Ubuntu Security Notice 2743-1 - Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron McCormack, Bob Clary and Randell Jesup discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
8d33a81f77c730f95dd16f3bab40f85d87cd0c537040f9d23f930b588ce628dfOnapsis Security Advisory - SAP Business Objects suffers from a memory corruption vulnerability. By exploiting this vulnerability an unauthenticated attacker could read or write any business-relevant information from the Business Intelligence Platform and also render the system unavailable to other users.
38f5d4c8882c9a29b1c46ec18ce9b8b283de108c7ffe457c455f9e65e781276cHP Security Bulletin HPSBGN03391 1 - A potential security vulnerability has been identified with HP Universal CMDB Foundation, HP Universal Discovery, HP Universal CMDB Configuration Manager, and HP Universal CMDB Browser. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
2bf9e9c2b9e092721af653a4f13005c47bad6c8605a730281997473046c6220bHPE Security Bulletin HPSBUX03511 SSRT102248 1 - A potential security vulnerability has been identified in the HP-UX BIND service running named. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
f0f4a425f26cfc537edf32966bbe5b3a92ba5abc570439e968df19dcaebde252Red Hat Security Advisory 2015-1814-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB15-23 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
04645ca6049eed8e86e1550e5b314b7363f20c40256c27ff7eeadf40c1b033a8Debian Linux Security Advisory 3364-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service.
8bf9da5be4e19bd80a46b0d6dca4e33f958d1700f95fd2553a38de299594cc34Red Hat Security Advisory 2015-1834-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
fbc7cfc2cae262eb85335aecf1f1df1702139190a5fa7f1496fa9aa39509c7aaRed Hat Security Advisory 2015-1833-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU's RTL8139 emulation implementation processed network packets under RTL8139 controller's C+ mode of operation. An unprivileged guest user could use this flaw to read up to 65 KB of uninitialized QEMU heap memory.
1b9f9de6a561d36e27be6a6d8acd7ecf6adbb0c10073d9c0d28688c297cba284The Microsoft Windows kernel suffers from a use-after-free vulnerability related to DeferWindowPos.
9efdbf279fadc7781fc05c4c484e7fa55163ee3b825c2a7de5f5e364ae5d2187Cisco AnyConnect Secure Mobility Client for Windows is affected by an vulnerability that allows local attackers to execute arbitrary DLL files with elevated privilege. By exploiting this vulnerability is is possible for the attacker to gain SYSTEM privileges.
6e297eee712fe356db2c53d7b036bfdab4084dfcf2f39784ebf1a1798f5494f2Cryptokiller is a proof of concept tool designed to detect and stop the infection of Cryptolocker malware. It requires installation prior to infection.
ccf0eca33cb503b5c3c04d4ead32b3c49028a654e96b844df2574eb5e76f49aaOS X Regex Engine (TRE) suffers from integer signedness and overflow issues.
c4c0f4887f90a7b044ece2c30e99c3551cdccd98d07ef1bb542fc7bca4fc060eThe Microsoft Windows kernel suffers from a use-after-free vulnerability in printer device contexts.
a07b9af66e76968a00a50316dfce34128aec9040ef04506e03d9536f8f6a3dfeThe Microsoft Windows kernel suffers from a use-after-free vulnerability in the cursor object.
95d27966a74a174f8e04f20a3a1138c7d875365b2e9461676084a3fa4f84f1a6OS X Regex Engine (TRE) suffers from a stack buffer overflow vulnerability.
5ad1dbca55084a0bde0fa1fbe2614f5806fada2f7a3afbc24bc91426dba68011The Microsoft Windows kernel suffers from a pool buffer overflow in NtGdiStretchBlt.
cec5a4d82cefd5f7408a48e23c6eaff40a66ebae181a5611b5534e09b970f5ccThis proof of concept exploit triggers a crashes due to a pool buffer overflow while drawing the caption bar of window.
d57eb2d920703735304948c9d9db4ef91854194c06fd1384c9871449486a7418The Microsoft Windows kernel suffers from a buffer overflow vulnerability in Win32k!vSolidFillRect.
25f32ba5359a051b672c78122c332f74c82b3772f7ba804f808898f00fe1a921Air Drive Plus version 2.4 suffers from an arbitrary file upload vulnerability.
45b2bdfb1779aed0c438a06dfdc962185d60accb980272d0f874c01194cbced9The Microsoft Windows kernel suffers from a brush object use-after-free vulnerability.
ac1c9bbd47bafbca773cb80340ef700f905cab76f26f62766346947479e35793The Microsoft Windows kernel suffers from a use-after-free vulnerability in HmgAllocateObjectAttr.
e74e9b4659ae9cc8949897e4622853fa73eab51a3dc0249b28c703fe239770d4The Microsoft Windows kernel suffers from a NULL pointer dereference with window station and clipboard.
9f32e011ab66422b9eb1d0b4cb638eddddc956ca54dbeb3f19ad2f6d022e0f60The Microsoft Windows kernel suffers from a use-after-free vulnerability in WindowStation.
aa3efde61185dc1eb0cb8968c6c591a89fd27959b2d48dd4fabbf0770e09ec6ePdfium suffers from a heap-based out-of-bounds read vulnerability in Opj_dwt_decode_1 (libopenjpeg).
d20c039518c40f0e159c48830e1d0f707213086eb513383b2e55a5136f0ce263Pdfium suffers from an unmapped memory read (SIGSEGV) crash in CPDF_SampledFunc:v_Call.
bcea2e10f4a34c9f72f86396283659a515a7b1802c1e85445c9e56df7078cd48
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed