Ubuntu Security Notice 1400-2 - USN-1400-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the latest Firefox. Soroush Dalili discovered that Firefox did not adequately protect against dropping JavaScript links onto a frame. A remote attacker could, through cross-site scripting (XSS), exploit this to modify the contents or steal confidential data. Atte Kettunen discovered a use-after-free vulnerability in Firefox's handling of SVG animations. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Atte Kettunen discovered an out of bounds read vulnerability in Firefox's handling of SVG Filters. An attacker could potentially exploit this to make data from the user's memory accessible to the page content. Various other issues were also addressed.
5b55ea6fffee26c72843021b56e71cfb46a31c56e38ee3b9f75b058db2e502a3
Ubuntu Security Notice 1400-1 - Soroush Dalili discovered that Firefox did not adequately protect against dropping JavaScript links onto a frame. A remote attacker could, through cross-site scripting (XSS), exploit this to modify the contents or steal confidential data. Atte Kettunen discovered a use-after-free vulnerability in Firefox's handling of SVG animations. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
6ec8a17ac5494f22879ac72d2367bc10e24938596bb360d6ddb0c7b09b2668c5
Gentoo Linux Security Advisory 201203-18 - An insecure temporary file usage has been reported in Minitube, possibly allowing symlink attacks. Versions less than 1.6 are affected.
4aa557eb42c10556e6493ca6c243fafa89d234f04fc2a916923cd9222c767625
Gentoo Linux Security Advisory 201203-17 - Multiple vulnerabilities have been found in HPLIP, the worst of which may allow execution of arbitrary code. Versions less than 3.11.10 are affected.
1cf360d6a926fd492c93a38d373ac1bdd8f3f1a39245024188f17cc21707bb28
Gentoo Linux Security Advisory 201203-16 - Multiple vulnerabilities in ModPlug could result in execution of arbitrary code or Denial of Service. Versions less than 0.8.8.4 are affected.
76a2a3df8bd33cb70e3c22cb995f3166fc734691230e522011e0cc99e5b85f83
Gentoo Linux Security Advisory 201203-15 - Multiple vulnerabilities have been found in gif2png, the worst of which might allow execution of arbitrary code. Versions less than 2.5.8 are affected.
8a397fa1e661394cba4da8da2652a15bef30a769ec2508d443be785b80861d88
Gentoo Linux Security Advisory 201203-14 - Multiple vulnerabilities in Audacious Plugins could result in execution of arbitrary code or Denial of Service. Versions below 3.1 are affected.
f6076cf29eba79c3ee0f14372a4e07c2f8ffddd7174f4c76e8c208325347c26c
Gentoo Linux Security Advisory 201203-13 - Multiple vulnerabilities in Openswan may create a Denial of Service condition. Versions less than 2.6.37 are affected.
f5a0e55e7b9a8299853a525870453ba514b748a569cfbe010a5cf5277cc73d46
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
958dd09c9da9ceb50c9e556b3ced9cbdf40e836d2bdc98286ce96e84fd4a5a53
Secunia Security Advisory - A vulnerability has been reported in VMware vSphere Client, which can be exploited by malicious people to conduct script insertion attacks.
8fde9aae78f4db2bd953968207ca57aad66dedc8f634fb335f02e77150d7889d
Secunia Security Advisory - SUSE has issued an update for chromium. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.
e7f26e2c4b5f57c4debfd08dcdb382198b66c87bc3377ff075df52f311a51c54
Secunia Security Advisory - Multiple vulnerabilities have been reported in Quagga, where some have unknown impacts and others can be exploited by malicious people to cause a DoS (Denial of Service).
54b6cd76dfec7bbc165c322cd0e9908876ff2d1a463fdf26eaff5a1d64a06b6e
Secunia Security Advisory - Multiple vulnerabilities have been reported in VMware ESX Server and VMware ESXi, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
deae48d7235bbce9a5f7b5684aac71570271bff60c69fa08217d2ac948299c1e
Secunia Security Advisory - Gentoo has issued an update for hplip. This fixes a weakness and a vulnerability, which can be exploited by malicious, local users to manipulate certain data and by malicious people to compromise a vulnerable system.
82fdd57d57fbc66e6a64283bfce07a593fd4672455fc54cae4b6881c3821564a
Secunia Security Advisory - VMware has acknowledged multiple vulnerabilities in multiple VMware products, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, bypass certain security restrictions, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
e3b7401e2187aa3ffcc80d33d6d61edf911b2548ab7b2f9cc4558f58d913827a
Secunia Security Advisory - Gentoo has issued an update for gif2png. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a vulnerable system.
f2825b34ff724334bd12e780e6382105a46083698de91b742c679cce483f9b8c
Secunia Security Advisory - Gentoo has issued an update for minitube. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
1f12a8a30a7f0af1b1ddc98f4ade69ae19759db16ce694fe32baa436b5abbc0e
Secunia Security Advisory - Gentoo has issued an update for audacious-plugins. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise an application using the library.
c6d765f7a238ec6c731f85c42b64fff31e9b28c7927f80f5fc41c9c8ee71cdf4
lshell lets you restrict a user's shell environment to limited sets of commands, choose to enable or disable any command over SSH (e.g. SCP, SFTP, rsync, etc.), log user's commands, implement timing restrictions, and more.
722aef41b53db2df3a5846004d0fc7f7782457a51f15e043cc0000d6f9268148
Asterisk Project Security Advisory - An attacker attempting to connect to an HTTP session of the Asterisk Manager Interface can send an arbitrarily long string value for HTTP Digest Authentication. This causes a stack buffer overflow, with the possibility of remote code injection.
e2f289b1d1ccc150638cf55526ad03a0ade669586f6824d9491acd1c5b1f3e05
Asterisk Project Security Advisory - Asterisk suffers from an exploitable stack buffer overflow with locally defined data.
afe6cdb34e7dea854787ea6f21b9eaf0bb2776d9c897bab9bde9b63eb1091487
Citrix License Server version 11.6.1 build 10007 suffers from cross site request forgery and denial of service vulnerabilities.
2b9104ba28bdb97b62d26b0a430b574efb2a5eae5fd46f35c16cc5d5c118453b
Mobile.free.fr suffers from a cross site scripting vulnerability.
1a2e1e41411e6703b28efd0074d8c126869cc9ebdb5b254b431e0adc670bd84e
JPM Article Script 6 suffers from a remote SQL injection vulnerability.
145578d740ba90ce511926a99cf32acad7fcd157e63d4077a17c2b07e93a7438
Zero Day Initiative Advisory 12-044 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft's Remote Desktop Protocol. Authentication is not required to exploit this vulnerability. The specific flaw exists during handling of an error while loading elements into an array. This condition can cause the driver to abort a connection and part of the logic of the abort is to free an object associated with it. This will actually occur twice when each of channels are disconnected. The second time this object is freed, the driver will fetch a virtual pointer from the freed object and call it. This can lead to code execution under the context of the driver.
10864a15ca77b98406254b2f35007bb2b449eabd2c3ebff0d116a3416159f77e