Ubuntu Security Notice 2879-1 - It was discovered that rsync incorrectly handled invalid filenames. A malicious server could use this issue to write files outside of the intended destination directory.
58f94c305f507b90b4409a90ad30385ea19698a55a6c912f46ee10c91c859e92
Ubuntu Security Notice 2878-1 - David Golden discovered that the canonpath function in the Perl File::Spec module did not properly preserve the taint attribute. An attacker could possibly use this issue to bypass the taint protection mechanism.
3db55d3bf074181b89629f8f752f3b60d2dc5f2b3f784857fbf7ab1ae0c7d086
Red Hat Security Advisory 2016-0062-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks.
1636a44af0501528e041cd74d9e0faab81917561cfbed4a1bef6268292d7e47c
OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
50a157d26d8b9ae370cd7fa52c7c6f43f4c77aeeb5d0fccd6a2e92c7dfc1d88e
Avast Sandbox/Autosandbox message filtering suffers from a flaw that allows for privilege escalation.
11123d8f04f7157f84cdc92816ac901eeb5aa4e1ff0b49448154baf59b27196c
Red Hat Security Advisory 2016-0061-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks.
24a856d50a46db75a2b42715c16401c84cab00721d784dc0aaf04982e3864f7b
xwpe versions 1.5.30a-2.1 and below are prone to a stack-based buffer overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied input.
a4919457bf2da63d581b5aae4f06c9ad9e2b5379274e85a42e35cbaacd600302
WiX Toolset installers suffer from a DLL hijacking vulnerability.
392db3509927ad38eb89dd7758d1f34327b87217ca0ddcffb49a9984cd877f74
Quick CMS version 6.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
8854dace4f9cbaee5314c4c8af2d0f77520ac18d7478291cd4888679dca4041b
Red Hat Security Advisory 2016-0054-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions.
9c563bb8b9e2eea5b08d1c62306cd76b8edf7b6fa4d698fa3811c45bf60324fc
Red Hat Security Advisory 2016-0056-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
63ba3e35e78846c54fbf5b6d993d7ce4b576d0f774abf220f2138ecdd96aca87
Red Hat Security Advisory 2016-0053-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions.
3be5dffa75f02e63bc29dc4d1fc7da3c3b30bef29c49a4a878d9cf9ba523b04e
Red Hat Security Advisory 2016-0055-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
b40448498e10595f080684d063b66d9b1e04c6fba568af426eba2d3e33aaefa4
Red Hat Security Advisory 2016-0057-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
e11cf361ce84a75486b6566fd82f9240bd8c241d9863dfa68221e3b538e0039c
Java Platform SE 6 U24 HtmlConverter.exe version 6.0.240.50 suffers from a buffer overflow vulnerability.
c26dad11dc7a3b97b9cbe8edf6f976878186e3d92c3d957301ddda94e2f412c6
GRR versions 3.0.0-RC1 and below suffer from a remote code execution vulnerability with privilege escalation through a file upload filter bypass.
286b498185c854403d0e567a816f5429b38d05890d5fa5454fe997be0829251f
Red Hat Security Advisory 2016-0049-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions.
47abffb2d9817bf8cc2b5dd087e26ebb38def15423c3b839b7d5d3801925f7c6
Red Hat Security Advisory 2016-0050-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions.
923f7f1fb19af9c07fe713c659a98bb0ea548a82a1793d6a8a53efc9b007eb16
QuickAuth Pebble loads TOTP keys in the clear over HTTP and is susceptible to man-in-the-middle attacks.
427e900319b144508503fda3ef825f8938285cdb168278c868e75d07bf751d30
OpenCart failed to properly address a directory traversal vulnerability.
70f25d17535ccb3b77e499f6d07f084657b709f051cdb9e0bdf5b5143c82a422