Red Hat Security Advisory 2015-1330-01 - Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. It was discovered that the socket.recvfrom_into() function failed to check the size of the supplied buffer. This could lead to a buffer overflow when the function was called with an insufficiently sized buffer.
86acf923f3d4731743976325c7a7a70ef4af62a60ea0a6aae6fa1075259c53beUbuntu Security Notice 2674-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.44 in Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10. Ubuntu 15.04 has been updated to MySQL 5.6.25. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
3ef591c09526b46ad31c699ecb5630f391e4fa45fd30ade6cd708d16eaa11052Logstash 1.5.2 and prior versions are vulnerable to a SSL/TLS security issue called the FREAK attack. If you are using the Lumberjack input, FREAK allows an attacker to successfully implement a man in the middle attack, intercepting communication between the Logstash Forwarder agent and Logstash server.
b7135fa3ae882e982da1c97f18565f7476767f2800a6c0cc71e186e95bad5b18Axigen's WebMail Ajax interface implements a view attachment function that executes javascript code that is part of email HTML attachments. This allows a malicious user to craft email messages that could expose an Axigen WebMail Ajax user to cross site scripting or other attacks that rely on arbitrary javascript code running within a trusted domain.
788c7286734125b3725075a14d57b317c04a5fe4c16dd6e4f81e548ed40b5fc8HP Security Bulletin HPSBMU03380 1 - Multiple potential security vulnerabilities have been identified with HP System Management Homepage (SMH) on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), Cross-site Request Forgery (CSRF), execution of arbitrary code, unauthorized modification, unauthorized access, or disclosure of information. Revision 1 of this advisory.
b24b33b6953298c7dff07ba7ebf547fe10934e4d227a0e52094bde980503367cUbuntu Security Notice 2673-1 - Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. Bob Clary, Christian Holler, Bobby Holley, and Andrew McCreight discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
edcecb45d145f10f0b7e4ff7d56649529e2e69c9512e45839ce5892952206428Red Hat Security Advisory 2015-1443-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND performed DNSSEC validation. An attacker able to make BIND resolve a name in an attacker-controlled domain could cause named to exit unexpectedly with an assertion failure.
1dbbc85e48aca9ac27e379fe7a39f4db7e8eaec82b3a1090f9a8b0c6a929064eRed Hat Security Advisory 2015-1455-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It was found that Thunderbird skipped key-pinning checks when handling an error that could be overridden by the user. This flaw allowed a user to override a pinned certificate, which is an action the user should not be able to perform.
cdddfc23ea54e06009b5918e85bbccd60b6f828effef66b7d5a516c6047e2b18HP Security Bulletin HPSBMU03377 1 - A potential security vulnerability has been identified with HP Release Control running RC4. This is the SSL/TLS vulnerability known as "Bar Mitzvah" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
c948cefb7818ea5b1e51374e04d217feeb476b6c238d3363c61c6946f9651db9HP Security Bulletin HPSBUX03379 SSRT101976 1 - A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
b21fc27083754ab1ae7b8c59ee2c783014b0ec6f8ca5590eded500f0f1ff2e29This is a notification of an out-of-band security bulletin from Microsoft that was added to the July Security Bulletin Summary on July 20, 2015.
eef524469c7a03a5600fc542f88fe7761ba74853e1fa0018d3811d796f80412cDebian Linux Security Advisory 3311-1 - Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.20.
1423eab35ca8f3dda7f15407470f35106928d003ba757689cf70b0a0c215170eDebian Linux Security Advisory 3310-1 - It was discovered that an integer overflow in freexl, a library to parse Microsoft Excel spreadsheets may result in denial of service if a malformed Excel file is opened.
db23d221c9b6252856d68fbdee3da4e3242efd152891eb1b55e11453690d1a1bDebian Linux Security Advisory 3309-1 - Fernando Munoz discovered that invalid HTML input passed to tidy, an HTML syntax checker and reformatter, could trigger a buffer overflow. This could allow remote attackers to cause a denial of service (crash) or potentially execute arbitrary code.
9f74172d765c78b9706ecbe3bd4c5375d3108c72d904c586aa43aebbab21d647Debian Linux Security Advisory 3308-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.44.
c289e518b0dfd2d9c7f0fd2438fd0c81178613bf6817e1802ed79804a6306c9eSlackware Security Advisory - New httpd packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
36799e7bd8fbb814ff99012997a8e5d129d9c75f98b4f4fa759d4b8c20dff96fSlackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
a878dedbe56e20804e45f7a781334aab7ec38b4450537c6f93add15127d7748fGentoo Linux Security Advisory 201507-20 - Multiple vulnerabilities have been found in PostgreSQL, the worst of which could result in execution of arbitrary code or privilege escalation. Versions less than 9.4.3 are affected.
48241fb6aa76393d53251ef2f6519ac204edef004621f8f7fd9487e9fd5ce317Red Hat Security Advisory 2015-1243-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
240a4d208c67ed5977cc94f864f3c548d2a692bbfe7028670ced5044f28a1c0dRed Hat Security Advisory 2015-1242-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
b01b07a56be2d7a975fa73912a2e17caca8944404e1dc032d7ba2d6b307d9c3bRed Hat Security Advisory 2015-1241-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
a00adc19b4661f42eff481841ccbe46849730c47219498516b92867b140ed3c7Oracle E-Business Suite is prone to a remote URL-redirection vulnerability. This vulnerability may allow a malicious user to perform a phishing attack by sending a crafted URL of Oracle E-Business Suite Form Servlet page to another user. When an unsuspecting victim follows the URI, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Versions affected include 11.5.10.2, 12.0.6, and 12.1.3.
fefe0444086e77de0d60a0771da86be452e0256a0e1d089607066df4b7065e65Elasticsearch versions from 1.0.0 to 1.6.0 are vulnerable to a directory traversal attack that allows an attacker to retrieve files that are readable by the Elasticsearch JVM process.
b31e33f0be2db96a5fdb079e65aaf1b8bd17143da9e03e617b58e897d6aa2937Elasticsearch versions prior to 1.6.1 are vulnerable to an engineered attack on its transport protocol that enables remote code execution.
c7d03a23059a26c14cfa85c4a73e1ef9e80899f3676ade54bb247e68d5444f6bEMC Documentum CenterStage is affected by a stored cross-site scripting vulnerability that could potentially be exploited by an attacker by injecting malicious HTML or script. This may lead to execution of injected HTML or script in the context of the authenticated user.
6735391574947f75e6be781bb6730919f081530e732a8c5060ab42e4c0a9926f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed