HP Security Bulletin HPSBGN03286 1 - A potential security vulnerability has been identified with HP LoadRunner. The vulnerability could be exploited remotely to allow a buffer overflow. Revision 1 of this advisory.
77e1f0017599d488ff29131b60913d103e2951095b7a7763d0e85a09c3bd04a5
Apple Security Advisory 2015-05-19-1 - Watch OS 1.0.1 is now available and addresses certificate issues, arbitrary code execution, XML external entity, and various other vulnerabilities.
f17aeaf116598c6c534faf7325f8d39d4a47f7b764dc38ac0fa599637f23b263
Ubuntu Security Notice 2616-1 - Alexandre Oliva reported a race condition flaw in the btrfs file system's handling of extended attributes (xattrs). A local attacker could exploit this flaw to bypass ACLs and potentially escalate privileges. A memory corruption issue was discovered in AES decryption when using the Intel AES-NI accelerated code path. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate privileges on Intel base machines with AEC-GCM mode IPSec security association. Various other issues were also addressed.
6d5e854fce22dc7828dfb7fdb530544b850ada7e6eb90e28677f9de08e01f7b9
Ubuntu Security Notice 2611-1 - Vincent Tondellier discovered an integer overflow in the Linux kernel's netfilter connection tracking accounting of loaded extensions. An attacker on the local area network (LAN) could potential exploit this flaw to cause a denial of service (system crash of targeted system).
b4c3e998a7d49a92e110bfc778dcffdf6db3890e165a13a0f8516fe439bbd4d6
Ubuntu Security Notice 2612-1 - A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges. Vincent Tondellier discovered an integer overflow in the Linux kernel's netfilter connection tracking accounting of loaded extensions. An attacker on the local area network (LAN) could potential exploit this flaw to cause a denial of service (system crash of targeted system). Various other issues were also addressed.
34f987f7f6f67822ddd0219c9c83f04635ee710cc9f38ec4ba1174eb68d51de2
Ubuntu Security Notice 2615-1 - Alexandre Oliva reported a race condition flaw in the btrfs file system's handling of extended attributes (xattrs). A local attacker could exploit this flaw to bypass ACLs and potentially escalate privileges. A memory corruption issue was discovered in AES decryption when using the Intel AES-NI accelerated code path. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate privileges on Intel base machines with AEC-GCM mode IPSec security association. Various other issues were also addressed.
25638b80ace2c9f2bdf94815e626ecd8374cf275dfb2ac0988ee18aff2f04ed3
Ubuntu Security Notice 2613-1 - Vincent Tondellier discovered an integer overflow in the Linux kernel's netfilter connection tracking accounting of loaded extensions. An attacker on the local area network (LAN) could potential exploit this flaw to cause a denial of service (system crash of targeted system). Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). Various other issues were also addressed.
b64bb60c18c519b0ed27d58ee2e71d6a5fbd6269a6aab22e4be17fc12e4cf9e1
Ubuntu Security Notice 2614-1 - Vincent Tondellier discovered an integer overflow in the Linux kernel's netfilter connection tracking accounting of loaded extensions. An attacker on the local area network (LAN) could potential exploit this flaw to cause a denial of service (system crash of targeted system). Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). Various other issues were also addressed.
e0987162501d8a55fc1a3e8a6bf474732d7e1427471124e0dc77fe43dbc3b88a
HP Security Bulletin HPSBPI03322 1 - A potential security vulnerability has been identified with HP Access Control Pull Print Software. The vulnerability could result in local unauthorized access. Revision 1 of this advisory.
c41b46e2bff66e8a2991041e786d7ac9469f217dc88129793900c0d52b9b5447
Debian Linux Security Advisory 3175-2 - It was discovered that by sending crafted Router Advertisement packets, an attacker on the local network could lower the Current Hop Limit and cause the system to lose the ability to communicate with another IPv6 node on a different network.
dd4761dc19a5e09e9419df727372fc9503d4306a2ae881376aa305dcb3c79b3d
Debian Linux Security Advisory 3262-1 - Jason Geffner discovered a buffer overflow in the emulated floppy disk drive, resulting in the potential execution of arbitrary code. This only affects HVM guests.
f85b7e0dba35842d0a29aa4cdf7466ad52be076a8bdee2b113210207ea2f0fe7
The WordPress Simple Backup plugin suffers from an arbitrary download vulnerability.
2f1879ea63c04f1d1bdc1146437974cb35370b7761eb8ab23b2cca9b2c380294
The Vulnerability Laboratory Research Team discovered a local file include vulnerability in the official Wireless Photo Transfer Mobile version 3.0 iOS application.
8c45956de7bbff8e824ef289258164e1927f4f4d9ddcc638bb142469272f0b3b
An independent Vulnerability Laboratory researcher discovered a remote SQL injection web vulnerability in the official Crucial Networking CRUCMS web application.
012e19951d4d4560a4e25753146c9e294b8586acbbc08fc70636504e77a9384a
Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.
28ba9a29fcf8e79902d2f5303182ce5016a62b20569dbc733bb5ebcc86d7c741
Ubuntu Security Notice 2603-1 - Jesse Ruderman, Mats Palmgren, Byron Campen, and Steve Fink discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Atte Kettunen discovered a buffer overflow during the rendering of SVG content with certain CSS properties in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
071dd2ac5a46c4050e07f2243d084650f3d54e4d6c7d9fccfaf5fd1b448736a0
Red Hat Security Advisory 2015-1012-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A heap-based buffer overflow flaw was found in the way Thunderbird processed compressed XML data. An attacker could create specially crafted compressed XML content that, when processed by Thunderbird, could cause it to crash or execute arbitrary code with the privileges of the user running Thunderbird.
498b88d7e4d4bfa225ad0f2324ddcb350d365f2ef56d95457029b86ee7abc553
Red Hat Security Advisory 2015-1011-01 - The rhev-hypervisor packages provide a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
fcbc36d6af9b56bdac9fa408b51df2cd12d225527fdf8a1df853277bc89bbdfd
The xAdmin interface in EMC Document Sciences xPression contains a SQL injection vulnerability that could potentially be exploited by a remote attacker to access or modify information on the affected system by causing execution of SQL commands on the server. EMC Document Sciences xPression versions 4.2 and 4.5 SP1 are affected.
2ed855828dabc6672e56d704dda878b94cd6d33e894c669eaf764e4c6d6aa90c
phpBugTracker 1.7.5 suffers from cross site scripting, authorization bypass, and SQL injection vulnerabilities.
c13cabadc360f27c984d04adba9d6bfada7181ed571ba4c7d23192572f34182b
Debian Linux Security Advisory 3261-1 - Multiple vulnerabilities were discovered in libmodule-signature-perl, a Perl module to manipulate CPAN SIGNATURE files.
eead0929d7129f41a4c2167795dd6001b8ef81899e44f2f0daae91e38e8f7984
Concrete version 5.7.3.1 suffers from multiple cross site scripting vulnerabilities.
bc47fcda67ebda1d45c2ef30d588e722aa0845a565cf2e28ac9f78fe588936d2
DBKiss Database Admin version 1.16 suffers from a cross site scripting vulnerability.
b7c97d61aeece0ece3e89c725db8ab4f63a9b7b25f3a9791f902e1c54c690fcd
Sidu version 5.2 suffers from a cross site scripting vulnerability in the admin section.
0009de29df8d129f5c212f158cedc225c1a5e6274156ecc778eb9b6f37b73b51
Tiny MySQL suffers from a cross site scripting vulnerability.
3c2b3741ec292a1669642f6785ed7dee511bccef9add168cfad9a9570d7cc73c