Ubuntu Security Notice 1778-1 - Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged guest OS user could exploit this flaw to cause a denial of service (crash the system) or gain guest OS privilege. A flaw was reported in the permission checks done by the Linux kernel for /dev/cpu/*/msr. A local root user with all capabilities dropped could exploit this flaw to execute code with full root capabilities. Various other issues were also addressed.
af8c6d029a29cb100ee0cf285e51af80c2f837650a0be518c832cb85e752d2a1
Ubuntu Security Notice 1776-1 - A flaw was reported in the permission checks done by the Linux kernel for /dev/cpu/*/msr. A local root user with all capabilities dropped could exploit this flaw to execute code with full root capabilities. A flaw was discovered in the Linux kernels handling of memory ranges with PROT_NONE when transparent hugepages are in use. An unprivileged local user could exploit this flaw to cause a denial of service (crash the system). Various other issues were also addressed.
97d3855a4b7407cdfe8da33f6e14f63525cfe8916a39471f14e794dc510927ad
Ubuntu Security Notice 1775-1 - A flaw was reported in the permission checks done by the Linux kernel for /dev/cpu/*/msr. A local root user with all capabilities dropped could exploit this flaw to execute code with full root capabilities. A flaw was discovered in the Linux kernels handling of memory ranges with PROT_NONE when transparent hugepages are in use. An unprivileged local user could exploit this flaw to cause a denial of service (crash the system). Various other issues were also addressed.
1358f8a1f860e256b3384b686b5acc9fc5aaf68a1cbe72af55479f9faf55d338
HP Security Bulletin HPSBUX02856 SSRT101104 - Potential security vulnerabilities have been identified with HP-UX OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or allow unauthorized disclosure of information. Revision 1 of this advisory.
9917a432965b1459a3758cf6c669fbe20c9d2348e5edcfdba51ca85b607708f2
Local root exploit for Mageia release 2 (32bit) using the sock_diag_handlers[] vulnerability.
583f10c762d370ddd5cd3c44ff64334cc20eb9b077d18cc3b9667645a0e13222
GnuTLS libgnutls double-free certificate list parsing remote denial of service proof of concept exploit. Versions affected are 3.0.13 and below.
cdefe8cbc7db61295ac1d863eda74e91643144878d48831d727a329a03ac2ec2
WordPress IndiaNIC FAQS Manager third party plugin version 1.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
4eef48563f974167e0475f2ccc99c75e0be7d32fa173da8022968e93ced51a37
WordPress IndiaNIC FAQS Manager third party plugin version 1.0 suffers from a remote blind SQL injection vulnerability.
3d1a884edc47b4a97429ba801e284ca9de542f09d510a7f8693e162902fc8430
This Metasploit module exploits a remote command execution vulnerability in Apache Struts versions < 2.3.1.2. This issue is caused because the ParametersInterceptor allows for the use of parentheses which in turn allows it to interpret parameter values as OGNL expressions during certain exception handling for mismatched data types of properties which allows remote attackers to execute arbitrary Java code via a crafted parameter.
e56bcff70dfc308ffd717452aab966d54c1fdec14e8544d8df4198054ba401b9
LibreOffice version 4.0.1.2 suffers from an update spoofing vulnerability due to not using a secure channel nor digital signatures.
0fd0fd152553fcde204b860ae9af883db4511e308c44f058a80c84db259f2843
EastFTP Active-X control version 4.6.02 code execution exploit.
47eaaf588524ad7407e7c1eb004c09636584ead0b6cece7bf2405b531a30fe71