Hancom Office 2010 SE suffers from a buffer overflow vulnerability when parsing the TEXTART tag in .hml files. Version 8.5.8 is vulnerable.
a17b81a09985939af395d0a0470cba80Ubuntu Security Notice 2059-1 - Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was susceptible to an adaptive chosen ciphertext attack via acoustic emanations. A local attacker could use this attack to possibly recover private keys.
ea0b5437857994c87e948f01a7e5c636Mandriva Linux Security Advisory 2013-294 - Multiple stack-based buffer overflows in file-xwd.c in the X Window Dump plug-in in GIMP 2.8.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a large blue color mask in an XWD file. Integer overflow in the load_image function in file-xwd.c in the X Window Dump plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large color entries value in an X Window System image dump. Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via an X Window System image dump with more colors than color map entries. The updated packages have been patched to correct these issues.
c329a33f11a0de5f2b7a6048e3461631Debian Linux Security Advisory 2822-1 - Bryan Quigley discovered an integer underflow in the Xorg X server which could lead to denial of service or the execution of arbitrary code.
fceae1e107a331e303c9ac09256a0d89Debian Linux Security Advisory 2823-1 - Bryan Quigley discovered an integer underflow in Pixman which could lead to denial of service or the execution of arbitrary code.
db35884b120083d073624f73fc90f6bcDebian Linux Security Advisory 2821-1 - Genkin, Shamir and Tromer discovered that RSA key material could be extracted by using the sound generated by the computer during the decryption of some chosen ciphertexts.
9e7605134cb3bd42bc7a16df6f338f96Mandriva Linux Security Advisory 2013-293 - An integer overflow flaw and a heap-based buffer overflow were found in the way GIMP loaded certain X Window System image dump files. A remote attacker could provide a specially crafted XWD image file that, when processed, would cause the XWD plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP.
d277fe0df46c9bc803d25cb3b1f3f00aMandriva Linux Security Advisory 2013-292 - Mikulas Patocka discovered an integer overflow in the parsing of HTML tables in the Links web browser. This can only be exploited when running Links in graphical mode.
3c8cfe1dbd5202e362686f813209ccf6Mandriva Linux Security Advisory 2013-291 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h. The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the au1100fb_fb_mmap function in drivers/video/au1100fb.c and the au1200fb_fb_mmap function in drivers/video/au1200fb.c. Various other issues have also been addressed.
8efc7fb53b422a2fc21cfd138e6682b4Mandriva Linux Security Advisory 2013-289 - Possible security bypass on admin page under certain circumstances and MariaDB. The owncloud package has been updated to version 5.0.13, fixing this and many other issues.
1c91f7ec634d38e75cc5a14d72d1fc63Mandriva Linux Security Advisory 2013-290 - Kevin Israel identified and reported two vectors for injecting Javascript in CSS that bypassed MediaWiki's blacklist. Internal review while debugging a site issue discovered that MediaWiki and the CentralNotice extension were incorrectly setting cache headers when a user was autocreated, causing the user's session cookies to be cached, and returned to other users.
b148020f2878bd2fcf94ec15125260d7Mandriva Linux Security Advisory 2013-291 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h. The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. Various other issues have also been addressed.
8efc7fb53b422a2fc21cfd138e6682b4Ubuntu Security Notice 2058-1 - Marc Deslauriers discovered that libcurl incorrectly verified CN and SAN name fields when digital signature verification was disabled in the GnuTLS backend. When libcurl is being used in this uncommon way by specific applications, an attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.
d159278f3ff95f560d5cf10bbbac9e43Mandriva Linux Security Advisory 2013-292 - Mikulas Patocka discovered an integer overflow in the parsing of HTML tables in the Links web browser. This can only be exploited when running Links in graphical mode.
c969c541627ea77ab00bae10ce5aecc8Gentoo Linux Security Advisory 201312-14 - An integer overflow in libsndfile might allow remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 1.0.25 are affected.
2b4d31d2163b10936c61ff4306ffab2eApple Security Advisory 2013-12-16-2 - OS X Mavericks v10.9.1 is now available and includes the content of Safari 7.0.1, addressing multiple security issues.
7e86597ffaea2a76e3c1ae6553f0d631Apple Security Advisory 2013-12-16-1 - Safari 6.1.1 and Safari 7.0.1 are now available and address credential disclosure and code execution vulnerabilities.
84597dbc51f74a4fdd1f229313f1af84Jenkins CI version 1.523 has a default markup formatter that permits offsite-bound forms. This vulnerability could be exploited by a remote attacker (a malicious user) to inject malicious persistent HTML script code (application side) and in turn perform a cross site scripting attack.
f4d76e87d6ed85152b560a96b6dc166d
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed