Debian Linux Security Advisory 3234-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.
def56cbcb5f101f29f12a80e59378f7d3c5ab84852759f935899affe26802977
HP Security Bulletin HPSBHF03272 1 - A potential security vulnerability has been identified with certain HP Servers with NVidia GPU Computing Driver running Windows Server 2008. This vulnerability could be exploited resulting in elevation of privilege. Revision 1 of this advisory.
6f1f421351008007e3a045e814596974c41a38fe81042dad57f84ddde4fac716
HP Security Bulletin HPSBPI03315 1 - A potential security vulnerability has been identified with HP Capture and Route Software. The vulnerability could be exploited remotely resulting in information disclosure. Revision 1 of this advisory.
0f53330b8863493f6bd516603fdd709e7343a9179ad79258fa39a93bd5f98e51
Debian Linux Security Advisory 3233-1 - The Google security team and the smart hardware research group of Alibaba security team discovered a flaw in how wpa_supplicant used SSID information when creating or updating P2P peer entries. A remote attacker can use this flaw to cause wpa_supplicant to crash, expose memory contents, and potentially execute arbitrary code.
cbf11d3c2811cfc3822a030648d7fd3606b6426e0b3081e97749187e44a2873a
OpenFire XMPP versions 3.9.3 and below incorrectly accepts self-signed certificates potentially allowing for spoofing attacks.
d26c2fe0c0cc3b4027d438b3b2eba60b5fcea46aa1cc48496aed16c4a47ece9e
Ubuntu Security Notice 2571-1 - Robert Kaiser discovered a use-after-free during plugin initialization in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox.
d1ecdc8415b2df26cb92c366dca7a5d657231bb6a63cd603887be34dc22916d4
Red Hat Security Advisory 2015-0884-01 - The novnc package provides a VNC client that uses HTML5 and includes encryption support. It was discovered that noVNC did not properly set the 'secure' flag when issuing cookies. An attacker could use this flaw to intercept cookies via a man-in-the-middle attack. All novnc users are advised to upgrade to this updated package, which corrects this issue.
7537486bde6230c7e70cace23d5c5d3bf77dce63d7ddb051bdae0a85496238ff
Ubuntu Security Notice 2577-1 - It was discovered that wpa_supplicant incorrectly handled SSID information when creating or updating P2P peer entries. A remote attacker could use this issue to cause wpa_supplicant to crash, resulting in a denial of service, expose memory contents, or possibly execute arbitrary code.
2279e6e2ac03ad8f13aa40eceaf5e03cab1e3b0eb08e72e03a747b70f05a2ffc
Ubuntu Security Notice 2576-1 - Tavis Ormandy discovered that usb-creator was missing an authentication check. A local attacker could use this issue to gain elevated privileges.
e4168614543efb3387f9b85d0e927ff750f006c5190161c6b8ba4fc4b5c04da2
Ubuntu Security Notice 2576-2 - USN-2576-1 fixed a vulnerability in usb-creator. This update provides the corresponding fix for Ubuntu 15.04. Tavis Ormandy discovered that usb-creator was missing an authentication check. A local attacker could use this issue to gain elevated privileges.
e8d76a6c30bc2003f499f1da7592ef43ae21b9dc020edfc72a2265a142333221
wpa_supplicant version 2.x on Android suffers from a heap overflow that can lead to memory information leaks and remote code execution.
01ee6f07cd1dc7ed4b4d9fe43c5c2e39e7896e387437595d2ed70ee28df47ecb
Dnsmasq version 2.72 does not properly check the return value of the setup_reply() function called during a tcp connection (by the tcp_request() function). This return value is then used as a size argument in a function which writes data on the client's connection. This may lead, upon successful exploitation, to reading the heap memory of dnsmasq.
15ce37ec8c0427813ec7b2856b386f96b7f86c6dd544e1d7626c85e4d9919940
Magento eCommerce suffers from authentication bypass, local file inclusion, remote file inclusion, and remote SQL injection vulnerabilities.
b1bb0bc0421bad1545aa417e1a52602a15ab67d91412ccd0951fcf453a82a036
Debian Linux Security Advisory 3232-1 - Several vulnerabilities were discovered in cURL, an URL transfer library.
6e86f20ed47c4e7cfc2468ed008bfa64388d16455652fa11cf828b15cf453f31
Red Hat Security Advisory 2015-0869-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. It was found that KVM's Write to Model Specific Register instruction emulation would write non-canonical values passed in by the guest to certain MSRs in the host's context. A privileged guest user could use this flaw to crash the host. A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host.
26225351ab56061b5da1791a123ec8764b904a911c83218c2500c2ca7e8fef8f
Red Hat Security Advisory 2015-0870-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system.
9f2d0329dd85d46f5eed463422fa259961159397119b8a8180ae691e2b71e409
Slackware Security Advisory - New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
7c17abb86d4231b87b033da9d23176208cda435cc8ac6d37f56333750ace636f
Slackware Security Advisory - New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
6226887b79182f2879fc61785788eeaa7e5a8629c7a587dcfebb9b97fe79d104
Slackware Security Advisory - New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
fabbf00be913fbc1ea322e0c9f5f56231cc9f149ec2cb6f5840f0655e2e5c915
Slackware Security Advisory - New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
ce08e480bab8400e8443fea5fd46d3214d00916ac2d7a30ff9d78c085b25b805
Slackware Security Advisory - New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
3a0f7c0ad6c6d8f3a18498acb84b48b76b0a8d05e934b6cfca87447479bf8a8a
Slackware Security Advisory - New proftpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
97da8a8f846347404ac0427633ddc66222c5b7357000fbdadd6e7a16f4c38fa8
Slackware Security Advisory - New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
887f44359723d57083b4ff5a78b8cdd231efcb087fa0cda54dff6fe2ec6cf3a1
Slackware Security Advisory - New ppp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
7a48ee5a01b2016c74691deaae312c4964ac9f83da93f71edd58f4c7ac804936
Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
99ad1abcd26dab08695811257c2998e0a30dd4949338dc99aae75015340fafe9