MyTy versions 5.0.4 through 5.1.6 suffer from a remote blind SQL injection vulnerability.
df077096933740cbc5dda72b5207f5cb81f1182b1fba66ba91e1268b7238d580
WordPress Breezing Forms plugin version 1.2.7.42 suffers from a cross site scripting vulnerability.
41763619e792391172d71411d172e2e161c1572a77a982484ca87352f8c27522
WordPress Yoast SEO plugin versions prior to 5.8.0 suffer from a cross site scripting vulnerability.
2ce84b33f1dfc3f237bbabbd7b58e9c615a29cdae1fb79c8b4400bdef60d4dc2
Anthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. Bo Zhang discovered that the netlink wireless configuration interface in the Linux kernel did not properly validate attributes when handling certain requests. A local attacker with the CAP_NET_ADMIN could use this to cause a denial of service (system crash). It was discovered that the nested KVM implementation in the Linux kernel in some situations did not properly prevent second level guests from reading and writing the hardware CR8 register. A local attacker in a guest could use this to cause a denial of service (system crash). Otto Ebeling discovered that the memory manager in the Linux kernel did not properly check the effective UID in some situations. A local attacker could use this to expose sensitive information.
edb82348b5a039b33b9384fa15982bf40763c4759bd961c0919c901dad68ef13
Ubuntu Security Notice 3489-2 - USN-3489-1 fixed a vulnerability in Berkeley DB. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Berkeley DB incorrectly handled certain configuration files. An attacker could possibly use this issue to read sensitive information. Various other issues were also addressed.
cf9464bf3efc784c1fec1c648463a44848eb3b857e1ea8ff5529884f9e98beb9
Ubuntu Security Notice 3489-1 - It was discovered that Berkeley DB incorrectly handled certain configuration files. An attacker could possibly use this issue to read sensitive information.
c058b86e4fa38c149597b03c35bf49b0812a8cb982d4031022685421b541718d
Ubuntu Security Notice 3485-3 - It was discovered that a race condition existed in the ALSA subsystem of the Linux kernel when creating and deleting a port via ioctl. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Eric Biggers discovered that the key management subsystem in the Linux kernel did not properly restrict adding a key that already exists but is uninstantiated. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
7da5419563f06df09537b920b44d8c50ddccc6b040d38e604644a47cae423f6b
Ubuntu Security Notice 3488-1 - It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code in the host OS.
c1e35746dc389da33be23fd550b5d2ea09da8fe25a1c9386e6e169074670c3b4
Ubuntu Security Notice 3487-1 - It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code in the host OS. It was discovered that on the PowerPC architecture, the kernel did not properly sanitize the signal stack when handling sigreturn. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
5d3daa3acae196e215ffb752dacad9fbeacb9381db28059612dbc4bf68e35c68
Debian Linux Security Advisory 4045-1 - Several vulnerabilities have been found in VLC, the VideoLAN project's media player. Processing malformed media files could lead to denial of service and potentially the execution of arbitrary code.
26d19241f11b5068b8bae2d8844addaf42b84f20f7570c9617fb8cf074430223
Debian Linux Security Advisory 4044-1 - A vulnerability has been discovered in swauth, an authentication system for Swift, a distributed virtual object store used in Openstack.
bcb4d94a51fa447308953d3da1424571e6afb8a4b0b4b3bff7a8fe9b213ba72e
Ubuntu Security Notice 3484-3 - It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code in the host OS.
810ee0b10f8a7c0a7b23d2c5be0e7c77a26446b1bdce742149f776bda2214a0b
HPE Security Bulletin HPESBHF03798 1 - A vulnerability in HPE certain Gen10 Servers, DL20 Gen9, ML30 Gen9 and certain Apollo servers with Intel Server Platform Service (SPS) v4.0 are vulnerable to local Denial of Service and execution of arbitrary code. **Note:** Intel has identified security vulnerabilities which could potentially place impacted platforms at risk. An issue impacts Intel Server Platform Service (SPS) v4.0 used in certain HPE servers. The SPS/ME firmware used in Intels architecture can be compromised with physical access such that non-authenticated code may be executed in the SPS environment outside of the visibility of the user and operating system administrator. Intel has released new revisions of the Intel Server Platform Service (SPS) firmware to address this vulnerability. Revision 1 of this advisory.
9adf13f4521f8cbcfe8d21fbee0081a44a17eddb70e3e2f4994aa384e9adba78
Secunia Research has discovered a vulnerability in Oracle Outside In, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the vstif6.dll, which can be exploited to cause an out-of-bounds write memory access. The vulnerability is confirmed in version 8.5.3.
0bb128f0ffb554a5ec684f320f0107962750c13a805e277aeb88e4558151e774
Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
38f7cf697ca5101a3413425d16fa5fe912cf9e1f061103f0b7138fd96d40b92e
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
24253d9cafafa96ad86f65701c10afb41ec515d3e8136d465b38dc04fdfb2363
There is a Microsoft Windows kernel stack memory disclosure vulnerability in win32k!xxxSendMenuSelect via fnHkINLPMSG user-mode callback.
29ecb93fa8a796617a90f59536bcfb9ac394c28a5e7d91ca72284eb636894416
It was discovered that the nt!NtQueryDirectoryFile system call discloses portions of uninitialized pool memory to user-mode clients on Windows 10, due to uninitialized fields in the output structure being copied to the application.
26b521138b8cf592b692e063a57e00a17c82cb345e491baf906a7173cc27e0ce
It is possible to add a cached signing level to an unsigned file by exploiting a TOCTOU in CI leading to circumvention of Device Guard policies and possibly PPL signing levels.
10740234534d576953b78d366019b0eaed2b7e2f77b447ea307edd5c886a5515
The Microsoft Windows Kernel suffers from multiple stack and pool memory disclosures into NTFS file system metadata.
9bb7494ef313febec2f8ee393749b8c35f9776237506d2a47110240296b5f9a0
EMC ScaleIO versions 2.0.1.3, 2.0.1.2, 2.0.1.1, and 2.0.1 suffer from information disclosure, denial of service, and buffer overflow vulnerabilities.
be050ea74ac79527efbffae6b80e7c3d92d2412e2430c1bda95de7bb39910b78
RSA Authentication Manager versions 8.2 SP1 P5 and below suffer from a stored cross site scripting vulnerability.
58d2e95c51a90da59323f5fa851a0ada801c5abcbbd070c9a5b6cf35aceee55d
WordPress Emag Marketplace Connector plugin version 1.0 suffers from a cross site scripting vulnerability.
5c2ed09784b0611ab8f180cde78430c53f7a6a7b35ad7af2805e86fb40925f3b
WordPress Advanced Post Type Ratings plugin version 1.1 suffers from a cross site scripting vulnerability.
f007dd5ad24b38f1874e624e486c48bf1b5ab7db53fc6fb5ea34e51cbfc86e0f
Ubuntu Security Notice 3486-2 - USN-3486-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM. Volker Lendecke discovered that Samba incorrectly cleared memory when returning data to a client. A remote attacker could possibly use this issue to obtain sensitive information. Various other issues were also addressed.
f8ab6fcd5389ee55153023608bb2f0fda540959c098b863139a4d29f84f470f3