were discovered and corrected.
a1be0c732a451012a3ce3790491e07d11ec1d79c4b31ee3517a8f1106d62c7d6Ubuntu Security Notice 1843-1 - It was discovered that GnuTLS incorrectly handled certain padding bytes. A remote attacker could use this flaw to cause an application using GnuTLS to crash, leading to a denial of service.
bdf64ce78ce70768d1fe3ce67fda771767ed7e96de1d354350dab867eaaad7d3A user authentication bypass vulnerability has been discovered during standard internal bug reporting procedures in some of the Ruckus devices. This vulnerability may permit an unauthenticated malicious user with network access to port 22 to tunnel random TCP traffic to other hosts on the network via Ruckus devices.
3c7292de3b3be1ee12992e0ae63f056545cf432aee257c5c37c07bd209db55b4RSA Authentication Manager version 8.0 suffers from information disclosure and PostgreSQL argument injection vulnerabilities.
51025b283bf7b06aa4e48a2045497a92ea112092445f55c38c3447b5bb77e3c5Mandriva Linux Security Advisory 2013-169 - A heap based buffer overflow vulnerability has been found with data that happens to be output on the READLINE address. Successful exploitation may allow an attacker to execute arbitrary code with the privileges of the socat process. Under certain circumstances an FD leak occurs and can be misused for denial of service attacks against socat running in server mode. The updated packages have been patched to correct these issues.
be1c65865610ffa4ea64d482af3d1506e85a734aee82c78be916717a870a7144Debian Linux Security Advisory 2696-1 - A vulnerability has been discovered in the Open Ticket Request System, which can be exploited by malicious users to disclose potentially sensitive information. An attacker with a valid agent login could manipulate URLs in the ticket split mechanism to see contents of tickets and they are not permitted to see.
640ea9174e71b305a5f1b339da29ee15b1585728d406cc4960dddb989aadb1bfUbuntu Security Notice 1842-1 - It was discovered that KIO would sometimes display web authentication credentials under certain error conditions. If a user were tricked into opening a specially crafted web page, an attacker could potentially exploit this to expose confidential information.
5c9dfe86b629e13c70465ca13b50699af22a4c89469cb4a7e9f48576a2adb371
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed