Red Hat Security Advisory 2015-0091-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 6.4.0 serves as a replacement for Red Hat JBoss Data Grid 6.3.1. It includes various bug fixes and enhancements, which are detailed in the Red Hat JBoss Data Grid 6.4.0 Release Notes.
bdf037afd49b398166324949f92dc7768a32136e17bc96f57b60fefd223c3a7c
Red Hat Security Advisory 2015-0090-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.
344c688ffb8ddd28041911af7b947b4637ab2b0d272cf93ad900b34861ef6a7c
Ubuntu Security Notice 2485-1 - It was discovered that a buffer overflow existed in the gethostbyname and gethostbyname2 functions in the GNU C Library. An attacker could use this issue to execute arbitrary code or cause an application crash, resulting in a denial of service.
c7798887732cc742d95486b2a7043530084263b6462e11eafef68f99f3fe0843
Debian Linux Security Advisory 3142-1 - Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library.
26074a481751614ed048aa65c68c0f68a31ac03ddd5cb0a7c9feb7060aa253ca
Debian Linux Security Advisory 3141-1 - Multiple vulnerabilities were discovered in the dissectors/parsers for SSL/TLS and DEC DNA, which could result in denial of service.
85e9d53006911d7744cffdc0582d48c49061e09c59b47fdd03a3858bc366ab24
Debian Linux Security Advisory 3140-1 - Multiple security issues have been discovered in the Xen virtualization solution which may result in denial of service, information disclosure or privilege escalation.
a2106c197e2e01397c5028ddbf50e4b1ec243676cc7ab6262b916a12ae043f69
Ubuntu Security Notice 2458-3 - USN-2458-1 fixed vulnerabilities in Firefox. This update introduced a regression which could make websites that use CSP fail to load under some circumstances. This update fixes the problem. Christian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse Ruderman, Byron Campen, Terrence Cole, and Nils Ohlmeier discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Bobby Holley discovered that some DOM objects with certain properties can bypass XrayWrappers in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. Michal Zalewski discovered a use of uninitialized memory when rendering malformed bitmap images on a canvas element. Various other issues were also addressed.
741324ee8837b8281a71616c36adb2d0af44e5dc3a322ae1f72ca546e720c2e4
FancyFon FAMOC version 3.16.5 suffers from a session fixation vulnerability.
d9ed306cd69939777d43977859a23d2b0d269c3652c90899c8652bcdeb2459ce
FancyFon FAMOC version 3.16.5 fails to mint one-way hashes without use of a salt.
b1d0a56de5c177ff2044a5a97d03ce257e2444febf937112e175e2fe8e4765a8
Multiple nasa.gov subdomains suffered from cross site scripting vulnerabilities.
6191218f1434ba043aed4a65a60f43793bbac40fe0e83ed770b31f5accb7a689
Proof of concept exploit that allows a local application to gain system privileges via CVE-2014-7911 and then root via CVE-2014-4322. The exploit included is for a Nexus 5 with Android 4.4.4 (KTU8P). The exploit may also work on other devices if the offsets of the rop chain are modified.
9bee54444ab6e873a99692c9254b7a2016b81c6a94b64203d4746a410081dac3
Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.
2fe5fbda0a86b5a594116d567fd9a4c2458d30f1c6670ba8e1fac0bc8848c69b
Core Security Technologies Advisory - Some Android devices are affected by a denial of service attack when scanning for WiFi Direct devices. An attacker could send a specially crafted 802.11 Probe Response frame causing the Dalvik subsystem to reboot because of an Unhandle Exception on WiFiMonitor class.
feb52e38d88fae494e9480f07d94fba29e88f585adbd14e6a5b09a5a89af5f6c
Ubuntu Security Notice 2476-1 - Several memory corruption bugs were discovered in ICU. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. A use-after-free was discovered in the IndexedDB implementation. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.
4b012cc93b432974585bdaa69ccd2b26a0cf1276a7848f5b6ef849f73afc23be
Red Hat Security Advisory 2015-0086-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
dead1b3b1fba918b83ecc1af4234404aa37f612523329e03a7a2b4e54d56bf20
Red Hat Security Advisory 2015-0085-01 - The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the JAX-WS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
9cfcff776e85830e9ada144d025c8cde0c197d9b737030ca9a57adf44c214b74
Ubuntu Security Notice 2483-2 - USN-2483-1 fixed vulnerabilities in JasPer. This update provides the corresponding fix for the JasPer library embedded in the Ghostscript package. Jose Duart discovered that JasPer incorrectly handled ICC color profiles in JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. Jose Duart discovered that JasPer incorrectly decoded certain malformed JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. It was discovered that JasPer incorrectly handled memory when processing JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. Various other issues were also addressed.
10c2496e295e3c4f59441ffb81af52bd839f8c48d65aba920148cc12b86cfa08
Ubuntu Security Notice 2483-1 - Jose Duart discovered that JasPer incorrectly handled ICC color profiles in JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. Jose Duart discovered that JasPer incorrectly decoded certain malformed JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. Various other issues were also addressed.
3843fe8b0d0c3cad84bc4055c166664fed4a4627570727654aa451164e51f6cb
Ubuntu Security Notice 2484-1 - Florian Maury discovered that Unbound incorrectly handled delegation. A remote attacker could possibly use this issue to cause Unbound to consume resources, resulting in a denial of service.
1f1358b068f4b7ce6d921a42c6f56eda2a026fda08a10966cb11f7d0c8c0c9f0
The 2015 BSides SF aims at bringing together researchers in the field of reliability, network security, privacy, cryptography and information security, practitioners, developers, and users to foster cooperation, exchange techniques, tools, experiences and ideas. The conference seeks submissions from independent researchers, academia, government, industry presenting novel research on all practical and theoretical aspects of the aforementioned topics. The primary focus is on practical, high quality, discussion of theoretical and practical impact, including concepts, techniques, applications and practical experiences. It will be held April 19th through the 20th, 2015 at OpenDNS headquarters in San Francisco, CA, USA.
a857e01e774626549adff9b7f438f159b890b2c9fdf1b93e3d3e29a760f44f10
Apache Qpid's qpidd up to and including version 0.30 has an issue where an attacker can gain access to qpidd as an anonymous user, even if the ANONYMOUS mechanism is disallowed.
06645715d84f1fc35ec6374bda9612d9d7e7cfe32c43f771345163d665548962
Apache Qpid's qpidd up to and including version 0.30 has an issue where certain unexpected protocol sequences cause the broker process to crash due to insufficient checking, but that authentication could be used to restrict the exploitation of this vulnerability.
8993e8ca3a940ec6ab2ae983a86c4b9b0e15985ffbd0a9791e196337735cb1e6
Photo Gallery version 1.2.5 suffers from a remote shell upload vulnerability.
cccaa6d7d8925aad8a70eeff4842b9b5c3c554891b45ac03b8d34ce6dcd33cff
Barracuda Networks Cloud Series products suffer from a malicious script insertion vulnerability.
b1d15ccdb7a81c7eb9860d092e8b040f08ceb595b2f77fa74bd0e6c2533ad304
Comodo Backup version 4.4.0.0 suffers from a NULL pointer dereference vulnerability.
f496f6e77d0b41fcd441a5916787820bb16d44af5ecc6ccf2bc7293bd6d55a7e