VMware Security Advisory 2015-0001 - VMware vCenter Server, ESXi, Workstation, Player and Fusion address several security issues.
55fa1873d70654ee0597f3da9f1f88c2593c4ac47e45f3deaf0add63c4c2cd33FreeBSD Security Advisory - SCTP protocol provides reliable, flow-controlled, two-way transmission of data. It is a message oriented protocol and can support the SOCK_STREAM and SOCK_SEQPACKET abstractions. SCTP allows the user to choose between multiple scheduling algorithms to optimize the sending behavior of SCTP in scenarios with different requirements. Due to insufficient validation of the SCTP stream ID, which serves as an array index, a local unprivileged attacker can read or write 16-bits of kernel memory.
94980381572f511b4697b2bf2b6d1b10dee3a0640f849037c8cd995bace01080Mantis BugTracker version 1.2.19 suffers from an open redirection vulnerability.
a4a5d3a57136e2c7c69197773c4c6f2b7d1873d9a94832d2eb5e95f58d43524eClam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
6591245d55445a2ddcc1700964c33b8bf62fe20c75bd9c7746f4fe0735502951Apple Security Advisory 2015-01-27-4 - OS X 10.10.2 and Security Update 2015-001 are now available and address information disclosure, arbitrary code execution, cache clearing, integer overflow, and various other vulnerabilities.
434e3bbf065d6ff22de4e7b85d71ce11a7811880de29f04e6a58af05a3e46a97Apple Security Advisory 2015-01-27-3 - Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3 are now available and address memory corruption issues that can lead to arbitrary code execution.
ffbe57c64600b7e1c963a99fbe798c9585ea40b12b6d5dcf274b6aa86e401253Apple Security Advisory 2015-01-27-2 - iOS 8.1.3 is now available and addresses access bypass, arbitrary code execution, denial of service, and various other vulnerabilities.
7d9920a6997e5e7bb8e01611c7dce2b7e3e242c90d9a5c4edeb5181b8c7b8cf1Apple Security Advisory 2015-01-27-1 - Apple TV 7.0.3 is now available and addresses arbitrary code execution, access bypass, unsigned code execution, information disclosure, and various other vulnerabilities.
5ccfb0bf060b8bfce712b760bdd4bdcf5bc236994aba26bbfdd77d093c7ee7bbRed Hat Security Advisory 2015-0094-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-02, and APSB15-03, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.
0d3babf6448936f91b0ce462ac340ae5806760fa2c69e2e4e726c08d7fa3e1c7Red Hat Security Advisory 2015-0093-01 - Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium.
15bcdc47727fc0ad0b65702ab55c64ea44a92ad6a771e7347758eaea43b886bbRed Hat Security Advisory 2015-0087-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change. A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. An integer overflow flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture implementation handled user controls. A local, privileged user could use this flaw to crash the system.
56294e658e5f97118916c849531a69eb62aaa3d6bf0ea85f9f9081df3abed7a4Ubuntu Security Notice 2486-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Various other issues were also addressed.
0a3efc41f8c988a1d04f15b23eb0e08c026c2987dda7ba586d9c7cc4ee33cb55Core Security Technologies Advisory - Multiple vulnerabilities have been found in the FreeBSD kernel code that implements the vt console driver (previously known as Newcons) and the code that implements SCTP sockets. These vulnerabilities could allow local unprivileged attackers to disclose kernel memory containing sensitive information, crash the system, and execute arbitrary code with superuser privileges.
ab4dd6486f4ee6eea333af5b0238b5e37c79372f03d28ec456d911e6e9c2a2f2New CMS version 2.1 suffers from a local file inclusion vulnerability.
26b93c8a8cc6dbb8ec52f0210258d68239e0acf6e87359bc67630c70164293cdSites powered by Restaurantbiller suffer from remote shell upload and remote SQL injection vulnerabilities.
f4a1adac8a45ce05a5b00694825f0222021b21e9d260550f0910c915cc9c69e7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed