Debian Linux Security Advisory 3371-1 - Frediano Ziglio of Red Hat discovered several vulnerabilities in spice, a SPICE protocol client and server library. A malicious guest can exploit these flaws to cause a denial of service (QEMU process crash), execute arbitrary code on the host with the privileges of the hosting QEMU process or read and write arbitrary memory locations on the host.
8724adae44c0f76d42a3f5b53969d8f1a2b8410728271b1ae7c84ec133ccef00
Joomla! CMS versions 3.4.0 through 3.4.3 suffer from a cross site scripting vulnerability.
429b040ae8eb0d56c0cc95bcf56bcdba82a2542bbf15a63cc532bd9f86d1f58a
Veeam Backup and Replications versions 6 through 8 suffer from log disclosure and broken password security vulnerabilities.
297149a77606ab6deac1de2bb98b0f033747ba6db8266944dfe68b46fdffd256
Red Hat Security Advisory 2015-1862-01 - Red Hat Enterprise Linux OpenStack Platform director provides the facilities for deploying and monitoring a private or public infrastructure-as-a-service cloud based on Red Hat Enterprise Linux OpenStack Platform. A flaw was discovered in the pipeline ordering of OpenStack Object Storage's staticweb middleware in the swiftproxy configuration generated from the openstack-tripleo-heat-templates package. The staticweb middleware was incorrectly configured before the Identity Service, and under some conditions an attacker could use this flaw to gain unauthenticated access to private data.
5ea40faeb29a51d07126fa754ad6aa9ce63c8cee88b0b54a3e88de07ebad322f
Red Hat Security Advisory 2015-1876-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. It was found that Django incorrectly handled the session store. A session could be created by anonymously accessing the django.contrib.auth.views.logout view if it was not decorated correctly with django.contrib.auth.decorators.login_required. A remote attacker could use this flaw to fill up the session store or cause other users' session records to be evicted by requesting a large number of new sessions.
877d266616c7a414824877b342ccbfa1856350019d29d18619838e614d8640fa
An authentication bypass vulnerability in the web interface of a Buffalo LinkStation Duo Network Attached Storage (NAS) device allows unauthenticated attackers to gain administrative privileges. This puts the confidentiality and integrity of the stored data as well as the integrity of the device configuration at high risk.
8b56e71d7955315bcf04a3159d5fdfb83497857e77ff2660643acd96f4072268
A component of Kaspersky Internet Security that's enabled by default is called the "Network Attack Blocker", described as "protects the computer against dangerous network activity". This researcher examined the implementation, and determined that it's actually a simple stateless packet filter with a pattern-matching signature system.
c93a85cd6e072be949ef0e44b2c0a5defdb132a1bdc0a750a43a8beadfd92a25
The W150D Wireless N 150 ADSL2 modem router suffers from a cross site request forgery vulnerability.
d09ea1f749e714cfa623d2468198983f9b6a09ff2ee6b2e3583654d44f360254
VeryPDF Image2PDF Converter SEH buffer oevrflow exploit that spawns messagebox shellcode.
fb0eb094b5e573fada445410e8039241a3a11cfe31027910642ed1bad8b24dda
FreeYouTubeToMP3 Converter version 4.0.1 suffers from a buffer overflow vulnerability.
c25aa7b8ea2738b878b257f4887fbc5682c63e244b2a8b7c9f9bf2bc5ff5bf55
WebComIndia CMS 2015Q4 suffers from an authentication bypass vulnerability via remote SQL injection.
afc30dbcbcfb0ef32c6e8696ef381ed2d5d31290833839f08df44da1dacba8e1
PayPal suffered from an open redirect vulnerability.
e887d6170d64eb863e814260146a628878b0b1d63fc18ec8ff72b27057825e3d