WebKit suffers from a use-after-free vulnerability in WebCore::DocumentLoader::frameLoader.
f6596283db934d92384dd48f38e36757c9cab5b6ca671329f22f9f48e1aca7bc
WebKit suffers from a use-after-free vulnerability in WebCore::Style::TreeResolver::styleForElement.
ea5990dbcd10f10220871583d7e4a8f64595578bfb2375ec0419820b0ad1e27d
WebKit suffers from an out-of-bounds read in WebCore::SVGPatternElement::collectPatternAttributes.
a134d05e2659242ae6b08570b4062d0b03e9ec5b249c75b9adedd8e9d69fdb0a
WebKit suffers from an out-of-bounds read in WebCore::SimpleLineLayout::RunResolver::runForPoint.
7f0b76853cb76566efef7ad4bbe91c9b1977f8a050e942ee1915da7aaa16182d
WebKit suffers from an out-of-bounds read in WebCore::RenderText::localCaretRect.
d2bf26a53165b570a6f5bd7f1fb66d35b7d3557d70deadf09f219c638ad86390
There is a use-after-free security vulnerability in WebCore::AXObjectCache::performDeferredCacheUpdate in WebKit.
62c0de0a642ecdcec245a8979e15e6e5eae034411bc424e6de622292cdf7d05d
There is a use-after-free security vulnerability in WebCore::PositionIterator::decrement in WebKit.
217896fe315974d6577ecc8038ef7d0482b7caa767addabaa181135a8707de87
There is a use-after-free security vulnerability in WebCore::InputType::element in WebKit.
9a6ded12652b60c99c885a3f11eb3a8a7fd2b0c6515de6074753cec8628787a6
There is a use-after-free security vulnerability in WebCore::TreeScope::documentScope in WebKit.
3105ce149b3a63d509b7533ead0fa793978656a94530db60af67ab8b9675497f
MyTy versions 5.0.4 through 5.1.7 suffer from a cross site scripting vulnerability.
94be6a7120b16a491be04b757f12c7c4aac4d8505f42db6b90390220e3b2f4db
MyTy versions 5.0.4 through 5.1.6 suffer from a remote blind SQL injection vulnerability.
df077096933740cbc5dda72b5207f5cb81f1182b1fba66ba91e1268b7238d580
WordPress Breezing Forms plugin version 1.2.7.42 suffers from a cross site scripting vulnerability.
41763619e792391172d71411d172e2e161c1572a77a982484ca87352f8c27522
WordPress Yoast SEO plugin versions prior to 5.8.0 suffer from a cross site scripting vulnerability.
2ce84b33f1dfc3f237bbabbd7b58e9c615a29cdae1fb79c8b4400bdef60d4dc2
Anthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. Bo Zhang discovered that the netlink wireless configuration interface in the Linux kernel did not properly validate attributes when handling certain requests. A local attacker with the CAP_NET_ADMIN could use this to cause a denial of service (system crash). It was discovered that the nested KVM implementation in the Linux kernel in some situations did not properly prevent second level guests from reading and writing the hardware CR8 register. A local attacker in a guest could use this to cause a denial of service (system crash). Otto Ebeling discovered that the memory manager in the Linux kernel did not properly check the effective UID in some situations. A local attacker could use this to expose sensitive information.
edb82348b5a039b33b9384fa15982bf40763c4759bd961c0919c901dad68ef13
Ubuntu Security Notice 3489-2 - USN-3489-1 fixed a vulnerability in Berkeley DB. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Berkeley DB incorrectly handled certain configuration files. An attacker could possibly use this issue to read sensitive information. Various other issues were also addressed.
cf9464bf3efc784c1fec1c648463a44848eb3b857e1ea8ff5529884f9e98beb9
Ubuntu Security Notice 3489-1 - It was discovered that Berkeley DB incorrectly handled certain configuration files. An attacker could possibly use this issue to read sensitive information.
c058b86e4fa38c149597b03c35bf49b0812a8cb982d4031022685421b541718d
Ubuntu Security Notice 3485-3 - It was discovered that a race condition existed in the ALSA subsystem of the Linux kernel when creating and deleting a port via ioctl. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Eric Biggers discovered that the key management subsystem in the Linux kernel did not properly restrict adding a key that already exists but is uninstantiated. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
7da5419563f06df09537b920b44d8c50ddccc6b040d38e604644a47cae423f6b
Ubuntu Security Notice 3488-1 - It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code in the host OS.
c1e35746dc389da33be23fd550b5d2ea09da8fe25a1c9386e6e169074670c3b4
Ubuntu Security Notice 3487-1 - It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code in the host OS. It was discovered that on the PowerPC architecture, the kernel did not properly sanitize the signal stack when handling sigreturn. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
5d3daa3acae196e215ffb752dacad9fbeacb9381db28059612dbc4bf68e35c68
Debian Linux Security Advisory 4045-1 - Several vulnerabilities have been found in VLC, the VideoLAN project's media player. Processing malformed media files could lead to denial of service and potentially the execution of arbitrary code.
26d19241f11b5068b8bae2d8844addaf42b84f20f7570c9617fb8cf074430223
Debian Linux Security Advisory 4044-1 - A vulnerability has been discovered in swauth, an authentication system for Swift, a distributed virtual object store used in Openstack.
bcb4d94a51fa447308953d3da1424571e6afb8a4b0b4b3bff7a8fe9b213ba72e
Ubuntu Security Notice 3484-3 - It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code in the host OS.
810ee0b10f8a7c0a7b23d2c5be0e7c77a26446b1bdce742149f776bda2214a0b
HPE Security Bulletin HPESBHF03798 1 - A vulnerability in HPE certain Gen10 Servers, DL20 Gen9, ML30 Gen9 and certain Apollo servers with Intel Server Platform Service (SPS) v4.0 are vulnerable to local Denial of Service and execution of arbitrary code. **Note:** Intel has identified security vulnerabilities which could potentially place impacted platforms at risk. An issue impacts Intel Server Platform Service (SPS) v4.0 used in certain HPE servers. The SPS/ME firmware used in Intels architecture can be compromised with physical access such that non-authenticated code may be executed in the SPS environment outside of the visibility of the user and operating system administrator. Intel has released new revisions of the Intel Server Platform Service (SPS) firmware to address this vulnerability. Revision 1 of this advisory.
9adf13f4521f8cbcfe8d21fbee0081a44a17eddb70e3e2f4994aa384e9adba78