WSO2 Identity Server version 5.0.0 suffers from XML external entity injection, cross site request forgery, and cross site scripting vulnerabilities.
b23a062266269d325f887cf960d7eb910446d8f0167a0b3dbb117e633cc72a23Red Hat Security Advisory 2015-1006-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security.
6ebf24c3f0db42257759c31fdfcb6d80a98014c1b1d6c137166193e633de9a26Red Hat Security Advisory 2015-1007-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security.
b772b137fb0bdda2ffb0720f11c349a1cbf1d4e0c3104168e2cbee848d92718bRed Hat Security Advisory 2015-1004-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Linux OpenStack Platform. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
3ab0adad6fdda3667b0f1e811a8d230ad26a1f9bb5f02a2fa6f520bf3b3b42f7Red Hat Security Advisory 2015-1000-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
03f03d53cedd59584831f1b0029666475f5a81ddb57f12c6ce52d258b2f1a3cdRed Hat Security Advisory 2015-0999-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
8b8a9a5f38747ef44b28cfced166cfbeee90228726e80b1798327876421a726aRed Hat Security Advisory 2015-1005-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-09 listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.
18dba377b8d0c3973a6a9ff5ad7a7dfa4b5d0bbeba0504bbf14a350cbc09f23fRed Hat Security Advisory 2015-1001-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
601caacd379172315f6cfffb985b4159a96e67bb16763d5a658276647f625617Red Hat Security Advisory 2015-1003-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
422cb9cd2c5794c27203769b3c622eee2665f29cb4a6305ca8a00af32b1ea44bRed Hat Security Advisory 2015-1002-01 - The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
36b8dc0dc040f168bcfb6d3931f9b68020149d31e605934b0251afd569aa45b8Red Hat Security Advisory 2015-0998-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
4560d87105d92523f195c69d8a771fe7e08b0abb29590473f66f27e5963fe158Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.
19b42ed0791ca913756b8b07af8ee72d0e8058d28591098fed1c46203ad10a2eUbuntu Security Notice 2608-1 - Jason Geffner discovered that QEMU incorrectly handled the virtual floppy driver. This issue is known as VENOM. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Daniel P. Berrange discovered that QEMU incorrectly handled VNC websockets. A remote attacker could use this issue to cause QEMU to consume memory, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. Various other issues were also addressed.
8016922249d1200857b855be754556a4986b2239c15572207796d8c4f2e6d88fWireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
d0f177b2ef49e4deae4ff7d3299bdd295ba558a3934ce8ae489b2f13927cbd82Core Security Technologies Advisory - SAP products make use of a proprietary implementation of the Lempel-Ziv-Thomas (LZC) adaptive dictionary compression algorithm and the Lempel-Ziv-Huffman (LZH) compression algorithm. These compression algorithms are used across several SAP products and programs. Vulnerabilities were found in the decompression routines that could be triggered in different scenarios, and could lead to execution of arbitrary code and denial of service conditions.
b7740dd59be457ef9148466ce77bd2cb7d93fd8bf564a611bcde64e3a811e628Concrete5 version 5.7.3.1 suffers from multiple cross site scripting vulnerabilities.
779a300e312a7f4499e82dec4285a6c6d712548afa3edad66c1b13bfc741514eWeb India Solutions CMS 2015 suffers from a remote SQL injection vulnerability.
186f772d4cbfbdca92299e311c1cfbd9921be6fd8774c3498aadb5307cb3e6b4Cisco Security Advisory - Cisco TelePresence TC and TE software contains bypass and denial of service vulnerabilities.
b039a112fa02e1201dfdfc19e955f20fdf2ab0107f851c51c766bcd7ab4086efDebian Linux Security Advisory 3259-1 - Several vulnerabilities were discovered in the qemu virtualisation solution.
0023f319a16ece6a882500e80e69ae44288802e335ef47565d8d36f8fc537ea8Cisco Security Advisory - A vulnerability in the web framework of multiple Cisco TelePresence products could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the affected parameter in a web page. Administrative privileges are required in order to access the affected parameter. A successful exploit could allow an attacker to execute system commands with the privileges of the root user.
83f9feb7e2383c6d20e2c82cb444ba7b846eaaec5df0301bda4e323cdd977ddeWordPress Booking Calendar Contact Form plugin version 1.0.2 suffers from cross site scripting and remote SQL injection vulnerabilities.
634d97d85a3a0669c521ef17cf7084d41acd83e7ce20d66da98dcc013771b672Gentoo Linux Security Advisory 201505-1 - Multiple vulnerabilities have been found in Ettercap, the worst of which allows remote attackers to execute arbitrary code. Versions less than 0.8.2 are affected.
4fb301318f73335466a17ade52ccdd90b1deaa42c752151235fba66990415fcbPure Faction versions 3.0c and below suffer from a buffer overflow vulnerability.
8618e8b91988d93e4585ec66b7b191bf0ccc0cebef32603efe81062604ab7e1fRed Hat Security Advisory 2015-0983-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service. All Tomcat 7 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the tomcat service will be restarted automatically.
5fbf9d2bfdeb25eabe097cd11548f49289ce461d6279a5523453f1740bab084eRed Hat Security Advisory 2015-0981-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A buffer overflow flaw was found in the way the Linux kernel's Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a connection with an active AEC-GCM mode IPSec security association. The kernel-rt packages have been upgraded to version 3.10.0-229.4.1, which provides a number of bug fixes and enhancements over the previous version, including:
f7685a4ef3fc6251d8ff3cbd208f6da216aaf3cd4ee9139d4759706f5ef69a7c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed