Mandriva Linux Security Advisory 2013-259 - Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.
d73de32034766dc93737b3ea8cb07c6ae13f7aee39585ad2d16563b6745e2abbMandriva Linux Security Advisory 2013-258 - It was discovered that ICU contained a race condition affecting multi-threaded applications. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. It was discovered that ICU incorrectly handled memory operations. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program.
548ed919c730db114b9bd87b6261a35bd35e86d1171dfc5eb7b59850b01cd652Gentoo Linux Security Advisory 201310-21 - Multiple vulnerabilities have been found in MediaWiki, the worst of which could lead to Denial of Service. Versions less than 1.21.2 are affected.
ac99ffc7a59e19273c6f7c08c59b9e2e2bc135cfd07f27fd127001d0bd0ca8d6Gentoo Linux Security Advisory 201310-20 - A vulnerability in acpid2 may allow a local attacker to gain escalated privileges. Versions less than 2.0.17 are affected.
aabf1d5fd5c7875c07a261f92c1372e4e767ccd10a4f2bdc817de1fb02971c38Gentoo Linux Security Advisory 201310-19 - A path vulnerability in X2Go Server may allow remote execution of arbitrary code. Versions less than 4.0.0.2 are affected.
1b4d8c2d5d5e5cc903e0656136ff595271108c26520fa60e84ddf1fb892a61a6Debian Linux Security Advisory 2786-1 - The Google Chrome Security Team discovered two issues (a race condition and a use-after-free issue) in the International Components for Unicode (ICU) library.
fff614ff927cf78e679c00b762b70597a0e8fafbaa8f65901ab464f3c04fa797Gentoo Linux Security Advisory 201310-18 - Multiple vulnerabilities have been discovered in GnuTLS, the worst of which could lead to Denial of Service. Versions less than 2.12.23-r1 are affected.
dae2553c4427a86dc8b3c9a695288ffe228b8243b84bee882ce07c7536efbf41Gentoo Linux Security Advisory 201310-17 - pmake uses temporary files in an insecure manner, allowing for symlink attacks. Versions less than 1.111.3.1 are affected.
720961ebfdd7c172ab996cfa7fe9379f3ed54bc16906d9e466e5d2cf72806d13Debian Linux Security Advisory 2787-1 - It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, does not properly sanitize the _session parameter in steps/utils/save_pref.inc during saving preferences. The vulnerability can be exploited to overwrite configuration settings and subsequently allowing random file access, manipulated SQL queries and even code execution.
16835cafc45de428b561f8da656aead6d60655755a053be0641fc356c2a3e1f6Debian Linux Security Advisory 2785-1 - Several vulnerabilities have been discovered in the chromium web browser.
48628ebb43be4560f718b05e27f8d8a4debb8f5353ec1e118afdb50298d992fdGentoo Linux Security Advisory 201310-16 - Two buffer overflow vulnerabilities in TPTEST may allow remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 3.1.7-r2 are affected.
8ea7d93b3f09f11db13f0a5774d837544a744a76e8540d8d14e2145af3fda22cGentoo Linux Security Advisory 201310-15 - Multiple vulnerabilities have been found in GNU Automake, allowing local arbitrary command execution with the privileges of the user running an Automake-based build. Versions less than 1.11.6 are affected.
c4712ff82db88c59238cb2745a8aefc2c8dff9ef3b49bb02939e39dc4769bc18Gentoo Linux Security Advisory 201310-13 - Multiple vulnerabilities have been found in MPlayer and the bundled FFmpeg, the worst of which may lead to the execution of arbitrary code. Versions less than 1.1-r1 are affected.
08965766fcae25256090b4e385c2d0b3cb8116f70820f4e55055009d3309d422Gentoo Linux Security Advisory 201310-12 - Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. Versions less than 1.0.7 are affected.
d23e903782e194c3e161da651dead966b61dd687650a2ec514384ffd8de17b78Gentoo Linux Security Advisory 201310-14 - Multiple vulnerabilities have been found in Groff, allowing context-dependent attackers to conduct symlink attacks. Versions less than 1.22.2 are affected.
4c8b8107de41173ce0db5640699699fd0f4ae5cfcb10a6a2cf1b52bf8d21c739CA Technologies Support is alerting customers to a potential vulnerability in CA SiteMinder that can be mitigated by utilizing existing product functionality. The vulnerability can potentially allow a remote attacker to conduct a cross-site scripting attack and execute script in the security context of the SiteMinder domain. Customers should review their SiteMinder deployments to verify that the vulnerability mitigating functionality is enabled. Versions 12.51, 12.5, 12.0 and 6 Web Agents are affected.
7484ac45d17585798083790d7030a16af3adf9a7edd7018fd77567ee3e3aaf5cDebian Linux Security Advisory 2783-2 - The update of librack-ruby in DSA-2783-1 also addressed CVE-2013-0183. The patch applied breaks rails applications like redmine (see Debian Bug #727187). Updated packages are available to address this problem.
7166a2e1c6865221cfe34af826a8c7a766cf04432e78842feb087c02e0f3fe25Ubuntu Security Notice 2007-1 - Martin Carpenter discovered that Apport set incorrect permissions on core dump files generated by setuid binaries. A local attacker could possibly use this issue to obtain privileged information.
b01329a47b0a84943e0929f31ba03f709200ed7f5762f7a5ad9544c85128d498Ubuntu Security Notice 2008-1 - Ralph Loader discovered that Suds incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. In the default installation of Ubuntu, this should be prevented by the Yama link restrictions.
bf71a760565d6513e96914418c72277da4c645c885cd2d33c760bcdbfcb9f300Ubuntu Security Notice 2006-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.72 in Ubuntu 10.04 LTS. Ubuntu 12.04 LTS, Ubuntu 12.10, Ubuntu 13.04 and Ubuntu 13.10 have been updated to MySQL 5.5.34. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
cb8de417ff7f62570e9cf059820b5b3e849c9637f24c9974857bfb156a0ab65fRed Hat Security Advisory 2013-1459-01 - The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. A denial of service flaw was found in the way GnuPG parsed certain compressed OpenPGP packets. An attacker could use this flaw to send specially crafted input data to GnuPG, making GnuPG enter an infinite loop when parsing data. It was found that importing a corrupted public key into a GnuPG keyring database corrupted that keyring. An attacker could use this flaw to trick a local user into importing a specially crafted public key into their keyring database, causing the keyring to be corrupted and preventing its further use.
66f4f380227d5284e4fe726da477005d273d6e0b0babb21afcad548a7d3c4cc5Red Hat Security Advisory 2013-1458-01 - The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. It was found that GnuPG was vulnerable to the Yarom/Falkner flush+reload cache side-channel attack on the RSA secret exponent. An attacker able to execute a process on the logical CPU that shared the L3 cache with the GnuPG process could possibly use this flaw to obtain portions of the RSA secret key.
4ed140d307f2bb993d4c7916c9f09e01858d795fc86538c67ede4581485941e0Red Hat Security Advisory 2013-1457-01 - The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. It was found that GnuPG was vulnerable to the Yarom/Falkner flush+reload cache side-channel attack on the RSA secret exponent. An attacker able to execute a process on the logical CPU that shared the L3 cache with the GnuPG process could possibly use this flaw to obtain portions of the RSA secret key.
f0bc34c54d779918b986683d5fd801d334fea4b81db30f56c90de612a52fd94cDrupal Bean third party module version 7.x suffers from a cross site scripting vulnerability.
5e97713fe4414c722908505802236b453b4140bd483353df1873c0b578da4978In certain circumstances, RSA Authentication Agent for Web for IIS protection can be bypassed due to a fail open flaw in the agent. Versions 7.1 and 7.1.1 are affected.
1d9bdb134e4d458497e0ceca42b57c05550f4701f6e3aab2e693ee71a6cf1843
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed