FreeBSD Security Advisory - Crypto-NAK packets can be used to cause ntpd(8) to accept time from an unauthenticated ephemeral symmetric peer by bypassing the authentication required to mobilize peer associations. FreeBSD 9.3 and 10.1 are not affected. Various other issues have also been addressed.
97daf08486cc4c8cc8703eb625aea225e01f9a851cedc0e7f504b4776cf765dcDebian Linux Security Advisory 3379-1 - Aleksandar Nikolic of Cisco Talos discovered a buffer overflow vulnerability in the XML parser functionality of miniupnpc, a UPnP IGD client lightweight library. A remote attacker can take advantage of this flaw to cause an application using the miniupnpc library to crash, or potentially to execute arbitrary code with the privileges of the user running the application.
b0c1e115225f56b3ee6713291f81e268dbebd0fe866fb7b322cc0e08081268c8articleFR version 3.0.l7 suffers from an arbitrary file read vulnerability.
f5c21447e511ce77030ac064707ce1de30ed4c18d8ee7ddeeede4dc751d03f3cSecunia Research has discovered a vulnerability in Google Picasa, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow error when processing data related to phase one 0x412 tag and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in versions 3.9.140 Build 239 and 3.9.140 Build 248 running on Windows.
5ae53f5fbef1f5539ef71eddc2a163711178502a8a9d788c3571296844ce496dcryptmount is a utility for creating and managing secure filing systems on GNU/Linux systems. After initial setup, it allows any user to mount or unmount filesystems on demand, solely by providing the decryption password, with any system devices needed to access the filing system being configured automatically. A wide variety of encryption schemes (provided by the kernel dm-crypt system and the libgcrypt library) can be used to protect both the filesystem and the access key. The protected filing systems can reside in either ordinary files or disk partitions. The package also supports encrypted swap partitions, and automatic configuration on system boot-up.
37b509624748d2c8984e02dfdefc9f00882d52f946c8300c95fdfe1b90a2ce26Secunia Research has discovered two vulnerabilities in Oracle Outside In Technology, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise an application using the SDK. An error in the vstga.dll when processing TGA files can be exploited to cause an out-of-bounds write memory access. An error in the libxwd2.dll when processing XWD files can be exploited to cause a stack-based buffer overflow. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. Oracle Outside In versions 8.5.0, 8.5.1, and 8.5.2 are affected.
4ed653941f8a16749d3b9b610f5f0203e8ff2d471eb0c5b330fb01af85a0c3bdMicrosoft Windows 10 suffers from a pcap 10 local privilege escalation vulnerability.
2a6f71e6ea24ffa95d665c29a163c5427a3aee51bf40142dd284a6ecbe29183fThe Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
d269a6ef683c236184561ea64a15b276bdde64139cf010d6c4e1bfdccabb09ccMacOS X 10.11 suffers from a hardlink bomb issue that causes resource exhaustion.
4058ea8977e433e0872ba59dabcc96a98e1a41577ee9392d7c6db485784a1396Debian Linux Security Advisory 3377-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.46.
93b4e88e2e5ba255c60ff8227ed4819a2b6589e68c8c35afc46963f046e75276C4CON 2015 has announced its call for papers. It will take place in Chile.
346fa3484e36a672e30417e6568c47cea1ce7a8e0bf413e95a1cfcc65cdf2112The MacOS X 10.11 FTS library suffers from a buffer overflow vulnerability.
6e8afd8414e594a1c22b90fded2505f57393097d961dbd2f8a8dcd3ab5996ea9Clipbucket version 2.8 suffers from a remote blind SQL injection vulnerability.
0879e22ea741f95b1974da688f9ec493df631683872484513b7c5a4f3f884f8cVirgin Mobile suffered from a cross site scripting vulnerability.
c5ae7da77839cb9f55f99e5d57ca2c178ea7e41013c27624b2797528dc9698bfWinamp Bento Browser remote code execution exploit.
10340d4929422ca8dcaf401b8098025130e2999b595b8d166b2e549c77c4ef71
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed