Ubuntu Security Notice 2896-1 - Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered that Libgcrypt was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys.
675eb78b537992ffb286496ea0c991eedfce2ffb721ea85ad463ea0773973994Ubuntu Security Notice 2898-2 - It was discovered that Eye of GNOME incorrectly handled certain large images. If a user were tricked into opening a specially-crafted image, a remote attacker could use this issue to cause Eye of GNOME to crash, resulting in a denial of service, or possibly execute arbitrary code.
d08205dc2ebc5b5d0acc98b9b396c64c4040b295948c048a0bcc6bfbda2d6eecUbuntu Security Notice 2897-1 - Hanno Boeck discovered that Nettle incorrectly handled carry propagation in the NIST P-256 elliptic curve. Hanno Boeck discovered that Nettle incorrectly handled carry propagation in the NIST P-384 elliptic curve. Niels Moeller discovered that Nettle incorrectly handled carry propagation in the NIST P-256 elliptic curve. Various other issues were also addressed.
df7a203efaf3488a14da93462980f6902abd64fb32d7d4bc26d5c1a3d30ca9c4Ubuntu Security Notice 2898-1 - It was discovered that GTK+ incorrectly handled certain large images. A remote attacker could use this issue to cause GTK+ applications to crash, resulting in a denial of service, or possibly execute arbitrary code.
550c27a6896eb88baddf3477beb41c1a22bc5263d376fb87b73311b3751cd3b7Red Hat Security Advisory 2016-0174-01 - Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments. A stored cross-site scripting flaw was found in the smart class parameters/variables field. By sending a specially crafted request to Satellite, a remote, authenticated attacker could embed HTML content into the stored data, allowing them to inject malicious content into the web page that is used to view that data.
bdaf1fecf6f3ad8cb6269b3d5e444878cea3b64aebc3ccb2a48bd29873d42192Debian Linux Security Advisory 3476-1 - Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system.
e73ad2b93e7cda4e6c8fb29e8d30d337da00ecc73515256d73412e6cb68c8603Debian Linux Security Advisory 3475-1 - Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system.
97224b1e0460c8281f126771bca871f95993eaf9c127de0f00c7d502dbf4b8e1Debian Linux Security Advisory 3474-1 - Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered that the ECDH secret decryption keys in applications using the libgcrypt20 library could be leaked via a side-channel attack.
4b3c6cec624729feb1385097c768b19210a88ed628f32462d7b492304d08587fDebian Linux Security Advisory 3477-1 - Holger Fuhrmannek discovered that missing input sanitising in the Graphite font rendering engine could result in the execution of arbitrary code.
f8fcce3447a12964a1c43791e3575e4eace08da6d78d9e251dbdcc8024254b2bSlackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.
f9a76aa6ef57f1e076d850e62ac67a8367c6409921849513eadf562a3be55d45Debian Linux Security Advisory 3473-1 - Several vulnerabilities were discovered in the resolver in nginx, a small, powerful, scalable web/proxy server, leading to denial of service or, potentially, to arbitrary code execution. These only affect nginx if the "resolver" directive is used in a configuration file.
5a0131255d426604bc49d6eab1f053482dc3f459ff36bca3874ae38d871d1625Serena Business Manager versions prior to 10.01 suffer from cross site scripting vulnerability.
394d7bf2e882041e4de119be2410ca7279db090fb9198946562cbb3307543e78Ubuntu Security Notice 2893-1 - Jason Pang discovered that service workers intercept responses to plugin network requests made through the browser. An attacker could potentially exploit this to bypass same origin restrictions using the Flash plugin.
5c0db8d8db3729fc04ee575a45709e0abce40974774e308d158845f87e3848fbUbuntu Security Notice 2894-1 - It was discovered that PostgreSQL incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service. It was discovered that PostgreSQL incorrectly handled certain configuration settings (GUCS) for users of PL/Java. A remote attacker could possibly use this issue to escalate privileges.
ebe796e3c42c7667f7ab898d34253c32dad4b56546133ebbb41b370de36a0f3eThis bulletin summary lists two bulletins that have undergone a major revision increment for February, 2016.
5e62f02b24ab8e69b731fbbfb23373f01d52dfcc6c2bbd5543637a91bcf1aa91Red Hat Security Advisory 2016-0166-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-04 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
1816680b824050a758e4c30a63694622b5b24615d87e93c7e7e7ce02de19fcfcCisco Security Advisory - A vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and IKE version 2 (v2) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a buffer overflow in the affected code area. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed firewall mode only and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic.
b39dc515a9918053d756c99939d54b8d713da1f97c251287ddcae2d2b507a879EMC Documentum xCP contains fixes for multiple security vulnerabilities that could potentially be exploited by malicious users to compromise the affected system. Versions 2.1 and 2.2 are affected.
20de6bd9297ddd8a1fb42d72cb5fb400141a8b891a25ad8d400b3196582d67fbASUS wireless routers running ASUSWRT firmware have a design flaw in which the administrator web interface may be open to the public Internet even if you have specifically disabled web access from the WAN.
acefe4f7da5e0a9ebebc7265a613a32f86d3d8d789508910725b215e88ef92d7A DLL side loading vulnerability was found in the MapsUpdateTask Task DLL that ships with Windows 10. This issue can be exploited by loading COM control as an embedded OLE object. When instantiating the object Windows will try to load the DLL phoneinfo.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.
2d60a51e6e82dbfc3d3f990fd98e9da3a6ed414a4dda68ab35f60ef08899c1e2A DLL side loading vulnerability was found in the BDA MPEG2 Transport Information Filter that ships with Windows Vista. This issue can be exploited by loading the filter as an embedded OLE object. When instantiating the object Windows will try to load the DLL ehTrace.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.
46c78e46c86080f3c7dc443a900413e500d7f7d0f20d2fca23e1a30ed0482f7cA DLL side loading vulnerability was found in the NPS Datastore server DLL that ships with Windows Vista. This issue can be exploited by loading the affected DLL as an embedded OLE object. When instantiating the object Windows will try to load the DLL iasdatastore2.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.
1b2dddead234857b365162684d8bbf28ae57f80f5af04c34105b408b35df5d6eSlackware Security Advisory - New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
ca2549f2bbe98b0173e2b937737135325fb0aeca5d53b29dd51a9d864253fcebSlackware Security Advisory - New libsndfile packages are available for Slackware 13.37, 14.0, 14.1, and -current to fix security issues.
0613e48ef93ff91504e6909feac66241db72fe0400b308a7af0b739b8d6809e4Debian Linux Security Advisory 3472-1 - Two vulnerabilities were discovered in wordpress, a web blogging tool.
735a5efc1730a43120e8b0b354ddf62a5478ce6c3ed1b1aba1601f8a38eb239c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed