Core Security Technologies Advisory - Some Android devices are affected by a denial of service attack when scanning for WiFi Direct devices. An attacker could send a specially crafted 802.11 Probe Response frame causing the Dalvik subsystem to reboot because of an Unhandle Exception on WiFiMonitor class.
feb52e38d88fae494e9480f07d94fba29e88f585adbd14e6a5b09a5a89af5f6cUbuntu Security Notice 2476-1 - Several memory corruption bugs were discovered in ICU. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. A use-after-free was discovered in the IndexedDB implementation. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.
4b012cc93b432974585bdaa69ccd2b26a0cf1276a7848f5b6ef849f73afc23beRed Hat Security Advisory 2015-0086-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
dead1b3b1fba918b83ecc1af4234404aa37f612523329e03a7a2b4e54d56bf20Red Hat Security Advisory 2015-0085-01 - The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the JAX-WS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
9cfcff776e85830e9ada144d025c8cde0c197d9b737030ca9a57adf44c214b74Ubuntu Security Notice 2483-2 - USN-2483-1 fixed vulnerabilities in JasPer. This update provides the corresponding fix for the JasPer library embedded in the Ghostscript package. Jose Duart discovered that JasPer incorrectly handled ICC color profiles in JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. Jose Duart discovered that JasPer incorrectly decoded certain malformed JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. It was discovered that JasPer incorrectly handled memory when processing JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. Various other issues were also addressed.
10c2496e295e3c4f59441ffb81af52bd839f8c48d65aba920148cc12b86cfa08Ubuntu Security Notice 2483-1 - Jose Duart discovered that JasPer incorrectly handled ICC color profiles in JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. Jose Duart discovered that JasPer incorrectly decoded certain malformed JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. Various other issues were also addressed.
3843fe8b0d0c3cad84bc4055c166664fed4a4627570727654aa451164e51f6cbUbuntu Security Notice 2484-1 - Florian Maury discovered that Unbound incorrectly handled delegation. A remote attacker could possibly use this issue to cause Unbound to consume resources, resulting in a denial of service.
1f1358b068f4b7ce6d921a42c6f56eda2a026fda08a10966cb11f7d0c8c0c9f0The 2015 BSides SF aims at bringing together researchers in the field of reliability, network security, privacy, cryptography and information security, practitioners, developers, and users to foster cooperation, exchange techniques, tools, experiences and ideas. The conference seeks submissions from independent researchers, academia, government, industry presenting novel research on all practical and theoretical aspects of the aforementioned topics. The primary focus is on practical, high quality, discussion of theoretical and practical impact, including concepts, techniques, applications and practical experiences. It will be held April 19th through the 20th, 2015 at OpenDNS headquarters in San Francisco, CA, USA.
a857e01e774626549adff9b7f438f159b890b2c9fdf1b93e3d3e29a760f44f10Apache Qpid's qpidd up to and including version 0.30 has an issue where an attacker can gain access to qpidd as an anonymous user, even if the ANONYMOUS mechanism is disallowed.
06645715d84f1fc35ec6374bda9612d9d7e7cfe32c43f771345163d665548962Apache Qpid's qpidd up to and including version 0.30 has an issue where certain unexpected protocol sequences cause the broker process to crash due to insufficient checking, but that authentication could be used to restrict the exploitation of this vulnerability.
8993e8ca3a940ec6ab2ae983a86c4b9b0e15985ffbd0a9791e196337735cb1e6Photo Gallery version 1.2.5 suffers from a remote shell upload vulnerability.
cccaa6d7d8925aad8a70eeff4842b9b5c3c554891b45ac03b8d34ce6dcd33cffBarracuda Networks Cloud Series products suffer from a malicious script insertion vulnerability.
b1d15ccdb7a81c7eb9860d092e8b040f08ceb595b2f77fa74bd0e6c2533ad304Comodo Backup version 4.4.0.0 suffers from a NULL pointer dereference vulnerability.
f496f6e77d0b41fcd441a5916787820bb16d44af5ecc6ccf2bc7293bd6d55a7eWordPress RedSteel theme suffers from a file disclosure vulnerability. Note that this finding houses site-specific data.
8a8b4ccb9d8e631c26e3dc2dfe473c46f7651237b41364e8ae30f0f5eb5e1d36JClassifiedsManager suffers from cross site scripting and remote SQL injection vulnerabilities.
a2c31b71a54d83ab8d3a5dac2797c3865f2693cb70aa077df35e26201e49b531
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed