Debian Linux Security Advisory 3491-1 - Multiple security issues have been found in Icedove, Debian's version of integer overflows, buffer overflows and other implementation errors may lead to the execution of arbitrary code or denial of service.
da789ff35efec29f4e4ba6d3ad8fcb7147acd2e8c11c35d4d42e58f5405efaecThe Xerces-C XML parser mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. The bugs allow for a denial of service attack in many applications by an unauthenticated attacker, and could conceivably result in remote code execution. Apache Xerces-C XML Parser library versions prior to 3.1.3 are affected.
f78b373fd91beab5983d07e6a0808ff4c3c1af8dbb9cbeb69a728c93b7f28a6dOpen Web Analytics version 1.5.7 suffers from a cross site scripting vulnerability.
9826ef468507dad63ad72b499b5f63fa30e841d17b63f398c4f0bb78be5d5099A Linux IPv4 firewall and traffic shaper for single hosts to small and mid-sized networks. It allows flexible rule creation, while also shipping with presets for common needs. Rules are written in simple XML, allowing various ways to group and nest the iptables arguments. An interactive mode is available in order to build configuration files in a wizard based manner. Extensive documentation is also included.
5bbc72085a6544c6a411a4a568ee423b7d260fdbef9ffbeca2cc4f4cebc20ba9JSN PowerAdmin Joomla! extension version 2.3.0 suffers from cross site request forgery, code execution, and cross site scripting vulnerabilities.
52695b93ab343b3468cd352906fc52305c66d72e1dc525d9bcd653d77d405702WordPress User Submitted Posts plugin version 20151113 suffers from a persistent cross site scripting vulnerability.
ed9820128cacf907158c375e09ab3a252f3645fb8fed827c1e752230a084a0f8Magento versions 1.9.2.2 and below suffer from an information disclosure vulnerability in their RSS feed.
01b433ea9ea8a8bfd60a02085deff0d6671bc1935cc0aafe2a78128162522f37In certain kernel versions it is possible to use the AIO subsystem (io_submit syscall) to pass size values larger than MAX_RW_COUNT to the networking subsystem's sendmsg implementation. In the L2TP PPP sendmsg implementation, a large size parameter can lead to an integer overflow and kernel heap corruption during socket buffer allocation. This could be exploited to allow local privilege escalation from an unprivileged user account.
4e8facb5af3635bb5a75286e2815b09aff43b1be7ba523d3b34d41c5a7c53bedA crash can occurs due to a heap-based buffer overflow in the ASAN build of Wireshark (current git master), by feeding a malformed file to tshark.
a7fdbcbd73763761e1e07330bb5c8d3c8ae31713eeb2d4a7465c6ef3bbf98840Ubiquiti Networks UniFi version 3.2.10 suffers from a cross site request forgery vulnerability.
ce6b8f6b7d6df9b959e6dc54e07373ec0465accd0d4c1c0b4ce70674fb6f11ceManageEngine Firewall Analyzer version 8.5 SP-5.0 suffers from multiple cross site scripting vulnerabilities.
358c9090c7ae34b10cce327c19668cc4988fd2e24d1d402f559975a3cfdbbf06GTA Firewall GB-OS version 6.2.02 suffers from a local malicious script insertion vulnerability.
4cd215368c415a6cbaf6fb3acfa8229e1e2cc4e04a4c7a02b548cec34d49bd1cUbuntu Security Notice 2903-2 - USN-2903-1 fixed a vulnerability in NSS. An incorrect package versioning change in Ubuntu 12.04 LTS caused a regression when building software against NSS. This update fixes the problem. Hanno Boeck discovered that NSS incorrectly handled certain division functions, possibly leading to cryptographic weaknesses. This update also refreshes the NSS package to version 3.21 which includes the latest CA certificate bundle, and removes the SPI CA. Various other issues were also addressed.
d3283200efa890107e2802a18cd81e5fbdacb3975b6da21cb9ccb7a1f29a4936Ubuntu Security Notice 2912-1 - Mariusz Ziulek discovered that libssh incorrectly handled certain packets. A remote attacker could possibly use this issue to cause libssh to crash, resulting in a denial of service. Aris Adamantiadis discovered that libssh incorrectly generated ephemeral secret keys of 128 bits instead of the recommended 1024 or 2048 bits when using the diffie-hellman-group1 and diffie-hellman-group14 methods. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Various other issues were also addressed.
64e90d7f17cf676e3947fb61a36d15d6f07e6deabaa7f62a7ebfb2162dfd9513Debian Linux Security Advisory 3490-1 - Jakub Palaczynski discovered that websvn, a web viewer for Subversion repositories, does not correctly sanitize user-supplied input, which allows a remote user to run reflected cross-site scripting attacks.
53a4c90ad8a733d951c85c8ee6e8ca7778459df6598921af5feb70eb94121a26Ubuntu Security Notice 2913-3 - USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates package. This update adds support for alternate certificate chains to the OpenSSL package to properly handle the removal. The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20160104 package, including the removal of the SPI CA and CA certificates with 1024-bit RSA keys. Various other issues were also addressed.
c198e28b8b59a884388a1eb27d838210f90932ae75ee1fec0af1b5491d053ce9eFront Learning CMS version 3.6.15.6 suffers from a persistent cross site scripting vulnerability in the message attachment.
85f17b5db889a6f5d1dc69715ae65751c63987fc043b34df2c9e9777cc172f26eFront Learning CMS version 3.6.15.6 suffers from a persistent cross site scripting vulnerability in the forum functionality.
6cb381140d19e5e549ed59d0d3373cadd6f8e834f072df94ed2fce950508a98cUbuntu Security Notice 2913-2 - USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates package. This update adds support for alternate certificate chains to the glib-networking package to properly handle the removal. The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20160104 package, including the removal of the SPI CA and CA certificates with 1024-bit RSA keys. Various other issues were also addressed.
ab7659c100784f51078d656f5d345f4d76baef12693db5a63459b0ecdd936ce0Ubuntu Security Notice 2913-1 - The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20160104 package, including the removal of the SPI CA and CA certificates with 1024-bit RSA keys.
e999003563be7de56a36e34886410351bc8b531a564823c40bcc8d3ad252c3e4Ubuntu Security Notice 2913-4 - USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates package. This update adds support for alternate certificate chains to the GnuTLS package to properly handle the removal. The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20160104 package, including the removal of the SPI CA and CA certificates with 1024-bit RSA keys. Various other issues were also addressed.
c162bdcdced611e7f10d60d6e0fdfecbf8f5e319ae04425626daf30a3d3d9073Slackware Security Advisory - New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
37713e13555f43d3a710763934080ccf84cfd0f0cb9b3f3824fd084a85878b2cSlackware Security Advisory - New libgcrypt packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
73a3deca2a05e8acdc01fcb8f5f2055eb21d39018b48ffb888c23cb70541b822Ubuntu Security Notice 2905-1 - A security issue was discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions or a sandbox protection mechanism.
1010082f4b4515fb23965355c4cddcf093a1901472ec01c0a096ad3afd55fc5fInstallShield suffers from a DLL hijacking vulnerability.
4c5735bf0c7180106c89369ae626f03213246d7d0d90f51d7b872e835b3c3bf3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed