Ubuntu Security Notice 2743-1 - Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron McCormack, Bob Clary and Randell Jesup discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
8d33a81f77c730f95dd16f3bab40f85d87cd0c537040f9d23f930b588ce628df
Onapsis Security Advisory - SAP Business Objects suffers from a memory corruption vulnerability. By exploiting this vulnerability an unauthenticated attacker could read or write any business-relevant information from the Business Intelligence Platform and also render the system unavailable to other users.
38f5d4c8882c9a29b1c46ec18ce9b8b283de108c7ffe457c455f9e65e781276c
HP Security Bulletin HPSBGN03391 1 - A potential security vulnerability has been identified with HP Universal CMDB Foundation, HP Universal Discovery, HP Universal CMDB Configuration Manager, and HP Universal CMDB Browser. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
2bf9e9c2b9e092721af653a4f13005c47bad6c8605a730281997473046c6220b
HPE Security Bulletin HPSBUX03511 SSRT102248 1 - A potential security vulnerability has been identified in the HP-UX BIND service running named. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
f0f4a425f26cfc537edf32966bbe5b3a92ba5abc570439e968df19dcaebde252
Red Hat Security Advisory 2015-1814-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB15-23 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
04645ca6049eed8e86e1550e5b314b7363f20c40256c27ff7eeadf40c1b033a8
Debian Linux Security Advisory 3364-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service.
8bf9da5be4e19bd80a46b0d6dca4e33f958d1700f95fd2553a38de299594cc34
Red Hat Security Advisory 2015-1834-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
fbc7cfc2cae262eb85335aecf1f1df1702139190a5fa7f1496fa9aa39509c7aa
Red Hat Security Advisory 2015-1833-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU's RTL8139 emulation implementation processed network packets under RTL8139 controller's C+ mode of operation. An unprivileged guest user could use this flaw to read up to 65 KB of uninitialized QEMU heap memory.
1b9f9de6a561d36e27be6a6d8acd7ecf6adbb0c10073d9c0d28688c297cba284
The Microsoft Windows kernel suffers from a use-after-free vulnerability related to DeferWindowPos.
9efdbf279fadc7781fc05c4c484e7fa55163ee3b825c2a7de5f5e364ae5d2187
Cisco AnyConnect Secure Mobility Client for Windows is affected by an vulnerability that allows local attackers to execute arbitrary DLL files with elevated privilege. By exploiting this vulnerability is is possible for the attacker to gain SYSTEM privileges.
6e297eee712fe356db2c53d7b036bfdab4084dfcf2f39784ebf1a1798f5494f2
Cryptokiller is a proof of concept tool designed to detect and stop the infection of Cryptolocker malware. It requires installation prior to infection.
ccf0eca33cb503b5c3c04d4ead32b3c49028a654e96b844df2574eb5e76f49aa
OS X Regex Engine (TRE) suffers from integer signedness and overflow issues.
c4c0f4887f90a7b044ece2c30e99c3551cdccd98d07ef1bb542fc7bca4fc060e
The Microsoft Windows kernel suffers from a use-after-free vulnerability in printer device contexts.
a07b9af66e76968a00a50316dfce34128aec9040ef04506e03d9536f8f6a3dfe
The Microsoft Windows kernel suffers from a use-after-free vulnerability in the cursor object.
95d27966a74a174f8e04f20a3a1138c7d875365b2e9461676084a3fa4f84f1a6
OS X Regex Engine (TRE) suffers from a stack buffer overflow vulnerability.
5ad1dbca55084a0bde0fa1fbe2614f5806fada2f7a3afbc24bc91426dba68011
The Microsoft Windows kernel suffers from a pool buffer overflow in NtGdiStretchBlt.
cec5a4d82cefd5f7408a48e23c6eaff40a66ebae181a5611b5534e09b970f5cc
This proof of concept exploit triggers a crashes due to a pool buffer overflow while drawing the caption bar of window.
d57eb2d920703735304948c9d9db4ef91854194c06fd1384c9871449486a7418
The Microsoft Windows kernel suffers from a buffer overflow vulnerability in Win32k!vSolidFillRect.
25f32ba5359a051b672c78122c332f74c82b3772f7ba804f808898f00fe1a921
Air Drive Plus version 2.4 suffers from an arbitrary file upload vulnerability.
45b2bdfb1779aed0c438a06dfdc962185d60accb980272d0f874c01194cbced9
The Microsoft Windows kernel suffers from a brush object use-after-free vulnerability.
ac1c9bbd47bafbca773cb80340ef700f905cab76f26f62766346947479e35793
The Microsoft Windows kernel suffers from a use-after-free vulnerability in HmgAllocateObjectAttr.
e74e9b4659ae9cc8949897e4622853fa73eab51a3dc0249b28c703fe239770d4
The Microsoft Windows kernel suffers from a NULL pointer dereference with window station and clipboard.
9f32e011ab66422b9eb1d0b4cb638eddddc956ca54dbeb3f19ad2f6d022e0f60
The Microsoft Windows kernel suffers from a use-after-free vulnerability in WindowStation.
aa3efde61185dc1eb0cb8968c6c591a89fd27959b2d48dd4fabbf0770e09ec6e
Pdfium suffers from a heap-based out-of-bounds read vulnerability in Opj_dwt_decode_1 (libopenjpeg).
d20c039518c40f0e159c48830e1d0f707213086eb513383b2e55a5136f0ce263
Pdfium suffers from an unmapped memory read (SIGSEGV) crash in CPDF_SampledFunc:v_Call.
bcea2e10f4a34c9f72f86396283659a515a7b1802c1e85445c9e56df7078cd48