HP Client Security Manager version 8.3.4 suffers from a cross site scripting vulnerability.
01df5385f599231ac5a52b7ca43cb404f1d8358282ebd63f386750fa880eb352iptables-bash_completion provides programmable completion for the iptables and ip6tables programs from netfilter.org. Following the logic of iptables, options are shown only if they are valid at the current context. Additionally to the completion on options, matches and targets, it supports dynamic retrieval of data from the system i.e: chain-, set-names, interfaces, hostnames, etc. Environment variables allow to fine grade completion options. IP and MAC addresses can be fed by file.
0013a891e79cdf35a19af5d1088a328aefd1de83fed9b86ca94709cd476c7ae2WebKitGTK+ versions prior to 2.10.5 suffer from arbitrary code execution and denial of service vulnerabilities.
d70757561f6963c96b16ee3214ef4f90509c31293a8c0b779b7531052b443330openssl_seal() is prone to use uninitialized memory that can be turned into a code execution. This document describes technical details of the journey to hijack apache2 requests. It is a very well written and thoroughly documented piece of research.
7328b4676384b96b2489eec8e7c79cb066123cadf924ac7ffb3cdc3f203e52c4Ubuntu Security Notice 2890-2 - It was discovered that a use-after-free vulnerability existed in the AF_UNIX implementation in the Linux kernel. A local attacker could use crafted epoll_ctl calls to cause a denial of service (system crash) or expose sensitive information. It was discovered that the KVM implementation in the Linux kernel did not properly restore the values of the Programmable Interrupt Timer (PIT). A user-assisted attacker in a KVM guest could cause a denial of service in the host (system crash). Various other issues were also addressed.
3017b113d92983c899f5afeb5d0837516181dd39dc3b825adc1dc5398c097593Ubuntu Security Notice 2890-1 - It was discovered that a use-after-free vulnerability existed in the AF_UNIX implementation in the Linux kernel. A local attacker could use crafted epoll_ctl calls to cause a denial of service (system crash) or expose sensitive information. It was discovered that the KVM implementation in the Linux kernel did not properly restore the values of the Programmable Interrupt Timer (PIT). A user-assisted attacker in a KVM guest could cause a denial of service in the host (system crash). Various other issues were also addressed.
7e32a7f6bd16cb21244db5518db99454b3180703f06d5108438bd7cd22d6b567Ubuntu Security Notice 2889-2 - It was discovered that a use-after-free vulnerability existed in the AF_UNIX implementation in the Linux kernel. A local attacker could use crafted epoll_ctl calls to cause a denial of service (system crash) or expose sensitive information. It was discovered that the KVM implementation in the Linux kernel did not properly restore the values of the Programmable Interrupt Timer (PIT). A user-assisted attacker in a KVM guest could cause a denial of service in the host (system crash). Various other issues were also addressed.
564b31acd29d4309f6d5ed60bee09df545d4e7fc86af07e6de9e7651c80d6535Ubuntu Security Notice 2889-1 - It was discovered that a use-after-free vulnerability existed in the AF_UNIX implementation in the Linux kernel. A local attacker could use crafted epoll_ctl calls to cause a denial of service (system crash) or expose sensitive information. It was discovered that the KVM implementation in the Linux kernel did not properly restore the values of the Programmable Interrupt Timer (PIT). A user-assisted attacker in a KVM guest could cause a denial of service in the host (system crash). Various other issues were also addressed.
2f15c368215fa57346ae83a6f4368ff920466293d1af15e29957cc7653bd3e9aUbuntu Security Notice 2888-1 - It was discovered that a use-after-free vulnerability existed in the AF_UNIX implementation in the Linux kernel. A local attacker could use crafted epoll_ctl calls to cause a denial of service (system crash) or expose sensitive information. It was discovered that the KVM implementation in the Linux kernel did not properly restore the values of the Programmable Interrupt Timer (PIT). A user-assisted attacker in a KVM guest could cause a denial of service in the host (system crash). Various other issues were also addressed.
8dcda68c9a619fd87faff8f074fba6ebbf378808c7a0d0aad614c4a46fbe15eeUbuntu Security Notice 2887-2 - It was discovered that a use-after-free vulnerability existed in the AF_UNIX implementation in the Linux kernel. A local attacker could use crafted epoll_ctl calls to cause a denial of service (system crash) or expose sensitive information. It was discovered that the KVM implementation in the Linux kernel did not properly restore the values of the Programmable Interrupt Timer (PIT). A user-assisted attacker in a KVM guest could cause a denial of service in the host (system crash). Various other issues were also addressed.
2501071a312e0e7869161e733b88900ff7fdcc87e9630c5cc3ad2a7e788ff1d2Ubuntu Security Notice 2887-1 - It was discovered that a use-after-free vulnerability existed in the AF_UNIX implementation in the Linux kernel. A local attacker could use crafted epoll_ctl calls to cause a denial of service (system crash) or expose sensitive information. It was discovered that the KVM implementation in the Linux kernel did not properly restore the values of the Programmable Interrupt Timer (PIT). A user-assisted attacker in a KVM guest could cause a denial of service in the host (system crash). Various other issues were also addressed.
085e1d9c599d653a0ca365ddbce48e44ce97b9ce6d96f3bea947c22ef3e8d0dfUbuntu Security Notice 2886-1 - It was discovered that a use-after-free vulnerability existed in the AF_UNIX implementation in the Linux kernel. A local attacker could use crafted epoll_ctl calls to cause a denial of service (system crash) or expose sensitive information. It was discovered that the KVM implementation in the Linux kernel did not properly restore the values of the Programmable Interrupt Timer (PIT). A user-assisted attacker in a KVM guest could cause a denial of service in the host (system crash). Various other issues were also addressed.
24d6d7ae8c64e0028b98928f5ea1fa07cc6257b83053299993d4ac0a54e5d3e1Red Hat Security Advisory 2016-0101-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
63895a835faf073a57a9ba6a57a62ba8a4634bf64fa823b2a6994b09cf68ffd2Red Hat Security Advisory 2016-0099-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
6ebaf7d75c3ae9993db5836bd9a36e387e94f436d98dd756ca7eb580920bbefcRed Hat Security Advisory 2016-0098-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
bec252009b00ff84b6be0894538e01d03f865c5c5c0b9f60b8494ad259de8c85Red Hat Security Advisory 2016-0100-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
136f4ec16f28d13aae6f2aa70faa38065d737b72856de9a91806e921af4a23bfUbuntu Security Notice 2890-3 - It was discovered that a use-after-free vulnerability existed in the AF_UNIX implementation in the Linux kernel. A local attacker could use crafted epoll_ctl calls to cause a denial of service (system crash) or expose sensitive information. It was discovered that the KVM implementation in the Linux kernel did not properly restore the values of the Programmable Interrupt Timer (PIT). A user-assisted attacker in a KVM guest could cause a denial of service in the host (system crash). Various other issues were also addressed.
3c1fd9107abb37a2665cc487b029ad27a16d374ef098661f586ea50924991389Ubuntu Security Notice 2886-2 - It was discovered that a use-after-free vulnerability existed in the AF_UNIX implementation in the Linux kernel. A local attacker could use crafted epoll_ctl calls to cause a denial of service (system crash) or expose sensitive information. It was discovered that the KVM implementation in the Linux kernel did not properly restore the values of the Programmable Interrupt Timer (PIT). A user-assisted attacker in a KVM guest could cause a denial of service in the host (system crash). Various other issues were also addressed.
f224ae824b3b14b9ca929cf40a2e3f6f5db08bd558114527506befeea164e26aBotan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference.
88c82dd280ee6f12cbe4689d8fb9122169b4021bd37ad4cdb405724856c9a0dcDAQMaster version 1.7.3 suffers from a vulnerability that is caused due to a boundary error in the processing of a project file, which can be exploited to cause a buffer overflow when a user opens e.g. a specially crafted .DQP project file with a large array of bytes inserted in the 'Description' element. Successful exploitation could allow execution of arbitrary code on the affected machine.
c28b0340f9bd3624499cd43f43c7dc13fc39694b7bbb0b4a97b840e8e8bd96e5Red Hat Security Advisory 2016-0096-01 - Redis is an advanced key-value store. It is often referred to as a data structure server because keys can contain strings, hashes, lists, sets, or sorted sets. An integer-wraparound flaw leading to a stack-based overflow was found in Redis. A user with access to run Lua code in a Redis session could possibly use this flaw to crash the server or gain code execution outside of the Lua sandbox. All users of redis are advised to upgrade to these updated packages, which correct this issue.
8fbab6c22fdc95b67df5fab8e3146f1a687d3bc5c65dff7c290c2de51a9b3314Red Hat Security Advisory 2016-0095-01 - Redis is an advanced key-value store. It is often referred to as a data structure server because keys can contain strings, hashes, lists, sets, or sorted sets. An integer-wraparound flaw leading to a stack-based overflow was found in Redis. A user with access to run Lua code in a Redis session could possibly use this flaw to crash the server or gain code execution outside of the Lua sandbox. All users of redis are advised to upgrade to these updated packages, which correct this issue.
d86787dabf66c7ae8f5e49cab53f5213cc346b0e7021a00d401bead1d93ef0b6Red Hat Security Advisory 2016-0097-01 - Redis is an advanced key-value store. It is often referred to as a data structure server because keys can contain strings, hashes, lists, sets, or sorted sets. An integer-wraparound flaw leading to a stack-based overflow was found in Redis. A user with access to run Lua code in a Redis session could possibly use this flaw to crash the server or gain code execution outside of the Lua sandbox. All users of redis are advised to upgrade to these updated packages, which correct this issue.
a0f14356f83d21b0785de88238031ace2efd462267bad58cda383238d5ce5631Ubuntu Security Notice 2885-1 - Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. A vulnerability was discovered in the OpenJDK JRE related to data integrity. An attacker could exploit this to expose sensitive data over the network or possibly execute arbitrary code. Various other issues were also addressed.
fa63c6c2c303642da683e3d237b60b826f0c5b6e557ce4a9c9737590624aebfdUbuntu Security Notice 2884-1 - Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. A vulnerability was discovered in the OpenJDK JRE related to data integrity. An attacker could exploit this to expose sensitive data over the network or possibly execute arbitrary code. Various other issues were also addressed.
32aa8c4f4e1ef343e1d431c8598af07ac11c95afc48eced313ed0c3468731f82
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed