Red Hat Security Advisory 2016-0013-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. A vulnerability was discovered in the way OpenStack Compute networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances.
fcf160828cd160289cd554d2cc98fcd8df961d610849bde9ed000e779baa6a3dUbuntu Security Notice 2863-1 - Karthikeyan Bhargavan and Gaetan Leurent discovered that OpenSSL incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information.
94a3f50e35125a333662102506d570c802df7207bcc97fe5c838b1618c88fcdfRed Hat Security Advisory 2016-0005-01 - The rpcbind utility is a server that converts RPC program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. A use-after-free flaw related to the PMAP_CALLIT operation and TCP/UDP connections was discovered in rpcbind. A remote attacker could possibly exploit this flaw to crash the rpcbind service by performing a series of UDP and TCP calls. All rpcbind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. If the rpcbind service is running, it will be automatically restarted after installing this update.
ba77d1ef8f14f6a9cc7ef813be30ad166ae7d317dfe5cfad13ef388020ea8b53Serendipity version 2.0.2 suffers from a cross site scripting vulnerability.
e95b30729df1fe5b42e1dc59030dd9a7255c75aedc1da023499c18019c06d66bOpenCart version 2.1.0.1 suffers from a cross site scripting vulnerability.
be4592c9395d860112b8f4b1375f72eb230a7b5984f3c00b9ce788a9bce7ccc6RedTeam Pentesting discovered that several models of the AVM FRITZ!Box are vulnerable to a stack-based buffer overflow, which allows attackers to execute arbitrary code on the device. Versions prior to 6.30 are affected.
228e71e3485b2cc97ccb9ddbef86d309e9fbac2497428d5179defa994f72604bThe firmware upgrade process of the FRITZ!Box 7490 is flawed. Specially crafted firmware images can overwrite critical files. Arbitrary code can get executed if an attempt is made to install such a manipulated firmware. Versions prior to 6.30 are affected.
575a5202feb5cb4ff01e56570859e1e60b9ab855f5594241a51b4e330b92b5b4ZoneAlarm installers suffer from a DLL hijacking vulnerability.
3cf21572a66055de83c57f610ece78c8508a64444a975d3151ee4d6e2235852fEmsisoft Anti Malware suffers from a DLL hijacking vulnerability.
73ae11a582480d884f45c68f80e0ef4fd1559ee05d36fa346ac9015d908de52cownCloud versions 8.2.1 and below, 8.1.4 and below, and 8.0.9 and below suffer from an information exposure vulnerability via directory listings.
2a03e49b47f5b92a36e0f7c8b25d095b6e9255abca3e8fe34b1f15409b04a89cUbuntu Security Notice 2862-1 - It was discovered that Pygments incorrectly sanitized strings used to search system fonts. An attacker could possibly use this issue to execute arbitrary code.
558ac4dd2f79d1d7d79c08e19231c5dec5c45989e50d6cd770514b0f9ef9252eHP Security Bulletin HPSBGN03530 1 - A potential security vulnerability has been identified in HPE UCMDB Browser. The vulnerability could be exploited to allow remote disclosure of sensitive information and result in local unauthorized access. Note: This vulnerability only impacts customers using UCMDB browser. Revision 1 of this advisory.
62f31573feba619bf90d01d7cb439201723d4c68afd316e9bbd47bf7bcd5fdb1Red Hat Security Advisory 2016-0004-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the x86 ISA is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way delivering of benign exceptions such as #AC and #DB is handled. A privileged user inside a guest could use these flaws to create denial of service conditions on the host kernel.
7b6c1de75da65d611115bc77583ed4b8a46c10ea69c41a966860776907c7ffa6The WordPress Stanford theme suffers from a cross site scripting vulnerability.
b6ebd8b3e2371a264e06442e5602b62001924bd0dca16efb2961e677a1d53774Ubuntu Security Notice 2861-1 - It was discovered that libpng incorrectly handled certain small bit-depth values. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program. Qixue Xiao and Chen Yu discovered that libpng incorrectly handled certain malformed images. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. Various other issues were also addressed.
250edfc00fe008bf19be3780c5c89d17689a5a31fbb5f607cd428f829750e1fa
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed