Säkerhet

Ubuntu Security Notice USN-2956-1

Packet storm - lör, 2016-04-30 05:39
Ubuntu Security Notice 2956-1 - Zygmunt Krynicki discovered that ubuntu-core-launcher did not properly sanitize its input and contained a logic error when determining the mountpoint of bind mounts when using snaps on Ubuntu classic systems (eg, traditional desktop and server). If a user were tricked into installing a malicious snap with a crafted snap name, an attacker could perform a delayed attack to steal data or execute code within the security context of another snap. This issue did not affect Ubuntu Core systems.
Kategorier: Säkerhet

Debian Security Advisory 3561-1

Packet storm - fre, 2016-04-29 16:27
Debian Linux Security Advisory 3561-1 - Several vulnerabilities were discovered in Subversion, a version control system.
Kategorier: Säkerhet

GLPI 0.90.2 SQL Injection

Packet storm - fre, 2016-04-29 16:26
GLPI version 0.90.2 suffers from a remote SQL injection vulnerability.
Kategorier: Säkerhet

Mozilla Firefox / Thunderbird DLL Hijacking

Packet storm - fre, 2016-04-29 16:21
Mozilla continues to ship Firefox and Thunderbird for Windows with a vulnerable executable installer.
Kategorier: Säkerhet

Fedora 22 ansible1.9-1.9.6-1.fc22

Linux Security - fre, 2016-04-29 10:19
Kategorier: Säkerhet

Fedora 22 gsi-openssh-6.9p1-8.fc22

Linux Security - fre, 2016-04-29 10:19
Kategorier: Säkerhet

Fedora 22 webkitgtk4-2.12.1-1.fc22

Linux Security - fre, 2016-04-29 10:19
Kategorier: Säkerhet

Ubuntu: 2954-1: MySQL vulnerabilities

Linux Security - fre, 2016-04-29 10:19
Kategorier: Säkerhet

Fedora 23 parallel-20160222-1.fc23

Linux Security - fre, 2016-04-29 10:19
Kategorier: Säkerhet

WordPress Truemag Theme Cross Site Scripting

Packet storm - fre, 2016-04-29 04:22
WordPress Truemag theme from 2016 Q2 suffers from a cross site scripting vulnerability.
Kategorier: Säkerhet

Windows Primitive Keylogger Null Free Shellcode

Packet storm - fre, 2016-04-29 03:01
431 bytes small NULL free shellcode for windows that is a primitive keylogger that writes to a file.
Kategorier: Säkerhet

HP Security Bulletin HPSBUX03583 SSRT110084 1

Packet storm - fre, 2016-04-29 01:23
HP Security Bulletin HPSBUX03583 SSRT110084 1 - Potential security vulnerabilities have been identified in the HP-UX BIND service running named. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
Kategorier: Säkerhet

PHP 7.x Heap Overflow

Packet storm - tors, 2016-04-28 17:49
An integer wrap may occur in PHP 7.x before version 7.0.6 when reading zip files with the getFromIndex() and getFromName() methods of ZipArchive, resulting in a heap overflow. Full exploit included.
Kategorier: Säkerhet

Red Hat Security Advisory 2016-0699-01

Packet storm - tors, 2016-04-28 17:46
Red Hat Security Advisory 2016-0699-01 - In accordance with the Red Hat Enterprise Developer Toolset Life Cycle policy, the Red Hat Developer Toolset Version 3.x offering will be retired as of October 31, 2016, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Developer Toolset Version 3.x after October 31, 2016.
Kategorier: Säkerhet

Debian Security Advisory 3560-1

Packet storm - tors, 2016-04-28 17:45
Debian Linux Security Advisory 3560-1 - Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.
Kategorier: Säkerhet

Apache Cordova iOS 3.9.1 Access Bypass

Packet storm - tors, 2016-04-28 17:43
Apache Cordova iOS versions 3.9.1 and below suffer from an access bypass vulnerability.
Kategorier: Säkerhet

Apache Cordova iOS 3.9.1 Arbitrary Plugin Execution

Packet storm - tors, 2016-04-28 17:40
Apache Cordova iOS versions 3.9.1 and below allow for arbitrary plugin execution.
Kategorier: Säkerhet

Packet Fence 6.0.0

Packet storm - tors, 2016-04-28 15:02
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
Kategorier: Säkerhet