Mandriva Linux Security Advisory 2014-168 - An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker. The libvncserver library is built with a bundled copy of minilzo, which is a part of liblzo containing the vulnerable code. The x11vnc packages is now build against the system libvncserver library to avoid security issues in the bundled copy. The icecream packages is built with a bundled copy of minilzo, which is a part of liblzo containing the vulnerable code.
250c81914e24825853b855493501760094ef441b094b49344065f2078e67daa7Mandriva Linux Security Advisory 2014-167 - A flaw was found in the way file uses cdf_read_property_info function when checks stream offsets for certain Composite Document Format. An insufficient input validation flaw for p and q minimal and maximal value, leads to a pointer overflow. This issue only affects 32bit systems.
f8d7e43872aa510920846f8b14c0035f5df720810cc8b007b765fc3a7cbe43faMandriva Linux Security Advisory 2014-166 - Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.
12079b09a2f77f4dd2d0d59a4ecbb786e81a328e62175d579ca8fa9038067cf5Mandriva Linux Security Advisory 2014-165 - MIT Kerberos 5 allows attackers to cause a denial of service via a buffer over-read or NULL pointer dereference, by injecting invalid tokens into a GSSAPI application session. MIT Kerberos 5 allows attackers to cause a denial of service via a double-free flaw or NULL pointer dereference, while processing invalid SPNEGO tokens. In MIT Kerberos 5, when kadmind is configured to use LDAP for the KDC database, an authenticated remote attacker can cause it to perform an out-of-bounds write.
1e9f84d92cfa944b8c243cde11eefeb215c7381ed94e3f32f26202deebb50962Mandriva Linux Security Advisory 2014-163 - The Python Imaging Library is vulnerable to a denial of service attack in the IcnsImagePlugin.
afb710df14fbec67d1be0b96fe1ae2ec0268ada2547f05c4920452d191433231Mandriva Linux Security Advisory 2014-164 - In phpMyAdmin before 4.1.14.3, multiple XSS vulnerabilities exist in browse table, ENUM editor, monitor, query charts and table relations pages. In phpMyAdmin before 4.1.14.3, with a crafted view name it is possible to trigger an XSS when dropping the view in view operation page.
9bdc629351863588a9db6815ce09ad1539beadcff17de2e871f58b3c7758f7ecMandriva Linux Security Advisory 2014-162 - Untrusted search path vulnerability in Catfish allows local users to gain privileges via a Trojan horse catfish.py in the current working directory.
b0c314e22c41ff39beee0ffc571c39b44eeff2914e97fe3ab3a560cfb144c1f7Mandriva Linux Security Advisory 2014-161 - Bert Huijben discovered that Subversion did not properly handle cached credentials. A malicious server could possibly use this issue to obtain credentials cached for a different server.
132b3487657859c7a1528569ea114ef3171a3930187f1688038ba92c8cf36fe0Mandriva Linux Security Advisory 2014-160 - A heap-based buffer overflow in gpgme before 1.5.1 could allow a specially crafted certificate to cause crashes or potentially cause arbitrary code execution.
3a2632bb92e57a77a1c220ac77855a0de178391c091931127952d4759be91148Debian Linux Security Advisory 3015-1 - A heap-based overflow vulnerability was found in the way Lua, a simple, extensible, embeddable programming language, handles varargs functions with many fixed parameters called with few arguments, leading to application crashes or, potentially, arbitrary code execution.
08d936ff79542fbe391fe2ed9161089263714f74f69a38383de657f660aeebf2Debian Linux Security Advisory 3016-1 - A heap-based overflow vulnerability was found in the way Lua, a simple, extensible, embeddable programming language, handles varargs functions with many fixed parameters called with few arguments, leading to application crashes or, potentially, arbitrary code execution.
b7cb2a0b0cf0c1c23b6934bdb7db254c50a5071d9ac48f83383b5b00a704724cApple iOS version 7.1.2 suffered from a merge apps service local bypass vulnerability.
bde56b5339d282ecce81034f7886104e9c86ea3b318f49048406a4c281fd013aJQuery version 1.4.2 suffers from a create object option in runtime client-side cross site scripting vulnerability.
17ead7ca89da6c91771cbedd876a663573f5710a9c57d5cbdc92e3677c5d84feGentoo Linux Security Advisory 201408-18 - Multiple vulnerabilities have been found in NRPE, the worst of which can allow execution of arbitrary code. Versions less than 2.15 are affected.
8feca3ff4326a9ccd5256ab771b701482e417dac6ed79c6214bd0541bdfa1b2eGentoo Linux Security Advisory 201409-2 - Multiple vulnerabilities have been found in Net-SNMP which could allow remote attackers to cause Denial of Service. Versions less than 5.7.3_pre3 are affected.
08005ad35e18864fc49dc7b6919608e14ad35acf3207c18c8ffbaed33c442753Gentoo Linux Security Advisory 201408-17 - Multiple vulnerabilities have been found in QEMU, worst of which allows local attackers to execute arbitrary code. Versions less than 2.0.0-r1 are affected.
9d6ef3512527b948060fb59c7854bf14c239e1401b4d23ee32f8ef1c70a86be4Gentoo Linux Security Advisory 201409-1 - Multiple vulnerabilities have been found in Wireshark which could allow remote attackers to cause Denial of Service. Versions less than 1.10.9 are affected.
5807eebc0a5e06aa104ea296cd91654bd6977fcb7878d0a434584e3bd3da8d17Debian Linux Security Advisory 2987-2 - The previous security update for OpenJDK 7, DSA-2987-1, introduced a regression due to an overly strict bytecode verifier. As a result, legitimate bytecode which is produced by some non-Java languages would no longer run.
c71d680eb23fcd049e23197483d5df7a15cf39f7cb9e47aff2165daccfd850f2Gentoo Linux Security Advisory 201408-16 - Multiple vulnerabilities have been found in Chromium, the worst of which can allow remote attackers to execute arbitrary code. Versions less than 37.0.2062.94 are affected.
f982e5d93f95183c0a72615e79486d596bdaa8fc191f532f95a4c5751a9c6d6dGentoo Linux Security Advisory 201408-19 - Multiple vulnerabilities have been found in OpenOffice and LibreOffice, the worst of which may result in execution of arbitrary code.
25cba7cb86e5c00a8edba21108a03562ceee1d3bf37cd0e99baa6eabd8e19dc3Gentoo Linux Security Advisory 201408-15 - Multiple vulnerabilities have been found in PostgreSQL, the worst of which may allow remote Denial of Service. Versions prior to 9.3.3 are affected.
bafcfd9d037a64e13d657004fbba9cbe2af1f8cbbe7b4185af4a965e78b19db5
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed