Red Hat Security Advisory 2015-0099-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.
07ae3d608c7bc928e164c5f0edd07d9fed0b40c519ef06bfed163e6e7f1b23faHP LaserJet printers with firmware 20130415 and below suffer from information disclosure and unauthenticated test functionality vulnerabilities.
de398ae4079091da76521d5c9f293e42efbd2443898883b6e4bd84295203ec2bVMware Security Advisory 2015-0001 - VMware vCenter Server, ESXi, Workstation, Player and Fusion address several security issues.
55fa1873d70654ee0597f3da9f1f88c2593c4ac47e45f3deaf0add63c4c2cd33FreeBSD Security Advisory - SCTP protocol provides reliable, flow-controlled, two-way transmission of data. It is a message oriented protocol and can support the SOCK_STREAM and SOCK_SEQPACKET abstractions. SCTP allows the user to choose between multiple scheduling algorithms to optimize the sending behavior of SCTP in scenarios with different requirements. Due to insufficient validation of the SCTP stream ID, which serves as an array index, a local unprivileged attacker can read or write 16-bits of kernel memory.
94980381572f511b4697b2bf2b6d1b10dee3a0640f849037c8cd995bace01080Mantis BugTracker version 1.2.19 suffers from an open redirection vulnerability.
a4a5d3a57136e2c7c69197773c4c6f2b7d1873d9a94832d2eb5e95f58d43524eClam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
6591245d55445a2ddcc1700964c33b8bf62fe20c75bd9c7746f4fe0735502951Apple Security Advisory 2015-01-27-4 - OS X 10.10.2 and Security Update 2015-001 are now available and address information disclosure, arbitrary code execution, cache clearing, integer overflow, and various other vulnerabilities.
434e3bbf065d6ff22de4e7b85d71ce11a7811880de29f04e6a58af05a3e46a97Apple Security Advisory 2015-01-27-3 - Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3 are now available and address memory corruption issues that can lead to arbitrary code execution.
ffbe57c64600b7e1c963a99fbe798c9585ea40b12b6d5dcf274b6aa86e401253Apple Security Advisory 2015-01-27-2 - iOS 8.1.3 is now available and addresses access bypass, arbitrary code execution, denial of service, and various other vulnerabilities.
7d9920a6997e5e7bb8e01611c7dce2b7e3e242c90d9a5c4edeb5181b8c7b8cf1Apple Security Advisory 2015-01-27-1 - Apple TV 7.0.3 is now available and addresses arbitrary code execution, access bypass, unsigned code execution, information disclosure, and various other vulnerabilities.
5ccfb0bf060b8bfce712b760bdd4bdcf5bc236994aba26bbfdd77d093c7ee7bbRed Hat Security Advisory 2015-0094-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-02, and APSB15-03, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.
0d3babf6448936f91b0ce462ac340ae5806760fa2c69e2e4e726c08d7fa3e1c7Red Hat Security Advisory 2015-0093-01 - Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium.
15bcdc47727fc0ad0b65702ab55c64ea44a92ad6a771e7347758eaea43b886bbRed Hat Security Advisory 2015-0087-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change. A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. An integer overflow flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture implementation handled user controls. A local, privileged user could use this flaw to crash the system.
56294e658e5f97118916c849531a69eb62aaa3d6bf0ea85f9f9081df3abed7a4Ubuntu Security Notice 2486-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Various other issues were also addressed.
0a3efc41f8c988a1d04f15b23eb0e08c026c2987dda7ba586d9c7cc4ee33cb55Core Security Technologies Advisory - Multiple vulnerabilities have been found in the FreeBSD kernel code that implements the vt console driver (previously known as Newcons) and the code that implements SCTP sockets. These vulnerabilities could allow local unprivileged attackers to disclose kernel memory containing sensitive information, crash the system, and execute arbitrary code with superuser privileges.
ab4dd6486f4ee6eea333af5b0238b5e37c79372f03d28ec456d911e6e9c2a2f2New CMS version 2.1 suffers from a local file inclusion vulnerability.
26b93c8a8cc6dbb8ec52f0210258d68239e0acf6e87359bc67630c70164293cdSites powered by Restaurantbiller suffer from remote shell upload and remote SQL injection vulnerabilities.
f4a1adac8a45ce05a5b00694825f0222021b21e9d260550f0910c915cc9c69e7FancyFon FAMOC version 3.16.5 suffers from multiple cross site scripting vulnerabilities.
efa9652e44569c33fc4fee812a69f383c8001fe4f217c3d71994dbc05b3b72c3FancyFon FAMOC version 3.16.5 suffers from a remote SQL injection vulnerability.
3a671192f0facf33bd6129a2886a8ff9396192343746c6b576a400840ee63a00Qualys Security Advisory - During a code audit performed internally at Qualys, they discovered a buffer overflow in the __nss_hostname_digits_dots() function of the GNU C Library (glibc). This bug is reachable both locally and remotely via the gethostbyname*() functions, so they decided to analyze it -- and its impact -- thoroughly, and named this vulnerability "GHOST".
ffa8d4a79d99689d850b8267b77bc648e3bd73f6426baa39b73870777ee69adbRed Hat Security Advisory 2015-0092-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.
620c64a2aa97609a8171e047e7c827ed68c38df906fd7ea24237c738885f5d14The Syrian Electronic Army SEANux linux distro version 1.0 suffers from a remote code execution vulnerability.
b080cc1a04a781bc198b71a73b2e7296a4626b1e7f06b5166036b5722ce7cf48The WebKitGTK+ 2.4 series suffers from buffer overflow, code execution, memory corruption, sandbox bypass, and denial of service vulnerabilities.
326b02ff487ef267ea4187e1de17d0c6aac589a200b5be40f35cf8784fed3930Exploit for remotely changing DNS settings on the D-Link DSL-2740R router.
12bcee98da8a2545e67c0fd61295e3e76c43d64f193a59bac3a91c594c824b90The 0x90 International Cyber Security Conference has announced its Call For Papers. It will be help March 14th, 2015 in Chennai.
aec3207fc46069cdc097a620f0ac9ee14f3235262ee2a4b2ec49cef66965d5dd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed