Ubuntu Security Notice 3120-1 - Aleksandar Nikolic discovered that Memcached incorrectly handled certain malformed commands. A remote attacker could use this issue to cause Memcached to crash, resulting in a denial of service, or possibly execute arbitrary code.
c72d8526a3a63a8705d154bfa0fc4e191132c3fa4b076a2b2890e35073672ee8
SweetRice version 1.5.1 suffers from a local file inclusion vulnerability.
88b2e9b807e6b3fb469cdf98b022ad6ccc0d8005acdd320eecc5391780b6e667
Red Hat Security Advisory 2016-2141-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.
fcf034db5afe4b2532e037b2bbe28962811acb85b36e3ccd0f783f550b9a0335
Red Hat Security Advisory 2016-2142-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.
ea4b6e74a7dd32e33c0486fff0c7930316e221932fd6ec7f09662a1913b54cb1
SweetRice version 1.5.1 suffers from a cross site request forgery vulnerability.
dc3334cb55b93f8cbcc56e283ba7660aa6a9a7eaefcc039650cf93728a4a4009
Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.
0760907d7e52413e2ad65dcd8a848ea9a0a7a64b449040e0274577f2c2e19f0b
MySQL-based databases including MySQL, MariaDB and PerconaDB are affected by a privilege escalation vulnerability which can let attackers who have gained access to mysql system user to further escalate their privileges to root user allowing them to fully compromise the system. The vulnerability stems from unsafe file handling of error logs and other files.
ee10c5cd536b7cd793ebaa9a73ff8ae60ef21aeb38f837d26de4bd6c0456a67a
Citrix Receiver / Receiver Desktop Lock version 4.5 suffers from an authentication bypass vulnerability.
b5b665b62d8bd65c8349df73d7cef8a91bd89e880eac933239beacebb88b38bd
Alienvault OSSIM/USM versions 5.3.1 and below suffer from a php object injection vulnerability.
15c73504476ef61ce3f78973018cb8b2513108fb8a4f815dca1ef6a0da27f672
Alienvault OSSIM/USM versions 5.3.1 and below suffer from a stored cross site scripting vulnerability.
373697a8bc5814e72590ca5c5ffda41e105c91a84d2e74b0d4e25fb2659889b6
Alienvault OSSIM/USM versions 5.3.1 and below suffer from a remote SQL injection vulnerability.
30fc087a9e2c28203acf4fa8bf0c93d8dbf91426b95c05cb6c56d71080f5ecdc
Alienvault OSSIM/USM versions 5.3.1 and below suffer from a cross site scripting vulnerability.
67edb0c1f8dc320c504c4dc2955487eacc3b39dcbb0d2dd72fa7e4322b63bd3e
Exponent CMS versions 2.3.9 and below suffer from multiple remote SQL injection vulnerabilities. Updates have been released to address these identified issues.
4614da0d1efe21e2944196b5c2147b709215dcc7f68b43e174b80dcd9f9987bb
Setting the listStyleImage property of an Element object causes MSIE 11 to allocate 0x4C bytes for an "image context" structure, which contains a reference to the document object as well as a reference to the same CMarkup object as the document. When the element is removed from the document/document fragment, this image context is freed on the next "draw". However, the code continues to use the freed context almost immediately after it is freed.
7c3474c2032d42f936d3ff0e59c7c8ce6f77233bc469225fdf7ba7bf031ca859
Ubuntu Security Notice 3113-1 - It was discovered that a long running unload handler could cause an incognito profile to be reused in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. Multiple security vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting attacks, spoof an application's URL bar, obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.
a37a2990cf3e52c06cf1b228e9f51c63c9a45eeea4c40de893b1180f73ffadec
Red Hat Security Advisory 2016-2137-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR3-FP60. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
27b8594bf77ecba0626ec8d2d2489ed4492089d6134c31d9bf7080f3c067a709
Red Hat Security Advisory 2016-2138-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7 SR9-FP60. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
6e4918b269153f78278adde7b83154620fa364657008de01c477055665f727d3
Red Hat Security Advisory 2016-2136-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR3-FP20. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
dd9434b1f9d154f26decdb8fd9a286b51eec459d030df0251f2942b0086ff1a6
Mini Notice Board version 1.1 suffers from a cross site scripting vulnerability.
6957122e160064e990994cd6762ffd1560fc73ef872a0ee5113dca59d2eee010
Mini Notice Board version 1.1 suffers from a remote SQL injection vulnerability.
a1bf3d7008d9b0fbb3e64a012d2991efbe328a7beb16aad18b1eb41165e47865
An independent research has revealed a race condition vulnerability which affects MySQL, MariaDB and PerconaDB databases. The vulnerability can allow a local system user with access to the affected database in the context of a low-privileged account (CREATE/INSERT/SELECT grants) to escalate their privileges and execute arbitrary code as the database system user (typically 'mysql').
01f753f3d94e735ce76518cc2e604e919a99e02cf0b9361221ae6463f8e2aed2
Caph version 1.1 suffers from a local buffer overflow vulnerability that can cause a denial of service.
c2d87810cbcbd69013c820d24ff1b8f38ad42ce2cd5e927d7bbdde20223de6d6
PCMan FTP server version 2.0.7 suffers from a UMASK command related buffer overflow vulnerability.
722529aeb4544b71b6b16032a5337a05020d806734bc9cfc571be326ebcc7870
FreeFloat FTP server version 1.0 suffers from a RENAME command related buffer overflow vulnerability.
06d6fe0ce12ca38a4bd0c47b5855cf1baeaafddae21c072ba66d602ec0c3a525
Freefloat FTP server version 1.0 suffers from a DIR command buffer overflow vulnerability.
fc88322bea12ba1929f4fcf9a2fc4501d83cfe860127d5dcd1c43f99fa6a940b