email-edg.paypal.com suffers from an open redirection vulnerability.
086e380e45f47c1b584dc9896c4b5a50babf3b42f2e1cd675622e0ee8bfc6aa0Red Hat Security Advisory 2015-1767-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. It was found that Django incorrectly handled the session store. A session could be created by anonymously accessing the django.contrib.auth.views.logout view if it was not decorated correctly with django.contrib.auth.decorators.login_required. A remote attacker could use this flaw to fill up the session store or cause other users' session records to be evicted by requesting a large number of new sessions.
e130d2314417e6c973f5dd98dac2ab997783e7d9b1e77c77b9891ba15b677a41Red Hat Security Advisory 2015-1769-01 - Libunwind provides a C ABI to determine the call-chain of a program. An off-by-one array indexing error was found in the libunwind API, which could cause an error when reading untrusted binaries or dwarf debug info data. Red Hat products do not call the API in this way; and it is unlikely that any exploitable attack vector exists in current builds or supported usage. This issue was discovered by Paolo Bonzini of Red Hat. All users of libunwind are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
c6c367c6568b39126a29a462f02e4f16c75449d06b5fd29f26f6356361336849Red Hat Security Advisory 2015-1766-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. It was found that Django incorrectly handled the session store. A session could be created by anonymously accessing the django.contrib.auth.views.logout view if it was not decorated correctly with django.contrib.auth.decorators.login_required. A remote attacker could use this flaw to fill up the session store or cause other users' session records to be evicted by requesting a large number of new sessions.
109a0b1fa8837173f2254bdce28a94cf406f8d3ae8c1a95ffb48c5997d8e0e6fRed Hat Security Advisory 2015-1768-01 - Libunwind provides a C ABI to determine the call-chain of a program. An off-by-one array indexing error was found in the libunwind API, which could cause an error when reading untrusted binaries or dwarf debug info data. Red Hat products do not call the API in this way; and it is unlikely that any exploitable attack vector exists in current builds or supported usage. This issue was discovered by Paolo Bonzini of Red Hat. All users of libunwind are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
000e128affd10dba75aae8c7df5c415bb2ff2016a00f38f95e45765faa244334Ubuntu Security Notice 2739-1 - It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or hang, resulting in a denial of service, or possibly expose uninitialized memory.
90c65759ae6b76f3a2f82d88eef8230c13a06bda0c2cfb39f6d3cdd29179d0d1Debian Linux Security Advisory 3355-1 - Florian Weimer of Red Hat Product Security discovered that libvdpau, the VDPAU wrapper library, did not properly validate environment variables, allowing local attackers to gain additional privileges.
9f57e42758cac2e1a84a18a9fbdb2e6dcc8ef9fd75be1ce31be1da1cda7ec0bc
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed