Apple Security Advisory 2014-12-11-1 - Safari 8.0.2, Safari 7.1.2, and Safari 6.2.2 are now available and include the security content of Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1.
e909e70c55ddbfe69bf50151e525da618d0db49b81d6fd12e29364c8282df3c7ResourceSpace suffers from cross site scripting, html injection, insecure cookie handling, and remote SQL injection vulnerabilities. Versions 6.4.5976 and below are affected.
fc84bfa29e00ec8c50f80a3604debd8968d04680c2c4ff042bed27463b3ed0bbBMC TrackIt! version 11.3 suffers from an unauthenticated local user password change vulnerability.
5fefd8b05da0065be210ad2c623884f150fbcfc0f1be8ecb4ef3325bee6f4935Red Hat Security Advisory 2014-1983-01 - X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Multiple integer overflow flaws and out-of-bounds write flaws were found in the way the X.Org server calculated memory requirements for certain X11 core protocol and GLX extension requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges.
4134cd6f0552f1eb1400b783f6ac2383eeb1b8055ad51f10055d4c175deae1afRed Hat Security Advisory 2014-1982-01 - X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Multiple integer overflow flaws and out-of-bounds write flaws were found in the way the X.Org server calculated memory requirements for certain X11 core protocol and GLX extension requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges.
478f070d556ff6738f2ac1014c8ee79908298350847ffa377f7e6050e494c65aUbuntu Security Notice 2439-1 - Michael S. Tsirkin discovered that QEMU incorrectly handled certain parameters during ram load while performing a migration. An attacker able to manipulate savevm data could use this issue to possibly execute arbitrary code on the host. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 14.10. Paolo Bonzini discovered that QEMU incorrectly handled memory in the Cirrus VGA device. A malicious guest could possibly use this issue to write into memory of the host, leading to privilege escalation. Various other issues were also addressed.
ec388958bc82daee7be8c36f5f4e98508d4891645648d42393411fc6ee898320Debian Linux Security Advisory 3098-1 - Joshua Rogers discovered a format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz, a rich set of graph drawing tools. An attacker could use this flaw to cause graphviz to crash or possibly execute arbitrary code.
68bf61fc172f38d647343e482b1c4138112d7b7712b206f79b2462e2dd8eadfbUbuntu Security Notice 2440-1 - Jakub Wilk discovered that the write_one_header function in mutt did not properly handle newline characters at the beginning of a header. An attacker could specially craft an email to cause mutt to crash, resulting in a denial of service.
59746b50e1931c1a63fd3d48b648afe007d672914d474f9383ce994e4dbbee00RedCloth suffers from a cross site scripting vulnerability.
0d1551e71891dbabbc9734d58f5f8086fb054dd7774bb7f2372a4a0bc5a6af11Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 to fix security issues.
3854a3344986e691648f646113317de5d16d92da0fc9bb4a3808bfb6717d8f25Slackware Security Advisory - New pidgin packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current.
3584aff1b7cfcfcd9a8f9d5c9139efb3b5345c34ee4ce74e8768624e017a00bfSlackware Security Advisory - New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
b5cc39b89f4c29e479b74af161347cfae3e627e2878e0e185eb14f815b48b2a9Slackware Security Advisory - New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
2db207e7fda328b5ccccecd8ccabde5b60085e312f499fc7537834d613bd026cSlackware Security Advisory - New openvpn packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
9ef12e213029270aa248943ad5b9422844dc9e3e00d6844dddab456d62eef849Debian Linux Security Advisory 3096-1 - Florian Maury from ANSSI discovered a flaw in pdns-recursor, a maliciously-constructed zones or a rogue server could affect the performance of pdns-recursor, thus leading to resource exhaustion and a potential denial-of-service.
4cd36f6b37f6f3bef1df1431ca82d7737976f9ae02e165c11b5799a6ca733a01Gentoo Linux Security Advisory 201412-7 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 11.2.202.425 are affected.
2024c0749ad66b80025c716a03281cdc6368a0515a3262938a2c77486279ba6dGentoo Linux Security Advisory 201412-6 - A vulnerability in libxml2 could result in Denial of Service. Versions less than 2.9.2 are affected.
488f9455d455779831e36c2917ddea03341a59a95026d328be82d683090193a3Debian Linux Security Advisory 3097-1 - Florian Maury from ANSSI discovered that unbound, a validating, recursive, and caching DNS resolver, was prone to a denial of service vulnerability. An attacker crafting a malicious zone and able to emit (or make emit) queries to the server can trick the resolver into following an endless series of delegations, leading to resource exhaustion and huge network usage.
f29252d59d1726b09a850b5b3c121de1a09c064b5ff9e828dbac66759c64b0bbSlackware Security Advisory - New openssh packages are available for Slackware 14.0, 14.1, and -current.
4c344a356c5cb7770aaa917d81fba6e98ddb181cee3db39bab8b488cb8d5bf02Slackware Security Advisory - New wpa_supplicant packages are available for Slackware 13.37, 14.0, 14.1, and -current to fix security issues.
4ab5c91d6854aae0b005cfc718bf4de57a47cea8403b0f17395d89daf5abca1eGentoo Linux Security Advisory 201412-5 - A vulnerability in Clam AntiVirus can lead to a Denial of Service condition. Versions less than 0.98.5 are affected.
17f5aca312fef94e9f42435394743d802a5c84ea5511140dcef559924ebfc33bOpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
8f757ca9e88d6a6dc8f9b6e46a3da5e3a2881b3311fb91c428bcf906683ac41fFreeBSD Security Advisory - By causing queries to be made against a maliciously-constructed zone or against a malicious DNS server, an attacker who is able to cause specific queries to be sent to a nameserver can cause named(8) to crash, leading to a denial of service. All recursive BIND DNS servers are vulnerable to this. Authoritative servers are only vulnerable if the attacker is able to control a delegation traversed by the authoritative server in order to serve the zone.
2e31c97b539fc4e82125d344b6a294a5f148924e94a9c92ba2717d666271304c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed