Ubuntu Security Notice 2010-1 - Multiple memory safety issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Thunderbird. Jordi Chancel discovered that HTML select elements could display arbitrary content. If a user had scripting enabled, an attacker could potentially exploit this to conduct URL spoofing or clickjacking attacks. Various other issues were also addressed.
0c6808080c7cedb8770ce4507d3e211181be6fbe5089acc561b682ec9cd4352dRed Hat Security Advisory 2013-1490-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way IP packets with an Internet Header Length of zero were processed in the skb_flow_dissect() function in the Linux kernel. A remote attacker could use this flaw to trigger an infinite loop in the kernel, leading to a denial of service. A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload feature was enabled. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.
940f925cc01d5946698f3c8f547317f6ac1c6b045d85b6aabe0408192318c0ecMandriva Linux Security Advisory 2013-264 - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. The mozilla firefox packages has been upgraded to the latest ESR version which is unaffected by these security flaws.
2d83524add9483617df11c7c7f0b74ea9124d1053549342cd71184886957c77fDebian Linux Security Advisory 2788-1 - Multiple security issues have been found in iceweasel, Debian's version other implementation errors may lead to the execution of arbitrary code.
a6fb9434789c59d2f49dcdd2676f826a9246d6ecf38d0a3b3eea51e3b8576b56Drupal Monster Menus third party module version 7.x suffers from an access bypass vulnerability.
5f32cfab027ca0d07ba7fab6164b0dc9fd923321eb5c5953e98eda5d404733ccDrupal Feed Element Mapper third party module version 6.x suffers from a cross site scripting vulnerability.
01cf946f719793e7ae7380155b2b0b7156b6a797638bf67b2979cd46095751d9Cisco Security Advisory - Cisco IOS XE Software for 1000 Series Aggregation Services Routers (ASR) contains multiple denial of service vulnerabilities. Successful exploitation of any of these vulnerabilities could allow an unauthenticated remote attacker to trigger a reload of the embedded services processors (ESP) card or the route processor (RP) card, causing an interruption of services. Repeated exploitation could result in a sustained DoS condition. Note: Cisco IOS Software and Cisco IOS-XR Software are not affected by these vulnerabilities.
361ac4c153e8e11f536ad24f61820d6d7753f7b1fcd84608dab5bf0e4c189047Drupal Quiz third party module version 6.x suffers from multiple access bypass vulnerabilities.
8b66e8062097fa6122f4a71d4ddb7e4911f0921fc0d6a5896c58cac8d8678c07EMC Unisphere for VMAX versions 1.0, 1.1, 1.5, and 1.6 suffer from an LDAP related information disclosure vulnerability.
284ce5088a33d17b96440bdf977da0257ddd9dcfb8aff5275fc57088bf34402bDrupal FileField Sources third party module versions 6.x and 7.x suffer from an access bypass vulnerability.
c2a6873038096514898f156b6894638a36a0ea0f9ec50e33e715d4526442147eRed Hat Security Advisory 2013-1482-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Lifecycle Support for Red Hat Enterprise Linux 3 will be retired as of January 30, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 3 ELS after that date. In addition, technical support through Red Hat's Global Support Services will no longer be provided after January 30, 2014. Note: This notification applies only to those customers subscribed to the Extended Lifecycle Support channel for Red Hat Enterprise Linux 3.
b5a45ef51060858c390feddca19477f6f58524646a058045ef2e601887f94069Red Hat Security Advisory 2013-1480-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It was found that the Thunderbird JavaScript engine incorrectly allocated memory for certain functions. An attacker could combine this flaw with other vulnerabilities to execute arbitrary code with the privileges of the user running Thunderbird.
40d9e3609e2ba6d5725de6c60f3b0d183f1965ed065fe0107fe94369a0aefb3fMandriva Linux Security Advisory 2013-263 - It was discovered that roundcube does not properly sanitize the _session parameter in steps/utils/save_pref.inc during saving preferences. The vulnerability can be exploited to overwrite configuration settings and subsequently allowing random file access, manipulated SQL queries and even code execution. The updated packages have been patched to correct this issue.
8d50b6112b0546125f273c950799e408ec087e55a01ae26499b797a02f8ab996Ubuntu Security Notice 2009-1 - Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Firefox. Jordi Chancel discovered that HTML select elements could display arbitrary content. An attacker could potentially exploit this to conduct URL spoofing or clickjacking attacks Various other issues were also addressed.
8e63ed5e393428544209ac043e79fe9e8a1b315c5dd1c5295543d51b893c2332Red Hat Security Advisory 2013-1474-01 - The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor or on Red Hat Enterprise Virtualization Hypervisors. A stack-based buffer overflow flaw was found in the way the reds_handle_ticket() function in the spice-server library handled decryption of ticket data provided by the client. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application.
421517e84fef6199d6a8b6d04a30c460895840aad9a34f2200a564e579c0e8d5Red Hat Security Advisory 2013-1473-01 - The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor or on Red Hat Enterprise Virtualization Hypervisors. A stack-based buffer overflow flaw was found in the way the reds_handle_ticket() function in the spice-server library handled decryption of ticket data provided by the client. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application.
19d0b0a6756280e6ad7abc839d934e1c7d02df663ce5a760e3d3995cc5dd185eRed Hat Security Advisory 2013-1460-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization Hypervisor through the 3.2 Manager administration portal, the Host may appear with the status of "Install Failed". If this happens, place the host into maintenance mode, then activate it again to get the host back to an "Up" state
43b8878126f2d8197447500e23a48bae3a714f62c8fe52e9b08b96ce1e28e43cRed Hat Security Advisory 2013-1476-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbitrary code with the privileges of the user running Firefox. It was found that the Firefox JavaScript engine incorrectly allocated memory for certain functions. An attacker could combine this flaw with other vulnerabilities to execute arbitrary code with the privileges of the user running Firefox.
3c068c36e9c152a2f1a4ccdcdcc11b5f3b52e6eb75250554572367439033c82aRed Hat Security Advisory 2013-1475-01 - PostgreSQL is an advanced object-relational database management system. An array index error, leading to a heap-based out-of-bounds buffer read flaw, was found in the way PostgreSQL performed certain error processing using enumeration types. An unprivileged database user could issue a specially crafted SQL query that, when processed by the server component of the PostgreSQL service, would lead to a denial of service or disclosure of certain portions of server memory. A flaw was found in the way the pgcrypto contrib module of PostgreSQL initialized its internal random number generator. This could lead to random numbers with less bits of entropy being used by certain pgcrypto functions, possibly allowing an attacker to conduct other attacks.
f016163d3aebfd09fc79cc341c042bd891dacb31ae347f0f6ee3492cc8ebf390A vulnerability exists in EMC NetWorker that could allow exposure of sensitive information under specific circumstances. EMC NetWorker version 8.0.x is affected.
b065e24f0863cdfea51436716d40a59d9aba6197e39dffe532a7b7eaa0bf18e2All Google Play Billing Library 3 versions before Oct, 8 distributed via Android SDK and marketbilling on Googlecode are susceptible to impersonation and signature verification vulnerabilities.
f68f31523fe048d0a532378407c09820e34245d3b9aac37fc00b428562210019Nagios Looking Glass versions 1.1.0 beta 2 and below suffer from a local file inclusion vulnerability.
b559942ca1d79679b01289352c21da35b85fe34317420496d47a3ec476513f4aMandriva Linux Security Advisory 2013-262 - In PyCrypto before v2.6.1, the Crypto.Random pseudo-random number generator exhibits a race condition that may cause it to generate the same 'random' output in multiple processes that are forked from each other. Depending on the application, this could reveal sensitive information or cryptographic keys to remote attackers.
5fc98e0d42f5fd76de60ac4145a29bc092240bcb14f6ed7ad75cba5b75bbecb6Mandriva Linux Security Advisory 2013-261 - Possible memory exhaustion denial of service due to the size of decompressed payloads in dropbear before 2013.59. Inconsistent delays in authorization failures could be used to disclose the existence of valid user accounts in dropbear before 2013.59.
aba56fe4695484e1274e59199138625389fdcdffdb016feda736408ca221f0e3Mandriva Linux Security Advisory 2013-260 - Multiple vulnerabilities have been discovered and corrected in x11-server. The updated packages have been patched to correct these issues.
50969d2a09bdf2e48ce14b12843f678f7e90396dd3d3c735132e96cfb2be5013
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed