HP Security Bulletin HPSBGN03286 1 - A potential security vulnerability has been identified with HP LoadRunner. The vulnerability could be exploited remotely to allow a buffer overflow. Revision 1 of this advisory.
77e1f0017599d488ff29131b60913d103e2951095b7a7763d0e85a09c3bd04a5Apple Security Advisory 2015-05-19-1 - Watch OS 1.0.1 is now available and addresses certificate issues, arbitrary code execution, XML external entity, and various other vulnerabilities.
f17aeaf116598c6c534faf7325f8d39d4a47f7b764dc38ac0fa599637f23b263Ubuntu Security Notice 2616-1 - Alexandre Oliva reported a race condition flaw in the btrfs file system's handling of extended attributes (xattrs). A local attacker could exploit this flaw to bypass ACLs and potentially escalate privileges. A memory corruption issue was discovered in AES decryption when using the Intel AES-NI accelerated code path. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate privileges on Intel base machines with AEC-GCM mode IPSec security association. Various other issues were also addressed.
6d5e854fce22dc7828dfb7fdb530544b850ada7e6eb90e28677f9de08e01f7b9Ubuntu Security Notice 2611-1 - Vincent Tondellier discovered an integer overflow in the Linux kernel's netfilter connection tracking accounting of loaded extensions. An attacker on the local area network (LAN) could potential exploit this flaw to cause a denial of service (system crash of targeted system).
b4c3e998a7d49a92e110bfc778dcffdf6db3890e165a13a0f8516fe439bbd4d6Ubuntu Security Notice 2612-1 - A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges. Vincent Tondellier discovered an integer overflow in the Linux kernel's netfilter connection tracking accounting of loaded extensions. An attacker on the local area network (LAN) could potential exploit this flaw to cause a denial of service (system crash of targeted system). Various other issues were also addressed.
34f987f7f6f67822ddd0219c9c83f04635ee710cc9f38ec4ba1174eb68d51de2Ubuntu Security Notice 2615-1 - Alexandre Oliva reported a race condition flaw in the btrfs file system's handling of extended attributes (xattrs). A local attacker could exploit this flaw to bypass ACLs and potentially escalate privileges. A memory corruption issue was discovered in AES decryption when using the Intel AES-NI accelerated code path. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate privileges on Intel base machines with AEC-GCM mode IPSec security association. Various other issues were also addressed.
25638b80ace2c9f2bdf94815e626ecd8374cf275dfb2ac0988ee18aff2f04ed3Ubuntu Security Notice 2613-1 - Vincent Tondellier discovered an integer overflow in the Linux kernel's netfilter connection tracking accounting of loaded extensions. An attacker on the local area network (LAN) could potential exploit this flaw to cause a denial of service (system crash of targeted system). Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). Various other issues were also addressed.
b64bb60c18c519b0ed27d58ee2e71d6a5fbd6269a6aab22e4be17fc12e4cf9e1Ubuntu Security Notice 2614-1 - Vincent Tondellier discovered an integer overflow in the Linux kernel's netfilter connection tracking accounting of loaded extensions. An attacker on the local area network (LAN) could potential exploit this flaw to cause a denial of service (system crash of targeted system). Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). Various other issues were also addressed.
e0987162501d8a55fc1a3e8a6bf474732d7e1427471124e0dc77fe43dbc3b88aHP Security Bulletin HPSBPI03322 1 - A potential security vulnerability has been identified with HP Access Control Pull Print Software. The vulnerability could result in local unauthorized access. Revision 1 of this advisory.
c41b46e2bff66e8a2991041e786d7ac9469f217dc88129793900c0d52b9b5447Debian Linux Security Advisory 3175-2 - It was discovered that by sending crafted Router Advertisement packets, an attacker on the local network could lower the Current Hop Limit and cause the system to lose the ability to communicate with another IPv6 node on a different network.
dd4761dc19a5e09e9419df727372fc9503d4306a2ae881376aa305dcb3c79b3dDebian Linux Security Advisory 3262-1 - Jason Geffner discovered a buffer overflow in the emulated floppy disk drive, resulting in the potential execution of arbitrary code. This only affects HVM guests.
f85b7e0dba35842d0a29aa4cdf7466ad52be076a8bdee2b113210207ea2f0fe7The WordPress Simple Backup plugin suffers from an arbitrary download vulnerability.
2f1879ea63c04f1d1bdc1146437974cb35370b7761eb8ab23b2cca9b2c380294The Vulnerability Laboratory Research Team discovered a local file include vulnerability in the official Wireless Photo Transfer Mobile version 3.0 iOS application.
8c45956de7bbff8e824ef289258164e1927f4f4d9ddcc638bb142469272f0b3bAn independent Vulnerability Laboratory researcher discovered a remote SQL injection web vulnerability in the official Crucial Networking CRUCMS web application.
012e19951d4d4560a4e25753146c9e294b8586acbbc08fc70636504e77a9384aSlackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.
28ba9a29fcf8e79902d2f5303182ce5016a62b20569dbc733bb5ebcc86d7c741Ubuntu Security Notice 2603-1 - Jesse Ruderman, Mats Palmgren, Byron Campen, and Steve Fink discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Atte Kettunen discovered a buffer overflow during the rendering of SVG content with certain CSS properties in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
071dd2ac5a46c4050e07f2243d084650f3d54e4d6c7d9fccfaf5fd1b448736a0Red Hat Security Advisory 2015-1012-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A heap-based buffer overflow flaw was found in the way Thunderbird processed compressed XML data. An attacker could create specially crafted compressed XML content that, when processed by Thunderbird, could cause it to crash or execute arbitrary code with the privileges of the user running Thunderbird.
498b88d7e4d4bfa225ad0f2324ddcb350d365f2ef56d95457029b86ee7abc553Red Hat Security Advisory 2015-1011-01 - The rhev-hypervisor packages provide a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
fcbc36d6af9b56bdac9fa408b51df2cd12d225527fdf8a1df853277bc89bbdfdThe xAdmin interface in EMC Document Sciences xPression contains a SQL injection vulnerability that could potentially be exploited by a remote attacker to access or modify information on the affected system by causing execution of SQL commands on the server. EMC Document Sciences xPression versions 4.2 and 4.5 SP1 are affected.
2ed855828dabc6672e56d704dda878b94cd6d33e894c669eaf764e4c6d6aa90cphpBugTracker 1.7.5 suffers from cross site scripting, authorization bypass, and SQL injection vulnerabilities.
c13cabadc360f27c984d04adba9d6bfada7181ed571ba4c7d23192572f34182bDebian Linux Security Advisory 3261-1 - Multiple vulnerabilities were discovered in libmodule-signature-perl, a Perl module to manipulate CPAN SIGNATURE files.
eead0929d7129f41a4c2167795dd6001b8ef81899e44f2f0daae91e38e8f7984Concrete version 5.7.3.1 suffers from multiple cross site scripting vulnerabilities.
bc47fcda67ebda1d45c2ef30d588e722aa0845a565cf2e28ac9f78fe588936d2DBKiss Database Admin version 1.16 suffers from a cross site scripting vulnerability.
b7c97d61aeece0ece3e89c725db8ab4f63a9b7b25f3a9791f902e1c54c690fcdSidu version 5.2 suffers from a cross site scripting vulnerability in the admin section.
0009de29df8d129f5c212f158cedc225c1a5e6274156ecc778eb9b6f37b73b51Tiny MySQL suffers from a cross site scripting vulnerability.
3c2b3741ec292a1669642f6785ed7dee511bccef9add168cfad9a9570d7cc73c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed