Adobe Flash suffers from an out-of-bounds crash due to a negative table indexing error loading an 8-byte wide value.
b3ad0dc02ed41ab14eba6c462db84fb45a39c098eb29704bf6b8223a07f586b3Adobe Flash has an issue where a corrupt stack leads to misaligned XMM instruction decoding h.264.
086db050537a7703e18f330b90eadb38bd185e96a3d67e197511bc2195eeb98fAdobe Flash suffers from a crash due to a wild pointer 0x1808121a502959a4 decoding h.264.
74a5f32e448690af1d7c9d399017241a40f3bdb279dde7a3861f9ea7c03354ceThere is an apparent use-after-free in Adobe Flash video decoding, which can be manifesting by running a specific SWF file.
723433120939057b04d68a11edd9e1ad87990051b590609ba3cc7d93f7fbcb70Red Hat Security Advisory 2016-0466-01 - OpenSSH is OpenBSD's SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions. It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks.
93381a3609cbd40ea19fd90f3d6532393c3c33d49bf30bab516193963789fd55Red Hat Security Advisory 2016-0465-01 - OpenSSH is OpenBSD's SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions. An access flaw was discovered in OpenSSH; the OpenSSH client did not correctly handle failures to generate authentication cookies for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested.
ec747fbcdba74a44a4ea458f9664256110da65f71f30774569e157e19509d8deUbuntu Security Notice 2938-1 - Lael Cellier discovered that Git incorrectly handled path strings in crafted Git repositories. A remote attacker could use this issue to cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking Git.
d4a0d948833adb3e11088215135e259147bc0b69370d9650067ca30edb3e8b2cHP Security Bulletin HPSBMU03562 1 - A vulnerability in Apache Commons Collections for handling Java object deserialization was addressed by HPE Service Manager. The vulnerability could be exploited remotely to allow code execution. Revision 1 of this advisory.
a1c6b05d91e43e9dc01451c2fb600f54a3523e810077b08aec7f60a544b9b1d8Ubuntu Security Notice 2937-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
9e8b68079ff3270e979de901c8faf5bdecbde047aa6e873a355a2b80f1b1099eHP Security Bulletin HPSBGN03560 1 - A vulnerability in Apache Commons Collections (ACC) for handling Java object deserialization was addressed by HP Operations Orchestration. The vulnerability could be exploited remotely to allow remote code execution. Revision 1 of this advisory.
dabf88562c3d568574f16c9869668dd905462c090a231336b8ec7d56f2e5c20aHP Security Bulletin HPSBGN03551 1 - HPE Helion Development Platform has addressed stack based buffer overflows in glibc's implementation of getaddrinfo(). These vulnerabilities could be remotely exploited to cause a Denial of Service (DoS) or allow execution of arbitrary code on the host with the permissions of a user running glibc library. Revision 1 of this advisory.
6a5c6e511c9ded81cb50fa7de880a49ca9815f8fa2566a142a513c72014743b9Achievo version 1.4.5 suffers from a cross site scripting vulnerability.
2bb51e2f4e2f8702ae0035b8966a60f8a3ecf72ef374d448dab6e86e0d05ee6d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed