Ubuntu Security Notice 3153-1 - Multiple vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting attacks, read uninitialized memory, obtain sensitive information, spoof the webview URL, bypass same origin restrictions, cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.
3504b626957a07f9b0e31fa739c2b3c553e9fd5b17a367370b8490f5a0168cd3Red Hat Security Advisory 2016-2933 - An update for python-XStatic-jquery-ui is now available for Red Hat OpenStack Platform 9.0 (Mitaka). Security Fix: It was found that a parameter of the dialog box feature of jQuery UI was vulnerable to cross site scripting. An attacker could use this flaw to execute a malicious script via the dialog box when it was displayed to a user.
67077c8cafbfe6072c6edf13c4e21d1b8f5252a6e715bc8616fae7aac5860cdcRed Hat Security Advisory 2016-2932-01 - An update for python-XStatic-jquery-ui is now available for Red Hat OpenStack Platform 8.0 (Liberty). Security Fix: It was found that a parameter of the dialog box feature of jQuery UI was vulnerable to cross site scripting. An attacker could use this flaw to execute a malicious script via the dialog box when it was displayed to a user.
50b384607295f1379adf0df884f3814ccd83909bfcfe9cab8e226e48245f72a7Smart Guard Network Manager version 6.3.2 suffers from a remote SQL injection vulnerability.
4a4f441553e8983fb020142c46f809ff6b14e18f481c22c5965376fd6bae4799WordPress Multisite Post Duplicator version 0.9.5.1 suffers from a cross site request forgery vulnerability.
a48083336df703d960a3e51cefa17b950424b1a6e48bc9ebe6980313d31bba7fChaordic Search version 1.1 suffers from a cross site scripting vulnerability.
5c0b3f7677b2ad0e9368a4c55b687fea8b81f7ded8de3fd0c27734b1165577dcSymantec VIP Access versions prior to 2.2.2 suffer from an arbitrary dll execution vulnerability.
5ca737baebcbd1cbc09483a6d142a87476638101e0c9a009275630705f59a463Splunk Enterprise versions 6.4.3 and below suffer from a server-side request forgery vulnerability.
b5446560dcd7b9cd7873e8dc1db514397d843547598024e58788677230bcbb24The Gstreamer ID3v2 implementation uses arbitrarily supplied data to generate buffers for the ID3v2 object and frames. By providing a maliciously crafted file with a null length in the ID3v2 header and an arbitrarily set length in the succeeding frame it is possible to generate an out of bounds read. An attacker may leverage this vulnerability to cause at minimum a denial of service attack. Version 1.0 is affected.
7053c885758da05fdc4302099f0183ee8781c3524ce7b49a27b4cff6b94c85c9Microsoft Internet Explorer 9 suffers from an MSHTML CElement::HasFlag memory corruption vulnerability.
de3ff417c37e84e841ea8288009472116064d0e0a99e0de7496deda50abc3949Asterisk Project Security Advisory - If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashes. This occurs as the code does not properly handle spaces separating the parameters. This does NOT require the endpoint to have Opus configured in Asterisk. This also does not require the endpoint to be authenticated. If guest is enabled for chan_sip or anonymous in chan_pjsip an SDP offer or answer is still processed and the crash occurs.
2a073eeba4b82f770c34c9371cc94f0c63cbd409c8022691691eeb71c498ae9dBluemix containers have a broken access control that allows auditors to create and delete containers.
5361bc58eb49d848041e13a58579112aef13c8028f6142f81c64cb0029862f79A specially crafted web-page can trigger a memory corruption vulnerability in Microsoft Internet Explorer 9.
54b341fddfea2f1cf14653a7fcdc53aab898df52cede73893904cd4655d53ec1Roundcube version 1.2.2 suffers from a command execution vulnerability via email.
c33ac8a7ad33eb2dedca6d6c33967345233c61a99ebffb04c4373835fe6c8ff6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed