Local root exploit for Fedora 18 x86_64 using nl_table to leverage the sock_diag_handlers[] vulnerability.
1ab629c5ad74a701d6a87ea1e2c30d5f307d18d3171c1f44adb7736878b5c4ba
Mandriva Linux Security Advisory 2013-024 - VUPEN Security, via TippingPoint's Zero Day Initiative, reported a use-after-free within the HTML editor when content script is run by the document.execCommand() function while internal editor operations are occurring. This could allow for arbitrary code execution. The mozilla firefox packages has been upgraded to the latest ESR version which is unaffected by this security flaw.
e61b7c3cf6e2442b66fc8fa3431802d4c6cc8341aead4e8f91ed11c2d82ae1f3
Mandriva Linux Security Advisory 2013-023 - Long line inputs could trigger a segfault in the sort, uniq and join utilities. The updated packages have been patched to correct these issues.
6f6b35d2bbd2840b2a3e41f95241250d6c792d13e18b3380d9ab2879d0fc34bd
Mandriva Linux Security Advisory 2013-022 - The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory. The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service by periodically making many new TCP connections. The updated packages have been patched to correct these issues.
bee473f9707063a23fbf49f1f2986f75bfe44988e5231b688428c1c9f062130b
Drupal Node Parameter Control third party module version 6.x suffers from an access bypass vulnerability.
a6fd0bf0a802d4d8be9ff88a955fa9cf9891236d1a13246be5bce6509c8a5f82
Red Hat Security Advisory 2013-0636-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest.
b9a7ef0ff18dd828c5d57c86d14d909fe246d0a7a1f774fcff12bfc8e24254c1
Red Hat Security Advisory 2013-0643-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-09, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.275.
81799c278148d560668a700315f0181cd4e6219f77615fb315bc0f17a14a6892
Proof of concept code that demonstrates a stack-based buffer overflow in the Linux kernel SCTP_GET_ASSOC_STATS() function.
588169341383534eb48214aef23de1ecd3b8f43f820fc7090163879acbcb9dc3
Technical Cyber Security Alert 2013-71A - Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities.
57a1a50ee9fe3afe65a25ff9a43f11074350efbbfde73afe59aa1e4ec0f27ceb
Ruby Gem Curl suffers from a remote command execution vulnerability due to a lack of user input sanitization.
c96fc864359b4f3b2f30998551d780075c8307fbf1c24791422f696b650146ef
Ruby Gem MiniMagic suffers from a remote command execution vulnerability due to a lack of user input sanitization.
f3b4827a94b047303ccc02b88c3f74c2860bb4df87e899281dfb759760495123
Ruby Gem Fastreader version 1.0.8 suffers from a remote command execution vulnerability due to a lack of user input sanitization.
1fab775f0aafbbbde6c3e31e5072977d382d54542fa209d3fc109a74349d293a
Ubuntu Security Notice 1758-2 - USN-1758-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Thunderbird. It was discovered that Firefox contained a memory safety issue. If a user were tricked into opening a specially crafted page with the HTML editor, a remote attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.
f4c52da91a0567cbf0ae3291c95b9297f94bf425fa956d9fa86f756330cb5173
Debian Linux Security Advisory 2643-1 - Multiple vulnerabilities were discovered in Puppet, a centralized configuration management system.
626b2c43b3fc60e5818364c42a1dce9ed4a162377a90fdd4f2f3cc47cac16b60
Ubuntu Security Notice 1760-1 - A failure to validate input was discovered in the Linux kernel's Xen netback (network backend) driver. A user in a guest OS may exploit this flaw to cause a denial of service to the guest OS and other guest domains. A memory leak was discovered in the Linux kernel's Xen netback (network backend) driver. A user in a guest OS could trigger this flaw to cause a denial of service on the system. Various other issues were also addressed.
c3317eecf58e61478a36793dcf24f32a044bee7a9120041fb1d605b234c9c673
Ubuntu Security Notice 1759-1 - It was discovered that Puppet agents incorrectly handled certain kick connections in a non-default configuration. An attacker on an authenticated client could use this issue to possibly execute arbitrary code. It was discovered that Puppet incorrectly handled certain catalog requests. An attacker on an authenticated client could use this issue to possibly execute arbitrary code on the master. Various other issues were also addressed.
cccb65197566007976c698911967efc5871071adafb220b210b3946a8aba7461