Debian Linux Security Advisory 3579-1 - Gustavo Grieco discovered an use-after-free vulnerability in xerces-c, a validating XML parser library for C++, due to not properly handling invalid characters in XML input documents in the DTDScanner.
45b6e047db4b73858971629f52ff7aa4053af4847c4a43806674c5fe5dc051caDebian Linux Security Advisory 3578-1 - It was discovered that libidn, the GNU library for Internationalized Domain Names (IDNs), did not correctly handle invalid UTF-8 input, causing an out-of-bounds read. This could allow attackers to disclose sensitive information from an application using the libidn library.
0f6df94ca20bee4e1e8ac06f0e309a5d702366a562dcfdf9f35c4080410948d4Debian Linux Security Advisory 3577-1 - Gustavo Grieco discovered that jansson, a C library for encoding, decoding and manipulating JSON data, did not limit the recursion depth when parsing JSON arrays and objects. This could allow remote attackers to cause a denial of service (crash) via stack exhaustion, using crafted JSON data.
35e0db4c71f3007af50999c51a455a7780263187a843797552b6d84891ce2fb6This bulletin summary lists two bulletins that have undergone a major revision increment.
0ab0b3d62a621494c7fcc2fced5ffe038027cabbbefbd0e37da34b4e330554ffHipChat Server versions below 2.0 build 1.4.1 suffer from vulnerabilities including code execution, insufficient shell characters, file deletion, file moving, local file read, and Server-Side Request Forgery.
51f7ff56cb32406c73d6232aee84e2cf2951d8dbfedaba6c3b94f1aa3ec2d083Debian Linux Security Advisory 3576-1 - Multiple security issues have been found in Icedove, Debian's version of lead to the execution of arbitrary code or denial of service.
05e7b4c1f39005760c9abd1a0ac619a912317ec016c2c8356dc9bb6fbfb07db5HP Security Bulletin HPSBMU03590 1 - Several potential security vulnerabilities have been identified in HPE Systems Insight Manager (SIM) on Windows and Linux. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), execution of arbitrary code, disclosure of information, Cross-site Request Forgery (CSRF), and Cross-site scripting (XSS). Revision 1 of this advisory.
0d87e5cf948c457cbccb5fbac35b83c4012fe852b7698e47171b0b53a8f1b615Red Hat Security Advisory 2016-1079-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.621. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
d553bf41bbbc57c24c14462e16a5595bf80d85af2fd934b503b65c4bd42f3912Red Hat Security Advisory 2016-1080-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 50.0.2661.102. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.
96a2ef3caa485f8a2cd13aeccd168bd4739b6ebbd1bb2c0819aa0cf395192ca7HP Security Bulletin HPSBMU03589 1 - Several potential security vulnerabilities have been identified with HPE Version Control Repository Manager (VCRM) on Windows and Linux. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). Revision 1 of this advisory.
d146f7607639ef769e92d718f1be1d84113514ecc0f578bc6f1b73b1e457a968HP Security Bulletin HPSBMU03591 1 - Several potential security vulnerabilities have been identified in HPE Server Migration Pack (SMP) on Windows and Linux. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). Revision 1 of this advisory.
958138fc11dd9e53ea6b98de78d16ced9c354a2c2997cb0b10965023053cabb7Debian Linux Security Advisory 3575-1 - It was discovered that XStream, a Java library to serialize objects to XML and back again, was susceptible to XML External Entity attacks.
af1b21075f21f469f80745cdec90abae5c25ac53e577e451d9fead725f190788Red Hat Security Advisory 2016-1034-01 - Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. Security Fix: It was found that Docker would launch containers under the specified UID instead of a username. An attacker able to launch a container could use this flaw to escalate their privileges to root within the launched container.
fef631830638375fd374745e17155f22b591a950b15fa0987ffc1f44087ce1cfHP Security Bulletin HPSBGN03597 1 - A vulnerability in GNU C Library (glibc) was addressed by HPE Cloud Optimizer (Virtualization Performance Viewer). The vulnerability could be exploited remotely to allow Denial of Service (DoS). Revision 1 of this advisory.
25f49ade38400e07817b57b4a97217d1ee78e9e0c35b13e06ec064443db88b6dRed Hat Security Advisory 2016-1064-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform- as-a-Service solution designed for on-premise or private cloud deployments. Security Fix: A flaw was found in the building of containers within OpenShift Enterprise. An attacker could submit an image for building that executes commands within the container as root, allowing them to potentially escalate privileges.
ff1f5de43fd5b0b8ab16a8e1890a76884dc013664db557572763c867cc75b38bRed Hat Security Advisory 2016-1060-01 - PostgreSQL is an advanced object-relational database management system. Security Fix: An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code.
7cdfdec3be0c6fefdde2bd8c964d004f67986d9a2745fea3fe0ea827dae1997aTrendMicro suffers from multiple HTTP problems in CoreServiceShell.exe.
66cb00c146f952cc997388b5ddb1c0039e197d650c1e6a388b719ebecf1ec16fUbuntu Security Notice 2974-1 - Zuozhi Fzz discovered that QEMU incorrectly handled USB OHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Qinghao Tang discovered that QEMU incorrectly handled USB Net emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Qinghao Tang discovered that QEMU incorrectly handled USB Net emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly leak host memory bytes. Various other issues were also addressed.
17f7d26242cade4510f2fd199babbc3cc8a952a96c7f7115e5543fef485ef4ebRed Hat Security Advisory 2016-1033-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way the Linux kernel's ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 certificate DER file to crash the system or, potentially, escalate their privileges on the system.
e45c138b2753829dc79e684567547bf112b96c0a9432a870efadd6e45bd1a03cRed Hat Security Advisory 2016-1051-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. The following packages have been upgraded to a newer upstream version: kernel-rt. This version provides a number of bug fixes and enhancements, including: [scsi] bnx2fc: Fix FCP RSP residual parsing and remove explicit logouts [scsi] mpt3sas: Fix for Asynchronous completion of timedout IO and task abort of timedout IO
21c5265b59b451a5ddb26d9e008c07b346c9eea16e7069c9a77e2104a9ab8465Red Hat Security Advisory 2016-1055-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. The following packages have been upgraded to a newer upstream version: kernel-rt. This version provides a number of bug fixes and enhancements, including: [scsi] bnx2fc: Fix FCP RSP residual parsing and remove explicit logouts [scsi] mpt3sas: Fix for Asynchronous completion of timedout IO and task abort of timedout IO
b8c554fc25788fff5ae196c0632ab105d3e249701f8eeebf038112421b13b337Red Hat Security Advisory 2016-1041-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 38.8.0. Security Fix: Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
848e50dd05b02ebc5fa7c8d2366d91b0c6c75b09e63d65e61f63225511c634d3HP Security Bulletin HPSBST03599 1 - A vulnerability in OpenSSH has been addressed by HPE 3PAR OS. The vulnerabily could be exploited remotely resulting in Denial of Service (DoS) or access restriction bypass. Revision 1 of this advisory.
dcbf23693e00cc87e0d7a56b5f156d9fe94676372e94f76928032bb1e2994873HP Security Bulletin HPSBST03598 1 - HPE 3PAR OS has addressed stack based buffer overflows in glibc's implementation of getaddrinfo(). This vulnerability could be remotely exploited to cause Denial of Service (DoS) or allow execution of arbitrary code on the host with the permissions of a user running glibc library. Revision 1 of this advisory.
825e2f051ab86891da30d118b79183bb3ced947bf7f0859a92642c397d8dc78fHP Security Bulletin HPSBST03586 1 - A potential security vulnerability has been identified in HPE 3PAR OS. This is the TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" which could be exploited remotely to allow unauthorized modification. Revision 1 of this advisory.
892de0a6051d8846816ee65ef834575a37ad8278937cbce1b677d0672a47f81e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed