Gentoo Linux Security Advisory 201611-16 - Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code. Versions less than 54.0.2840.100 are affected.
a8397f1dead0b8746099dc52697372ef684258ab45498b92df26cd99cee4688bGentoo Linux Security Advisory 201611-15 - Multiple vulnerabilities have been found in Poppler, the worst of which allows remote attackers to execute arbitrary code. Versions less than 0.42.0 are affected.
9e867017ee405f2ab3aa5e78c21182ba068554c3f7411e1496a5456c49780f29Ubuntu Security Notice 3131-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.
97f74f2887273aaf548965ae782a0d45d4345f1afed77295fdf4004d81751ca0Red Hat Security Advisory 2016-2809-01 - The ipsilon packages provide the Ipsilon identity provider service for federated single sign-on. Ipsilon links authentication providers and applications or utilities to allow for SSO. It includes a server and utilities to configure Apache-based service providers. Security Fix: A vulnerability was found in ipsilon in the SAML2 provider's handling of sessions. An attacker able to hit the logout URL could determine what service providers other users are logged in to and terminate their sessions.
62ebd6d5c44aa0b4baaa3685abab5cbb76b339806e15c8c48e96b76428ab30f4Debian Linux Security Advisory 3719-1 - It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for DCERPC, AllJoyn, DTN, and OpenFlow, that could lead to various crashes, denial-of-service, or execution of arbitrary code.
ff0042f1d46181ecb6688120175f8f37efc1368dea2b32c7c87d609b9ba1c690Gentoo Linux Security Advisory 201611-14 - Multiple vulnerabilities have been discovered in MIT Kerberos 5, the worst of which may allow remote attackers to cause Denial of Service. Versions less than 1.13.2-r2 are affected.
9cc870d75fec5b3e5e72b5410b010b6e2964e4ac02c65b63650fe6ad75245d4cGentoo Linux Security Advisory 201611-13 - A vulnerability in MongoDB can lead to a Denial of Service condition. Versions less than 2.4.13 are affected.
b4839033da00a62a97688eab707eedcf52ab5e81048779f078e4fd71ee2a2362Gentoo Linux Security Advisory 201611-12 - Multiple vulnerabilities have been found in imlib2, the worst of which allows for the remote execution of arbitrary code. Versions less than 1.4.9 are affected.
c0bc2da01fe92dabf8269a7cfb2e656e04ea91d148acd072356abd67d733f945HP Security Bulletin HPSBHF03675 1 - A potential security vulnerability was addressed by HPE Integrated Lights-Out 3 and 4. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). Revision 1 of this advisory.
68e2e4afbbd1b669825b4e3ffe15b30c78592fb5f0402619943504d5f5a85d1fSlackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1, 14.2, and -current to fix security issues.
9fbe184d699b0008e8385d88f418c5f0209ffd94b643de6961426707c80db8f4Ubuntu Security Notice 3124-1 - Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, Markus Stange, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. A same-origin policy bypass was discovered with local HTML files in some circumstances. An attacker could potentially exploit this to obtain sensitive information. Various other issues were also addressed.
186fc72529bc55503b5bee038a51d2256f957a0adfbd4fa065e59591da446ee3Gentoo Linux Security Advisory 201611-11 - Multiple vulnerabilities have been found in QEMU, the worst of which could cause a Denial of Service condition. Versions less than 2.7.0-r6 are affected.
f65df48e99a50acb2abf2cd6d8af4cac73a92399ae257cbb493db0dd555963e0Relevanssi Premium version 1.14.4 suffers from a remote SQL injection vulnerability.
679c29060b65dc84d082552b03e799104a81dfec85db097aec556548b1eac5f6An unserialization vulnerability in Relevanssi Premium version 1.14.4 could allow for code execution.
6927b4ab7d5885556bd754c2ad01701b0d593da38e2a88a2428cccf5bb0216fcPost Indexer version 3.0.6.1 suffers from a man-in-the-middle vulnerability that may allow for arbitrary code execution.
ae251345f938c977f6f946b8a67e335ec898d22c843c43fc210bb0cdd04d4b34Post Indexer version 3.0.6.1 suffers from a remote SQL injection vulnerability.
29834485d983a58f496acf14a03989b41aa447ba1ef4b268ba5ec7b3d8676a83Palo Alto Networks PanOS suffers from a stack buffer overflow in the appweb3 embedded webserver.
46316d54fe0b1eaeb6e793d9de3a88060515fc612e68480aff0ecc2569c52c70Jaws version 1.1.1 suffers from a remote code execution vulnerability.
f1ac8e059024b6d543654b98ea962126a4712333b7af780c3dab82cf9a059f7aUbuntu Security Notice 3130-1 - It was discovered that OpenJDK did not restrict the set of algorithms used for Jar integrity verification. An attacker could use this to modify without detection the content of a JAR file, affecting system integrity. It was discovered that the JMX component of OpenJDK did not sufficiently perform classloader consistency checks. An attacker could use this to bypass Java sandbox restrictions. Various other issues were also addressed.
e29cc974b99c653e8595c5283afc2543bf4f25c83ab9219f573aedda2281d0cdRed Hat Security Advisory 2016-2807-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. This release of Red Hat JBoss Web Server 2.1.2 serves as a replacement for Red Hat JBoss Web Server 2.1.1. It contains security fixes for the Tomcat 7 component. Only users of the Tomcat 7 component in JBoss Web Server need to apply the fixes delivered in this release. Security Fix: A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack.
a747ee41bc1c78f0329cb06102ce7044196717407b83c8ba83cdc599fc05f1e6Red Hat Security Advisory 2016-2808-01 - This release of Red Hat JBoss Web Server 2.1.2 serves as a replacement for Red Hat JBoss Web Server 2.1.1. It contains security fixes for the Tomcat 7 component. Only users of the Tomcat 7 component in JBoss Web Server need to apply the fixes delivered in this release. Security Fix: A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack.
6aabba5392b13a85b44e0e196d13a81b259818172e29bc8bb40c46530f9dfb13Red Hat Security Advisory 2016-2802-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support.
725da1b5c613bcd982c7bcfe20324be7b1e25d2d226b08cabed951c85a985649Debian Linux Security Advisory 3716-1 - Multiple security issues have been found in the Mozilla Firefox web implementation errors may lead to the execution of arbitrary code or bypass of the same-origin policy. Also, a man-in-the-middle attack in the addon update mechanism has been fixed.
656343001b31a499c024493fd7fb5830ebc134988b99415fd813e06551b04c33Gentoo Linux Security Advisory 201611-10 - A vulnerability in libuv could lead to privilege escalation. Versions less than 1.4.2 are affected.
290eb7d239c48c0902769e4db7b1c970874d25c71930c3bc68ad020aad6736bcIn an attempt to address DLL hijacking issues, Emsisoft has introduced additional security issues.
3adced441acb8daaa8e7985e221c41156766e4a6efbf1c4eb4fa72158ea75f09
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed