Secunia Security Advisory - Multiple vulnerabilities have been reported in EMC AutoStart, which can be exploited by malicious people to compromise a vulnerable system.
e5d5e2105d5db58922cc659bf72d0bfdSecunia Security Advisory - Debian has issued an update for request-tracker3.8. This fixes multiple vulnerabilities, which can be exploited by malicious users to disclose potentially sensitive information, conduct SQL injection attacks, and bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks, cross-site request forgery attacks, and compromise a vulnerable system.
3e0e8f92e166e441e29a725abef3584eSecunia Security Advisory - Ubuntu has issued an update for openssl. This fixes two vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service) of the application using the library.
2c4090449ec8f31e88f4a180b43e70dfSecunia Security Advisory - A vulnerability has been reported in RSSOwl, which can be exploited by malicious people to conduct script insertion attacks.
0fd13aa8766cc2fd983a2ac1fd35b3bbSecunia Security Advisory - Walied Assar has discovered two vulnerabilities in ResEdit, which can be exploited by malicious people to potentially compromise a user's system.
9895d34787a0c2b86d1d07ad5c4e7a3dSecunia Security Advisory - A vulnerability has been reported in Logitec LAN-W300N/R, LAN-W300N/RS, and LAN-W300N/RU2, which can be exploited by malicious people to bypass certain security restrictions.
59cff8dcddceda3909deca1635ab9b85Ubuntu Security Notice 1454-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service.
669bfff032cd2b42bbdf149e5ef06a1dUbuntu Security Notice 1453-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed.
e3d9015d666d8f4b4efc27aeb34e081aUbuntu Security Notice 1452-1 - A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed.
b2abab8c59bf6aa71b07833130a15467Ubuntu Security Notice 1451-1 - Ivan Nestlerode discovered that the Cryptographic Message Syntax (CMS) and PKCS #7 implementations in OpenSSL returned early if RSA decryption failed. This could allow an attacker to expose sensitive information via a Million Message Attack (MMA). It was discovered that an integer underflow was possible when using TLS 1.1, TLS 1.2, or DTLS with CBC encryption. This could allow a remote attacker to cause a denial of service. Various other issues were also addressed.
b8cc47d8f5416ce1152fba137dfd8f1aSecunia Security Advisory - Astaro has issued an update for IPsec. This fixes a vulnerability with an unknown impact.
07be0c82609287b9fdf2b6bf5520d6fbSecunia Security Advisory - A weakness has been reported in PyCrypto, which can be exploited by malicious people to conduct brute force attacks.
1de7de996fc4de218889855034c150c1Secunia Security Advisory - A vulnerability has been reported in dotCMS, which can be exploited by malicious users to compromise a vulnerable system.
ff29c82b9de64d53f8b7fb4fe3013810Secunia Security Advisory - Tiago Natel de Moura has discovered multiple vulnerabilities in SocialEngine, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting and request forgery attacks.
dfa667da3b23fc383980816fa1e979caSecunia Security Advisory - Multiple vulnerabilities have been reported in the Search API module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
64cd85dfc63076208536e81786bf9a24Secunia Security Advisory - A vulnerability has been reported in Apache Commons Compress, which can be exploited by malicious people to cause a DoS (Denial of Service) in an application using the library.
47846757ee661dbed11a60ed1c997afdSecunia Security Advisory - Apache has acknowledged a vulnerability in Ant, which can be exploited by malicious people to cause a DoS (Denial of Service).
44ff17dda22f0f079c26183df2d44450Secunia Security Advisory - Multiple vulnerabilities have been reported in Google Chrome, where some have unknown impacts and others can be exploited by malicious people to compromise a user's system.
b38f21580908a7f8e1dc9f21b4e1cbcfSecunia Security Advisory - SUSE has issued an update for cobbler. This fixes two vulnerabilities, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct cross-site request forgery attacks.
7b58cfcf9357201c95c515ae89cfba30Debian Linux Security Advisory 2480-1 - Several vulnerabilities were discovered in Request Tracker, an issue tracking system.
91cf3c458efc7119cf62e3311412f636Apache Commons Compress versions 1.0 through 1.4 and Apache Ant versions 1.5 through 1.8.3 suffer from a denial of service vulnerability. The bzip2 compressing streams in Apache Commons Compress and Apache Ant internally use sorting algorithms with unacceptable worst-case performance on very repetitive inputs. A specially crafted input to Compress' BZip2CompressorOutputStream or Ant's <bzip2> task can be used to make the process spend a very long time while using up all available processing time effectively leading to a denial of service.
17555b0ed05795db50cf85fee87064ecEMC AutoStart contains multiple buffer overflow vulnerabilities which can be exploited to potentially cause a denial of service, or possibly, execute arbitrary code within the context of the affected application. Versions 5.3.x and 5.4.x are affected.
fb1561d446cdadd9b434d1682bdede11Mandriva Linux Security Advisory 2012-081 - Security issues were identified and fixed in mozilla firefox. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. Security research firm iDefense reported that researcher wushi of team509 discovered a memory corruption on Windows Vista and Windows 7 systems with hardware acceleration disabled or using incompatible video drivers. Various other issues have also been addressed.
1b834a8034e8e9eb2a5c612ce032d3ceMandriva Linux Security Advisory 2012-080 - It may be possible to make Wireshark hang for long or indefinite periods by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. This advisory provides the latest version of Wireshark which is not vulnerable to these issues.
c74ea7a4613c2f33de2b3617a94f24e7Red Hat Security Advisory 2012-0688-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB12-09, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the specially-crafted SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.3.183.19.
303bfd8a63a2f5011bc9e38379b9414c
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed