Debian Linux Security Advisory 3217-1 - Jann Horn discovered that the source package integrity verification in dpkg-source can be bypassed via a specially crafted Debian source control file (.dsc). Note that this flaw only affects extraction of local Debian source packages via dpkg-source but not the installation of packages from the Debian archive.
66567458b5c55f0422e2fb70b36cadea666fe817ca19700b553c62b88cca0cbf
This Metasploit module exploits a remote command execution vulnerability in Barracuda Firmware versions 5.0.0.012 and below by exploiting a vulnerability in the web administration interface. By sending a specially crafted request it's possible to inject system commands while escalating to root do to relaxed sudo configuration on the local machine.
47ed3ef4957c8e0f48670b15bb88acf48f64853701b5565f1f077b80177cbc5a
Comalatech Comala Workflows versions 4.6.1 and below suffer from cross site request forgery and cross site scripting vulnerabilities.
b9fca79735e3cc4bf975c510e49bbccd87d29af3072e7048d9b25438a79754e7
Asterisk Project Security Advisory - When Asterisk registers to a SIP TLS device and and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null byte after the portion of the common name that Asterisk expected.
b08ef4b3d0f8ba0061a7cd3e5a8e37967a3286590dcc31a21c17c24ecb06371e
Apple Security Advisory 2015-04-08-5 - Xcode 6.3 is now available and addresses stack guard bypass and an issue where Swift programs performing certain type conversions may receive unexpected values.
0ce20e707741564c131e8fe519a08c07acd797603c90739a11316436b9b16ac6
Apple Security Advisory 2015-04-08-4 - Apple TV 7.2 is now available and addresses information disclosure, code execution, memory disclosure, and various other vulnerabilities.
25a3214ab7e6cadbdce4b05ac7c58a751b527530285591e0ffb09d1fe9b51d8a
Apple Security Advisory 2015-04-08-3 - iOS 8.3 is now available and addresses code execution, access restriction, information disclosure, and various other vulnerabilities.
38d713ab32609a1117e7c790d7f5d298e14be22ee646cac89deceba5358bcdd3
Apple Security Advisory 2015-04-08-2 - OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege escalation, code execution, information disclosure, and various other vulnerabilities.
bfdc53ae50c366d1018234c77470fabd66ae9360537370dafd782122121b89cd
Apple Security Advisory 2015-04-08-1 - Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5 are now available and address information disclosure, code execution, certificate matching, and various other vulnerabilities.
eeaa79384ff069091d47b9a03c45c84ae355020694e5aeac68b451b6f942eb32
The Call for Papers for the inaugural Hack In The Box GSEC conference in Singapore is now open. It will be held October 12th through the 16th, 2015 at the Sheraton Towers in Singapore.
d42213d26e010433988c1d4f7c96a576003f139e14d12e1074db9f4ae6f3b5e5
HP Security Bulletin HPSBUX03240 SSRT101872 2 - Potential security vulnerabilities have been identified with HP-UX running NTP. These could be exploited remotely to execute code, create a Denial of Service (DoS), or other vulnerabilities. Revision 2 of this advisory.
1f4fd14946b0e379a10db31c1f62663f3c788557aa4411f47f54db8d0cf85d0d
Cisco Security Advisory - A vulnerability in the virtualization layer of the Cisco ASA FirePOWER Services and Cisco ASA Context Aware (CX) Services could allow an unauthenticated, remote attacker to cause the a reload of the affected system.
03bf8d69a0bf6c91ee0106ef74c392f2a8e255b31f1eeb5859051b72b8c5176f
Mandriva Linux Security Advisory 2015-198 - Multiple vulnerabilities has been discovered and corrected in java-1.8.0-openjdk. The updated packages provides a solution for these security issues.
70e18c801844e69b740945998cb86b87730582d195550d64ca9d0575e329b2f3
Cisco Security Advisory - Cisco Adaptive Security Appliance (ASA) Software is affected by command injection, memory exhaustion, and denial of service vulnerabilities.
002287a420933aae31fd15f0d7d5940f2f4023cf6588b7d6edf90aa5cb93c2d2
Ubuntu Security Notice 2565-1 - An integer overflow was discovered in the stack randomization feature of the Linux kernel on 64 bit platforms. A local attacker could exploit this flaw to bypass the Address Space Layout Randomization (ASLR) protection mechanism. An information leak was discovered in the Linux Kernel's handling of userspace configuration of the link layer control (LLC). A local user could exploit this flaw to read data from other sysctl settings. Various other issues were also addressed.
45367e0ecb6fdf13b6f707fbe0aa7b08eb00219f55533ddb3f943355617b7375
Ubuntu Security Notice 2564-1 - An integer overflow was discovered in the stack randomization feature of the Linux kernel on 64 bit platforms. A local attacker could exploit this flaw to bypass the Address Space Layout Randomization (ASLR) protection mechanism. An information leak was discovered in the Linux Kernel's handling of userspace configuration of the link layer control (LLC). A local user could exploit this flaw to read data from other sysctl settings. Various other issues were also addressed.
b4b5729a8b3105060a97d50bfcaf3b153c00ee7647386935333eed9d44313e11
Red Hat Security Advisory 2015-0794-01 - Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. The following security issues are fixed with this release: A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library could call the gss_process_context_token() function and use this flaw to crash that application.
092ae20195bf4a7732cc962288fb80eeebadd65456efb91c9af412787b3822e3
Ubuntu Security Notice 2563-1 - Sun Baoliang discovered a use after free flaw in the Linux kernel's SCTP (Stream Control Transmission Protocol) subsystem during INIT collisions. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges on the system. Marcelo Leitner discovered a flaw in the Linux kernel's routing of packets to too many different dsts/too fast. A remote attacker can exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.
5dafdca9ed571fcd6801dd6f0d5967baba32409d329a23f6e9674061e54eb37c
Ubuntu Security Notice 2560-1 - An integer overflow was discovered in the stack randomization feature of the Linux kernel on 64 bit platforms. A local attacker could exploit this flaw to bypass the Address Space Layout Randomization (ASLR) mitigation mechanism. An information leak was discovered in the Linux kernel's handling of userspace configuration of the link layer control (LLC). A local user could exploit this flaw to read data from other sysctl settings. Various other issues were also addressed.
342f94cb1aabaa7a970f11ca1c034e73d616bd82981312d40732665c7748928b
Ubuntu Security Notice 2562-1 - Sun Baoliang discovered a use after free flaw in the Linux kernel's SCTP (Stream Control Transmission Protocol) subsystem during INIT collisions. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges on the system. Marcelo Leitner discovered a flaw in the Linux kernel's routing of packets to too many different dsts/too fast. A remote attacker can exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.
be127130c407df608bf557e516cba75d80dd022ba633f89a98b2e1cf1698a549
Ubuntu Security Notice 2561-1 - It was discovered that the Linux kernel's Infiniband subsystem did not properly sanitize its input parameters while registering memory regions from userspace. A local user could exploit this flaw to cause a denial of service (system crash) or to potentially gain administrative privileges. An integer overflow was discovered in the stack randomization feature of the Linux kernel on 64 bit platforms. A local attacker could exploit this flaw to bypass the Address Space Layout Randomization (ASLR) mitigation mechanism. Various other issues were also addressed.
8aef8dc5ce0c1d2950a6515a77b071d9261bb137d80010ab9989173c9845de2d
Mac OS X rootpipe local proof of concept privilege escalation exploit.
146b64bdac5816f848302abe5d0ad8a8ac00a1ef2eb064fcfcdd3a63453c2ee0
WordPress Windows Desktop and iPhone Photo Uploader plugin suffers from a remote shell upload vulnerability.
4066792653efe187fcf02429adee45b20e2c070fa70ff0034e4116b8ff3d3b8b