Debian Linux Security Advisory 3491-1 - Multiple security issues have been found in Icedove, Debian's version of integer overflows, buffer overflows and other implementation errors may lead to the execution of arbitrary code or denial of service.
330ee8fe28dcf54c8c2c5874ba900aa3The Xerces-C XML parser mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. The bugs allow for a denial of service attack in many applications by an unauthenticated attacker, and could conceivably result in remote code execution. Apache Xerces-C XML Parser library versions prior to 3.1.3 are affected.
95b957a31bb8598747cd1d57b0e36f7bOpen Web Analytics version 1.5.7 suffers from a cross site scripting vulnerability.
45bac3d5fb9537f0cbd268c334777d4bA Linux IPv4 firewall and traffic shaper for single hosts to small and mid-sized networks. It allows flexible rule creation, while also shipping with presets for common needs. Rules are written in simple XML, allowing various ways to group and nest the iptables arguments. An interactive mode is available in order to build configuration files in a wizard based manner. Extensive documentation is also included.
1f910dc0d25deb2f7bd14ada1ff84f9bJSN PowerAdmin Joomla! extension version 2.3.0 suffers from cross site request forgery, code execution, and cross site scripting vulnerabilities.
0738d3a44209c401de2bb97dd315099fWordPress User Submitted Posts plugin version 20151113 suffers from a persistent cross site scripting vulnerability.
ba780ecc5b2e194667d2507d7336287bMagento versions 1.9.2.2 and below suffer from an information disclosure vulnerability in their RSS feed.
72ef98d834f769976ae3af136b7e032fIn certain kernel versions it is possible to use the AIO subsystem (io_submit syscall) to pass size values larger than MAX_RW_COUNT to the networking subsystem's sendmsg implementation. In the L2TP PPP sendmsg implementation, a large size parameter can lead to an integer overflow and kernel heap corruption during socket buffer allocation. This could be exploited to allow local privilege escalation from an unprivileged user account.
baa8ce9b45b1f1852ce12173de5c6701A crash can occurs due to a heap-based buffer overflow in the ASAN build of Wireshark (current git master), by feeding a malformed file to tshark.
2a8aa406b157deb56d8fdeee624aad5cUbiquiti Networks UniFi version 3.2.10 suffers from a cross site request forgery vulnerability.
feacedbdd6e190261848193e551b9695ManageEngine Firewall Analyzer version 8.5 SP-5.0 suffers from multiple cross site scripting vulnerabilities.
f262697d9bea4bdef54e39a137072eddGTA Firewall GB-OS version 6.2.02 suffers from a local malicious script insertion vulnerability.
8e0bf5e50e24d47619c3e9d19dfc7fc4Ubuntu Security Notice 2903-2 - USN-2903-1 fixed a vulnerability in NSS. An incorrect package versioning change in Ubuntu 12.04 LTS caused a regression when building software against NSS. This update fixes the problem. Hanno Boeck discovered that NSS incorrectly handled certain division functions, possibly leading to cryptographic weaknesses. This update also refreshes the NSS package to version 3.21 which includes the latest CA certificate bundle, and removes the SPI CA. Various other issues were also addressed.
1f3b0079ab0bc9720a464d4ef485e689Ubuntu Security Notice 2912-1 - Mariusz Ziulek discovered that libssh incorrectly handled certain packets. A remote attacker could possibly use this issue to cause libssh to crash, resulting in a denial of service. Aris Adamantiadis discovered that libssh incorrectly generated ephemeral secret keys of 128 bits instead of the recommended 1024 or 2048 bits when using the diffie-hellman-group1 and diffie-hellman-group14 methods. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Various other issues were also addressed.
86103931b74c7c83665bf453d0731365Debian Linux Security Advisory 3490-1 - Jakub Palaczynski discovered that websvn, a web viewer for Subversion repositories, does not correctly sanitize user-supplied input, which allows a remote user to run reflected cross-site scripting attacks.
f26d1ef9d3d1dbd6556f7bd9b8064480Ubuntu Security Notice 2913-3 - USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates package. This update adds support for alternate certificate chains to the OpenSSL package to properly handle the removal. The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20160104 package, including the removal of the SPI CA and CA certificates with 1024-bit RSA keys. Various other issues were also addressed.
fc771648c73b3f6fa76a51083448f54ceFront Learning CMS version 3.6.15.6 suffers from a persistent cross site scripting vulnerability in the message attachment.
8a2eed6ef70e4bb0ba94db5b9588c245eFront Learning CMS version 3.6.15.6 suffers from a persistent cross site scripting vulnerability in the forum functionality.
d2f23c9bae8131671f4015318e05e96dUbuntu Security Notice 2913-2 - USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates package. This update adds support for alternate certificate chains to the glib-networking package to properly handle the removal. The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20160104 package, including the removal of the SPI CA and CA certificates with 1024-bit RSA keys. Various other issues were also addressed.
bfcf9912a9b62c8c3ae0655f300bceb1Ubuntu Security Notice 2913-1 - The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20160104 package, including the removal of the SPI CA and CA certificates with 1024-bit RSA keys.
98f06e2fc9a9ba4ce82553ba33405c61Ubuntu Security Notice 2913-4 - USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates package. This update adds support for alternate certificate chains to the GnuTLS package to properly handle the removal. The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20160104 package, including the removal of the SPI CA and CA certificates with 1024-bit RSA keys. Various other issues were also addressed.
18f8d348663e85582dc4578b3f4c2913Slackware Security Advisory - New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
fcefe73e812ba3898beb2be19f0cc1afSlackware Security Advisory - New libgcrypt packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
55cff89e11d9d75493db8db796764ea9Ubuntu Security Notice 2905-1 - A security issue was discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions or a sandbox protection mechanism.
cc3b8cc8d109ef4d674a3a0357bfa340InstallShield suffers from a DLL hijacking vulnerability.
cbcc7f114c38518e529c95ba25c3982c
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed