Debian Linux Security Advisory 3217-1 - Jann Horn discovered that the source package integrity verification in dpkg-source can be bypassed via a specially crafted Debian source control file (.dsc). Note that this flaw only affects extraction of local Debian source packages via dpkg-source but not the installation of packages from the Debian archive.
66567458b5c55f0422e2fb70b36cadea666fe817ca19700b553c62b88cca0cbfThis Metasploit module exploits a remote command execution vulnerability in Barracuda Firmware versions 5.0.0.012 and below by exploiting a vulnerability in the web administration interface. By sending a specially crafted request it's possible to inject system commands while escalating to root do to relaxed sudo configuration on the local machine.
47ed3ef4957c8e0f48670b15bb88acf48f64853701b5565f1f077b80177cbc5aComalatech Comala Workflows versions 4.6.1 and below suffer from cross site request forgery and cross site scripting vulnerabilities.
b9fca79735e3cc4bf975c510e49bbccd87d29af3072e7048d9b25438a79754e7Asterisk Project Security Advisory - When Asterisk registers to a SIP TLS device and and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null byte after the portion of the common name that Asterisk expected.
b08ef4b3d0f8ba0061a7cd3e5a8e37967a3286590dcc31a21c17c24ecb06371eApple Security Advisory 2015-04-08-5 - Xcode 6.3 is now available and addresses stack guard bypass and an issue where Swift programs performing certain type conversions may receive unexpected values.
0ce20e707741564c131e8fe519a08c07acd797603c90739a11316436b9b16ac6Apple Security Advisory 2015-04-08-4 - Apple TV 7.2 is now available and addresses information disclosure, code execution, memory disclosure, and various other vulnerabilities.
25a3214ab7e6cadbdce4b05ac7c58a751b527530285591e0ffb09d1fe9b51d8aApple Security Advisory 2015-04-08-3 - iOS 8.3 is now available and addresses code execution, access restriction, information disclosure, and various other vulnerabilities.
38d713ab32609a1117e7c790d7f5d298e14be22ee646cac89deceba5358bcdd3Apple Security Advisory 2015-04-08-2 - OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege escalation, code execution, information disclosure, and various other vulnerabilities.
bfdc53ae50c366d1018234c77470fabd66ae9360537370dafd782122121b89cdApple Security Advisory 2015-04-08-1 - Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5 are now available and address information disclosure, code execution, certificate matching, and various other vulnerabilities.
eeaa79384ff069091d47b9a03c45c84ae355020694e5aeac68b451b6f942eb32The Call for Papers for the inaugural Hack In The Box GSEC conference in Singapore is now open. It will be held October 12th through the 16th, 2015 at the Sheraton Towers in Singapore.
d42213d26e010433988c1d4f7c96a576003f139e14d12e1074db9f4ae6f3b5e5HP Security Bulletin HPSBUX03240 SSRT101872 2 - Potential security vulnerabilities have been identified with HP-UX running NTP. These could be exploited remotely to execute code, create a Denial of Service (DoS), or other vulnerabilities. Revision 2 of this advisory.
1f4fd14946b0e379a10db31c1f62663f3c788557aa4411f47f54db8d0cf85d0dCisco Security Advisory - A vulnerability in the virtualization layer of the Cisco ASA FirePOWER Services and Cisco ASA Context Aware (CX) Services could allow an unauthenticated, remote attacker to cause the a reload of the affected system.
03bf8d69a0bf6c91ee0106ef74c392f2a8e255b31f1eeb5859051b72b8c5176fMandriva Linux Security Advisory 2015-198 - Multiple vulnerabilities has been discovered and corrected in java-1.8.0-openjdk. The updated packages provides a solution for these security issues.
70e18c801844e69b740945998cb86b87730582d195550d64ca9d0575e329b2f3Cisco Security Advisory - Cisco Adaptive Security Appliance (ASA) Software is affected by command injection, memory exhaustion, and denial of service vulnerabilities.
002287a420933aae31fd15f0d7d5940f2f4023cf6588b7d6edf90aa5cb93c2d2Ubuntu Security Notice 2565-1 - An integer overflow was discovered in the stack randomization feature of the Linux kernel on 64 bit platforms. A local attacker could exploit this flaw to bypass the Address Space Layout Randomization (ASLR) protection mechanism. An information leak was discovered in the Linux Kernel's handling of userspace configuration of the link layer control (LLC). A local user could exploit this flaw to read data from other sysctl settings. Various other issues were also addressed.
45367e0ecb6fdf13b6f707fbe0aa7b08eb00219f55533ddb3f943355617b7375Ubuntu Security Notice 2564-1 - An integer overflow was discovered in the stack randomization feature of the Linux kernel on 64 bit platforms. A local attacker could exploit this flaw to bypass the Address Space Layout Randomization (ASLR) protection mechanism. An information leak was discovered in the Linux Kernel's handling of userspace configuration of the link layer control (LLC). A local user could exploit this flaw to read data from other sysctl settings. Various other issues were also addressed.
b4b5729a8b3105060a97d50bfcaf3b153c00ee7647386935333eed9d44313e11Red Hat Security Advisory 2015-0794-01 - Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. The following security issues are fixed with this release: A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library could call the gss_process_context_token() function and use this flaw to crash that application.
092ae20195bf4a7732cc962288fb80eeebadd65456efb91c9af412787b3822e3Ubuntu Security Notice 2563-1 - Sun Baoliang discovered a use after free flaw in the Linux kernel's SCTP (Stream Control Transmission Protocol) subsystem during INIT collisions. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges on the system. Marcelo Leitner discovered a flaw in the Linux kernel's routing of packets to too many different dsts/too fast. A remote attacker can exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.
5dafdca9ed571fcd6801dd6f0d5967baba32409d329a23f6e9674061e54eb37cUbuntu Security Notice 2560-1 - An integer overflow was discovered in the stack randomization feature of the Linux kernel on 64 bit platforms. A local attacker could exploit this flaw to bypass the Address Space Layout Randomization (ASLR) mitigation mechanism. An information leak was discovered in the Linux kernel's handling of userspace configuration of the link layer control (LLC). A local user could exploit this flaw to read data from other sysctl settings. Various other issues were also addressed.
342f94cb1aabaa7a970f11ca1c034e73d616bd82981312d40732665c7748928bUbuntu Security Notice 2562-1 - Sun Baoliang discovered a use after free flaw in the Linux kernel's SCTP (Stream Control Transmission Protocol) subsystem during INIT collisions. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges on the system. Marcelo Leitner discovered a flaw in the Linux kernel's routing of packets to too many different dsts/too fast. A remote attacker can exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.
be127130c407df608bf557e516cba75d80dd022ba633f89a98b2e1cf1698a549Ubuntu Security Notice 2561-1 - It was discovered that the Linux kernel's Infiniband subsystem did not properly sanitize its input parameters while registering memory regions from userspace. A local user could exploit this flaw to cause a denial of service (system crash) or to potentially gain administrative privileges. An integer overflow was discovered in the stack randomization feature of the Linux kernel on 64 bit platforms. A local attacker could exploit this flaw to bypass the Address Space Layout Randomization (ASLR) mitigation mechanism. Various other issues were also addressed.
8aef8dc5ce0c1d2950a6515a77b071d9261bb137d80010ab9989173c9845de2dMac OS X rootpipe local proof of concept privilege escalation exploit.
146b64bdac5816f848302abe5d0ad8a8ac00a1ef2eb064fcfcdd3a63453c2ee0WordPress Windows Desktop and iPhone Photo Uploader plugin suffers from a remote shell upload vulnerability.
4066792653efe187fcf02429adee45b20e2c070fa70ff0034e4116b8ff3d3b8b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed