Red Hat Security Advisory 2011-1801-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A flaw was found in the way qemu-kvm handled VSC_ATR messages when a guest was configured for a CCID USB smart card reader in passthrough mode. An attacker able to connect to the port on the host being used for such a device could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host.
f08148ae167c0768b601225b0105f767e9cb21cde5993cc3bc42b1cd64876d00Red Hat Security Advisory 2011-1800-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. OpenID4Java allows you to implement OpenID authentication in your Java applications. OpenID4Java is a Technology Preview. This JBoss Enterprise Application Platform 5.1.2 release for Red Hat Enterprise Linux 4 serves as a replacement for JBoss Enterprise Application Platform 5.1.1. These updated packages include bug fixes and enhancements.
f41e0e59862059ec69d282b7aabd6a45c7f8e0c893c2c998ac588c29510865d2Red Hat Security Advisory 2011-1799-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. OpenID4Java allows you to implement OpenID authentication in your Java applications. OpenID4Java is a Technology Preview. This JBoss Enterprise Application Platform 5.1.2 release for Red Hat Enterprise Linux 5 serves as a replacement for JBoss Enterprise Application Platform 5.1.1. These updated packages include bug fixes and enhancements.
75815dbfc47896a7ab8f8d971a9c619785c6b757663a1cb4e4651a5180788493Red Hat Security Advisory 2011-1798-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. OpenID4Java allows you to implement OpenID authentication in your Java applications. OpenID4Java is a Technology Preview. This JBoss Enterprise Application Platform 5.1.2 release for Red Hat Enterprise Linux 6 serves as a replacement for JBoss Enterprise Application Platform 5.1.1. These updated packages include bug fixes and enhancements.
a2a81f8c718a7723612e5ed9c9366747cb68843e8a1c571e228cd26c12fbd2dbRed Hat Security Advisory 2011-1797-01 - Perl is a high-level programming language commonly used for system administration utilities and web programming. It was found that the "new" constructor of the Digest module used its argument as part of the string expression passed to the eval() function. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl program that uses untrusted input as an argument to the constructor. It was found that the Perl CGI module used a hard-coded value for the MIME boundary string in multipart/x-mixed-replace content. A remote attacker could possibly use this flaw to conduct an HTTP response splitting attack via a specially-crafted HTTP request.
4dd2ff62109698b9d1de32696e2c6a19a08749ab01aacf35058867ffd8177aabIt seems that relatively few people realize that holding a JavaScript handle to another window allows the attacker to tamper with the location and history objects at will, largely bypassing the usual SOP controls. With some minimal effort and the help of data: / javascript: URLs or precached pages, this can be leveraged to replace content in a manner that will likely escape even fairly attentive users.
fcf6a2f8bd756f73ae0cea59488d296084adcdadeda5ca6d9e401595b8736f42Joomla QContacts component version 1.0.6 suffers from a remote SQL injection vulnerability.
2569f0bcc18ee13254ee6c1564181305188fbcd5aa06ff1df1df3d84c31e385bSantriaCMS suffers from a remote SQL injection vulnerability.
cda4a7c570884ac6ded284217d84ecc0ba065bf1daddd3f7af5e82709dfb2efcHP Application Lifestyle Management (ALM) Platform version 11 suffers from a local root privilege escalation vulnerability.
ef932a54ded081a7757e2161d0584d1237286a7a50c4b0fad05bed5e152badceUbuntu Security Notice 1294-1 - Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Qianfeng Zhang discovered that the bridge networking interface incorrectly handled certain network packets. A remote attacker could exploit this to crash the system, leading to a denial of service. Various other issues were also addressed.
acab8d51e69e89ac69916bfde79578d48d20a5c740ed8334923ba6a32afe7023Ubuntu Security Notice 1293-1 - A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. Nick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops. A flaw was found in the Journaling Block Device (JBD). A local attacker able to mount ext3 or ext4 file systems could exploit this to crash the system, leading to a denial of service. Various other issues were also addressed.
7fc196aedda92fd82f8306f34f53fdcc76d7e2380188eab9863908f25206edd3Ubuntu Security Notice 1292-1 - A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. Nick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops. A flaw was found in the Journaling Block Device (JBD). A local attacker able to mount ext3 or ext4 file systems could exploit this to crash the system, leading to a denial of service. Various other issues were also addressed.
e56bd530ab01e0d28606cc55207499939d90e747e47252a8abe8e9591ba531f5Ubuntu Security Notice 1291-1 - A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. A flaw was found in the Journaling Block Device (JBD). A local attacker able to mount ext3 or ext4 file systems could exploit this to crash the system, leading to a denial of service. Clement Lecigne discovered a bug in the HFS file system bounds checking. When a malformed HFS file system is mounted a local user could crash the system or gain root privileges. Various other issues were also addressed.
2898c81e08aa59f58b87d94dae03200e92b3371465b43e371d4113f24da945fdThe 3.2 evaluation image of Restorepoint is vulnerable to a remote command execution vulnerability in the remote_support.cgi script prior to license activation.
2ba071b3366e0b276ade67905a48b2cefde4a0fc3b57bab0aa5fac1af8e646c1This is Fyodor's latest update on the CNET Download.com fiasco where they are packaging third party software with their own additions.
d94fdfbf33d2407700b9b12567eb0441217bb70e233ba79e1554d89b8efda071Secunia Security Advisory - Debian has issued an update for mojarra. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
c7cca8538dcd5d23ce13434658ea06f3f3db1bcdaed31c4bbc7ff6f133a47c0eSecunia Security Advisory - A vulnerability has been reported in FreeIPA, which can be exploited by malicious people to conduct cross-site request forgery attacks.
1a52afda06882f7909e55122ed96742fbb04fa869ccc4f388edf608d3eef1b42Secunia Security Advisory - Red Hat has issued an update for php-pear. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
831891d2a7c57d61357c62174dd10408dbb0c23a234ac4e502de119dcd09a01dSecunia Security Advisory - Red Hat has issued an update for nfs-utils. This fixes a security issue, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
28e8115b986ff555bf446aad6afb3c7667da42ccb4ff454f4f6be571203df6a7Secunia Security Advisory - Ubuntu has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges.
7f574ddbdd2afa912efd2f0387a4082e936361da864f4b7b87fc7cdbbfe54898Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes a weakness and two vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and cause a DoS (Denial of Service).
f8fca53de8e30f4679734338d668e761a7ff3ce3d34816a6366fa2d6923b54f9Secunia Security Advisory - A vulnerability has been reported in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system.
4ae98d22b4622a250bdd67b724b669ad298fd6e2aad02e8fc1c669ed4581cd9bSecunia Security Advisory - Debian has issued an update for chasen. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
dee48d0f6beac96d134f34d0b4453c129171ae8dfa7fefc42ee71a35b72f0da1Debian Linux Security Advisory 2361-1 - It was discovered that ChaSen, a Japanese morphological analysis system, contains a buffer overflow, potentially leading to arbitrary code execution in programs using the library.
7bd88d3bec591faa2224cb4e58f7d47583f558d811f90af3b4afa1750e1694c0Zero Day Initiative Advisory 11-345 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trent Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within CmdProcessor.exe service running on TCP port 20101. The vulnerable function is the CGenericScheduler::AddTask function of cmdHandlerRedAlertController.dll. When processing a specially crafted IPC packet, controlled data is copied into a 256-byte stack buffer. This can be exploited to execute remote code under the context of the user
2f0b0bef4c75980c94c4ba1550763495aa8d02b888a699d46ae959adb180fc1b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed