Debian Linux Security Advisory 3234-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.
def56cbcb5f101f29f12a80e59378f7d3c5ab84852759f935899affe26802977HP Security Bulletin HPSBHF03272 1 - A potential security vulnerability has been identified with certain HP Servers with NVidia GPU Computing Driver running Windows Server 2008. This vulnerability could be exploited resulting in elevation of privilege. Revision 1 of this advisory.
6f1f421351008007e3a045e814596974c41a38fe81042dad57f84ddde4fac716HP Security Bulletin HPSBPI03315 1 - A potential security vulnerability has been identified with HP Capture and Route Software. The vulnerability could be exploited remotely resulting in information disclosure. Revision 1 of this advisory.
0f53330b8863493f6bd516603fdd709e7343a9179ad79258fa39a93bd5f98e51Debian Linux Security Advisory 3233-1 - The Google security team and the smart hardware research group of Alibaba security team discovered a flaw in how wpa_supplicant used SSID information when creating or updating P2P peer entries. A remote attacker can use this flaw to cause wpa_supplicant to crash, expose memory contents, and potentially execute arbitrary code.
cbf11d3c2811cfc3822a030648d7fd3606b6426e0b3081e97749187e44a2873aOpenFire XMPP versions 3.9.3 and below incorrectly accepts self-signed certificates potentially allowing for spoofing attacks.
d26c2fe0c0cc3b4027d438b3b2eba60b5fcea46aa1cc48496aed16c4a47ece9eUbuntu Security Notice 2571-1 - Robert Kaiser discovered a use-after-free during plugin initialization in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox.
d1ecdc8415b2df26cb92c366dca7a5d657231bb6a63cd603887be34dc22916d4Red Hat Security Advisory 2015-0884-01 - The novnc package provides a VNC client that uses HTML5 and includes encryption support. It was discovered that noVNC did not properly set the 'secure' flag when issuing cookies. An attacker could use this flaw to intercept cookies via a man-in-the-middle attack. All novnc users are advised to upgrade to this updated package, which corrects this issue.
7537486bde6230c7e70cace23d5c5d3bf77dce63d7ddb051bdae0a85496238ffUbuntu Security Notice 2577-1 - It was discovered that wpa_supplicant incorrectly handled SSID information when creating or updating P2P peer entries. A remote attacker could use this issue to cause wpa_supplicant to crash, resulting in a denial of service, expose memory contents, or possibly execute arbitrary code.
2279e6e2ac03ad8f13aa40eceaf5e03cab1e3b0eb08e72e03a747b70f05a2ffcUbuntu Security Notice 2576-1 - Tavis Ormandy discovered that usb-creator was missing an authentication check. A local attacker could use this issue to gain elevated privileges.
e4168614543efb3387f9b85d0e927ff750f006c5190161c6b8ba4fc4b5c04da2Ubuntu Security Notice 2576-2 - USN-2576-1 fixed a vulnerability in usb-creator. This update provides the corresponding fix for Ubuntu 15.04. Tavis Ormandy discovered that usb-creator was missing an authentication check. A local attacker could use this issue to gain elevated privileges.
e8d76a6c30bc2003f499f1da7592ef43ae21b9dc020edfc72a2265a142333221wpa_supplicant version 2.x on Android suffers from a heap overflow that can lead to memory information leaks and remote code execution.
01ee6f07cd1dc7ed4b4d9fe43c5c2e39e7896e387437595d2ed70ee28df47ecbDnsmasq version 2.72 does not properly check the return value of the setup_reply() function called during a tcp connection (by the tcp_request() function). This return value is then used as a size argument in a function which writes data on the client's connection. This may lead, upon successful exploitation, to reading the heap memory of dnsmasq.
15ce37ec8c0427813ec7b2856b386f96b7f86c6dd544e1d7626c85e4d9919940Magento eCommerce suffers from authentication bypass, local file inclusion, remote file inclusion, and remote SQL injection vulnerabilities.
b1bb0bc0421bad1545aa417e1a52602a15ab67d91412ccd0951fcf453a82a036Debian Linux Security Advisory 3232-1 - Several vulnerabilities were discovered in cURL, an URL transfer library.
6e86f20ed47c4e7cfc2468ed008bfa64388d16455652fa11cf828b15cf453f31Red Hat Security Advisory 2015-0869-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. It was found that KVM's Write to Model Specific Register instruction emulation would write non-canonical values passed in by the guest to certain MSRs in the host's context. A privileged guest user could use this flaw to crash the host. A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host.
26225351ab56061b5da1791a123ec8764b904a911c83218c2500c2ca7e8fef8fRed Hat Security Advisory 2015-0870-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system.
9f2d0329dd85d46f5eed463422fa259961159397119b8a8180ae691e2b71e409Slackware Security Advisory - New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
7c17abb86d4231b87b033da9d23176208cda435cc8ac6d37f56333750ace636fSlackware Security Advisory - New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
6226887b79182f2879fc61785788eeaa7e5a8629c7a587dcfebb9b97fe79d104Slackware Security Advisory - New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
fabbf00be913fbc1ea322e0c9f5f56231cc9f149ec2cb6f5840f0655e2e5c915Slackware Security Advisory - New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
ce08e480bab8400e8443fea5fd46d3214d00916ac2d7a30ff9d78c085b25b805Slackware Security Advisory - New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
3a0f7c0ad6c6d8f3a18498acb84b48b76b0a8d05e934b6cfca87447479bf8a8aSlackware Security Advisory - New proftpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
97da8a8f846347404ac0427633ddc66222c5b7357000fbdadd6e7a16f4c38fa8Slackware Security Advisory - New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
887f44359723d57083b4ff5a78b8cdd231efcb087fa0cda54dff6fe2ec6cf3a1Slackware Security Advisory - New ppp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
7a48ee5a01b2016c74691deaae312c4964ac9f83da93f71edd58f4c7ac804936Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
99ad1abcd26dab08695811257c2998e0a30dd4949338dc99aae75015340fafe9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed