Ubuntu Security Notice 2879-1 - It was discovered that rsync incorrectly handled invalid filenames. A malicious server could use this issue to write files outside of the intended destination directory.
58f94c305f507b90b4409a90ad30385ea19698a55a6c912f46ee10c91c859e92Ubuntu Security Notice 2878-1 - David Golden discovered that the canonpath function in the Perl File::Spec module did not properly preserve the taint attribute. An attacker could possibly use this issue to bypass the taint protection mechanism.
3db55d3bf074181b89629f8f752f3b60d2dc5f2b3f784857fbf7ab1ae0c7d086Red Hat Security Advisory 2016-0062-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks.
1636a44af0501528e041cd74d9e0faab81917561cfbed4a1bef6268292d7e47cOpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
50a157d26d8b9ae370cd7fa52c7c6f43f4c77aeeb5d0fccd6a2e92c7dfc1d88eAvast Sandbox/Autosandbox message filtering suffers from a flaw that allows for privilege escalation.
11123d8f04f7157f84cdc92816ac901eeb5aa4e1ff0b49448154baf59b27196cRed Hat Security Advisory 2016-0061-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks.
24a856d50a46db75a2b42715c16401c84cab00721d784dc0aaf04982e3864f7bxwpe versions 1.5.30a-2.1 and below are prone to a stack-based buffer overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied input.
a4919457bf2da63d581b5aae4f06c9ad9e2b5379274e85a42e35cbaacd600302WiX Toolset installers suffer from a DLL hijacking vulnerability.
392db3509927ad38eb89dd7758d1f34327b87217ca0ddcffb49a9984cd877f74Quick CMS version 6.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
8854dace4f9cbaee5314c4c8af2d0f77520ac18d7478291cd4888679dca4041bRed Hat Security Advisory 2016-0054-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions.
9c563bb8b9e2eea5b08d1c62306cd76b8edf7b6fa4d698fa3811c45bf60324fcRed Hat Security Advisory 2016-0056-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
63ba3e35e78846c54fbf5b6d993d7ce4b576d0f774abf220f2138ecdd96aca87Red Hat Security Advisory 2016-0053-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions.
3be5dffa75f02e63bc29dc4d1fc7da3c3b30bef29c49a4a878d9cf9ba523b04eRed Hat Security Advisory 2016-0055-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
b40448498e10595f080684d063b66d9b1e04c6fba568af426eba2d3e33aaefa4Red Hat Security Advisory 2016-0057-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
e11cf361ce84a75486b6566fd82f9240bd8c241d9863dfa68221e3b538e0039cJava Platform SE 6 U24 HtmlConverter.exe version 6.0.240.50 suffers from a buffer overflow vulnerability.
c26dad11dc7a3b97b9cbe8edf6f976878186e3d92c3d957301ddda94e2f412c6GRR versions 3.0.0-RC1 and below suffer from a remote code execution vulnerability with privilege escalation through a file upload filter bypass.
286b498185c854403d0e567a816f5429b38d05890d5fa5454fe997be0829251fRed Hat Security Advisory 2016-0049-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions.
47abffb2d9817bf8cc2b5dd087e26ebb38def15423c3b839b7d5d3801925f7c6Red Hat Security Advisory 2016-0050-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions.
923f7f1fb19af9c07fe713c659a98bb0ea548a82a1793d6a8a53efc9b007eb16QuickAuth Pebble loads TOTP keys in the clear over HTTP and is susceptible to man-in-the-middle attacks.
427e900319b144508503fda3ef825f8938285cdb168278c868e75d07bf751d30OpenCart failed to properly address a directory traversal vulnerability.
70f25d17535ccb3b77e499f6d07f084657b709f051cdb9e0bdf5b5143c82a422
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed