Red Hat Security Advisory 2015-1513-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet.
9696ddffb016995e664c0f085c91763803a03b91c9ed81fad41daf42f574fd3dphpFileManager version 0.9.8 suffers from a cross site request forgery vulnerability that can result in a backdoor shell being uploaded.
eeaeb00276d182701e2a427994ceb254b863ad5e1c36145e4eb639af0c35775bWordPress Chief Editor plugin version 3.6.1 suffers from a cross site scripting vulnerability.
fd5b4dfc2dd7bb42dd52dfd0db0015a9c3cc67dd2c3fdaf9d1aebb9971d6c0b4WordPress 1-click Retweet / Share / Like plugin version 5.2 suffers from a cross site scripting vulnerability.
a722aab7d8e28d0e16358c73cc40efb34950834bb4fe10ea6ce148308f110263WordPress Author Manager plugin version 1.0 suffers from a cross site scripting vulnerability.
4cf946de5482742a2db7f891a6a526d95005c2d48ab8c78510fb9319c737b631WordPress Ads In Bottom Right plugin version 1.0 suffers from a cross site scripting vulnerability.
b09691c8087bfb29e90c996d241158fc983e4dcb030127d0ce63c6d13745a41fWordPress Google Plus one Button by KMS plugin version 1.5.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
b22ca365d1e13f6763b293aa9355c3e79409d0f129033e0a6ae55c3a7767abd3Ubuntu Security Notice 2691-1 - Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested NMIs (non-maskable interrupts). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. Colin King discovered a flaw in the add_key function of the Linux kernel's keyring subsystem. A local user could exploit this flaw to cause a denial of service (memory exhaustion). Various other issues were also addressed.
233afb4582ee78a50a8facdf30a35b42c990f6ff998cb27bce0cb8f4bf394da2Ubuntu Security Notice 2688-1 - Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested NMIs (non-maskable interrupts). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. Colin King discovered a flaw in the add_key function of the Linux kernel's keyring subsystem. A local user could exploit this flaw to cause a denial of service (memory exhaustion). Various other issues were also addressed.
ce58db6ac1ce225659c4f2333916e039746c0fa760849b8e9016fdecb8a8fd66Ubuntu Security Notice 2687-1 - Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested NMIs (non-maskable interrupts). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. Colin King discovered a flaw in the add_key function of the Linux kernel's keyring subsystem. A local user could exploit this flaw to cause a denial of service (memory exhaustion). Various other issues were also addressed.
49ab85c196aa855b9ebaf838b0b9f7a16754a5118979c620b131d4167753d1d1Ubuntu Security Notice 2689-1 - Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested NMIs (non-maskable interrupts). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. Colin King discovered a flaw in the add_key function of the Linux kernel's keyring subsystem. A local user could exploit this flaw to cause a denial of service (memory exhaustion). Various other issues were also addressed.
8bc536d144528d06e731bc5365cad7af2d099cf3c5d399449213870149ab6b19Red Hat Security Advisory 2015-1512-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with the CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
530e72ca2188050dcc033500673eaf1070ae047e520dfe654e66a7a68f67e08aUbuntu Security Notice 2690-1 - Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested NMIs (non-maskable interrupts). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. Colin King discovered a flaw in the add_key function of the Linux kernel's keyring subsystem. A local user could exploit this flaw to cause a denial of service (memory exhaustion). Various other issues were also addressed.
aa51a0821d1a02548dc2de024d18926f5f95a5bc133a2d69ec6f69a16f43f629Ubuntu Security Notice 2693-1 - Jonathan Foote discovered that Bind incorrectly handled certain TKEY queries. A remote attacker could use this issue with a specially crafted packet to cause Bind to crash, resulting in a denial of service. Pories Ediansyah discovered that Bind incorrectly handled certain configurations involving DNS64. A remote attacker could use this issue with a specially crafted query to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. Various other issues were also addressed.
411a9a7a936c5f60b5b0c9ee6179ab5f35060ebe8eb34ca0a134a30178867decDebian Linux Security Advisory 3319-1 - Jonathan Foote discovered that the BIND DNS server does not properly handle TKEY queries. A remote attacker can take advantage of this flaw to mount a denial of service via a specially crafted query triggering an assertion failure and causing BIND to exit.
124c5fcbeb1e34ffacc02e1644ac9241c1c0c30394399fdfcaee30e61f38d695Ubuntu Security Notice 2692-1 - Matt Tait discovered that QEMU incorrectly handled PIT emulation. In a non-default configuration, a malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Kevin Wolf discovered that QEMU incorrectly handled processing ATAPI commands. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Various other issues were also addressed.
3ce14f5f91a3957a62189bc98416489ca3815723c67a8c178b27bc6f07b581b9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed